From 747ba4653e24ad5c33a114b412871c86db9dd693 Mon Sep 17 00:00:00 2001
From: Kjetil Orbekk <kj@orbekk.com>
Date: Tue, 26 Dec 2023 18:36:08 -0500
Subject: samba

---
 machines/dragon.nix | 3 ++-
 modules/router.nix  | 5 ++---
 modules/users.nix   | 3 +++
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/machines/dragon.nix b/machines/dragon.nix
index 13ecbbf..60c1f8b 100644
--- a/machines/dragon.nix
+++ b/machines/dragon.nix
@@ -41,6 +41,7 @@ in {
 
     services.samba = {
       enable = true;
+      securityType = "user";
       extraConfig = ''
         workgroup = WORKGROUP
         server string = dragon
@@ -58,7 +59,7 @@ in {
           "create mask" = "0666";
           "directory mask" = "0777";
           "force user" = "annie";
-          "force group" = "users";
+          "force group" = "readonly";
         };
         public = {
           path = "/storage/upload";
diff --git a/modules/router.nix b/modules/router.nix
index ee95cf1..ace0b57 100644
--- a/modules/router.nix
+++ b/modules/router.nix
@@ -201,10 +201,9 @@ let
           ${toString mullvadPort}
         }
         define SERVER_LAN_PORTS = {
-          tftp, 139, 445, 137, 138,
+          tftp,
           1080, # socks
-          wsdapi, # samba
-          ws-discovery, # discovery
+          139, 445, 137, 138, wsdapi, ws-discovery, # samba
         }
         table inet filter {
           chain input {
diff --git a/modules/users.nix b/modules/users.nix
index 0b38c0a..58ad230 100644
--- a/modules/users.nix
+++ b/modules/users.nix
@@ -37,6 +37,9 @@ in {
         home = "/storage/annie";
         uid = 1001;
         description = "Annie Poon";
+        extraGroups = [
+          "readonly"
+        ];
       };
       guest = {
         isNormalUser = true;
-- 
cgit v1.2.3