summaryrefslogtreecommitdiff
path: root/hosts
diff options
context:
space:
mode:
Diffstat (limited to 'hosts')
-rw-r--r--hosts/vidhar/default.nix23
-rw-r--r--hosts/vidhar/ruleset.nft16
-rw-r--r--hosts/vidhar/zfs.nix18
3 files changed, 52 insertions, 5 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index 327c51b3..d71674f8 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -336,5 +336,28 @@
336 }; 336 };
337 }; 337 };
338 }; 338 };
339
340 services.samba = {
341 enable = true;
342 securityType = "user";
343 extraConfig = ''
344 workgroup = WORKGROUP
345 '';
346 shares = {
347 homes = {
348 path = "/home/%S";
349 browseable = "no";
350 "valid users" = "%S";
351 "read only" = "no";
352 "create mask" = "0700";
353 "directory mask" = "0700";
354 "browseable" = "no";
355 };
356 };
357 };
358 services.samba-wssd = {
359 enable = true;
360 workgroup = "WORKGROUP";
361 };
339 }; 362 };
340} 363}
diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft
index 9135327f..53ae3c92 100644
--- a/hosts/vidhar/ruleset.nft
+++ b/hosts/vidhar/ruleset.nft
@@ -42,6 +42,13 @@ table inet filter {
42 } 42 }
43 43
44 44
45 chain forward_icmp_accept {
46 oifname dsl limit name lim_icmp_dsl counter drop
47 iifname dsl limit name lim_icmp_dsl counter drop
48 oifname != dsl limit name lim_icmp_local counter drop
49 iifname != dsl limit name lim_icmp_local counter drop
50 counter accept
51 }
45 chain forward { 52 chain forward {
46 type filter hook forward priority filter 53 type filter hook forward priority filter
47 policy drop 54 policy drop
@@ -52,11 +59,7 @@ table inet filter {
52 59
53 iifname lo counter accept 60 iifname lo counter accept
54 61
55 oifname dsl meta l4proto $icmp_protos limit name lim_icmp_dsl counter drop 62 oifname {eno1, dsl} meta l4proto $icmp_protos forward_icmp_accept
56 iifname dsl meta l4proto $icmp_protos limit name lim_icmp_dsl counter drop
57 oifname != dsl meta l4proto $icmp_protos limit name lim_icmp_local counter drop
58 iifname != dsl meta l4proto $icmp_protos limit name lim_icmp_local counter drop
59 meta l4proto $icmp_protos counter accept
60 63
61 iifname eno1 oifname dsl counter accept 64 iifname eno1 oifname dsl counter accept
62 iifname dsl oifname eno1 ct state {established, related} counter accept 65 iifname dsl oifname eno1 ct state {established, related} counter accept
@@ -104,6 +107,9 @@ table inet filter {
104 107
105 iifname {eno1, mgmt} udp dport 67 counter accept 108 iifname {eno1, mgmt} udp dport 67 counter accept
106 109
110 iifname eno1 udp dport { 137, 138, 3702 } counter accept
111 iifname eno1 tcp dport { 445, 139, 5357 } counter accept
112
107 ct state {established, related} counter accept 113 ct state {established, related} counter accept
108 114
109 115
diff --git a/hosts/vidhar/zfs.nix b/hosts/vidhar/zfs.nix
index 162377f0..5e1f225b 100644
--- a/hosts/vidhar/zfs.nix
+++ b/hosts/vidhar/zfs.nix
@@ -76,6 +76,24 @@ in {
76 { device = "ssd-raid1/local/var-log"; 76 { device = "ssd-raid1/local/var-log";
77 fsType = "zfs"; 77 fsType = "zfs";
78 }; 78 };
79
80 "/home" =
81 { device = "hdd-raid6/safe/home";
82 fsType = "zfs";
83 options = [ "zfsutil" ];
84 }
85
86 "/home/gkleen" =
87 { device = "hdd-raid6/safe/home/gkleen";
88 fsType = "zfs";
89 options = [ "zfsutil" ];
90 }
91
92 "/home/mherold" =
93 { device = "hdd-raid6/safe/home/mherold";
94 fsType = "zfs";
95 options = [ "zfsutil" ];
96 }
79 }; 97 };
80 98
81 systemd.services = 99 systemd.services =