feat(samba): internal samba

2025-01-02 10:45:51 +01:00 · 2025-01-02 10:45:51 +01:00 · 84511befad
commit 84511befad
parent cdddcec211
2 changed files with 93 additions and 34 deletions
--- a/machines/kat-manah/configuration.nix
+++ b/machines/kat-manah/configuration.nix
@ -44,10 +44,41 @@
  systemd.network = {
    enable = true;
    networks = {
+      "10-enp1s0" = {
+        name = "enp1s0";
+        DHCP = "ipv4";
+        networkConfig = {
+          IPv6AcceptRA = "yes";
+          IPv4ProxyARP = "yes";
+        };
+      };
      "50-wg0" = {
        name = "wg0";
        address = [ "10.42.0.1/16" ];
      };
+      "50-virbr0" = {
+        name = "virbr0";
+        address = [
+          "192.168.122.1/24"
+          "fe80::1/64"
+        ];
+        routes = [
+          {
+            Destination = "192.168.1.201/32";
+            Gateway = "192.168.122.6";
+          }
+        ];
+        networkConfig.DHCPServer = "yes";
+        linkConfig.ActivationPolicy = "always-up";
+      };
+      "50-vnet4" = {
+        name = "vnet4";
+        networkConfig.Bridge = "virbr0";
+      };
+      "50-vnet7" = {
+        name = "vnet7";
+        networkConfig.Bridge = "virbr0";
+      };
    };
    netdevs = {
      "50-wg0" = {
@ -70,6 +101,12 @@
          }
        ];
      };
+      "50-virbr0" = {
+        netdevConfig = {
+          Name = "virbr0";
+          Kind = "bridge";
+        };
+      };
    };
  };

@ -97,13 +134,24 @@
    };
  };

-  networking.firewall = {
-    allowedTCPPorts = [
-      9000
-      9500
-      53
-    ];
-    allowedUDPPorts = [ 67 ];
+  networking = {
+    nftables.tables.nat = {
+      family = "ip";
+      content = ''
+        chain postrouting {
+          type nat hook postrouting priority 100;
+          ip saddr 192.168.122.0/24 ip daddr != 192.168.122.0/24 masquerade
+        };
+      '';
+    };
+    firewall = {
+      allowedTCPPorts = [
+        9000
+        9500
+        53
+      ];
+      allowedUDPPorts = [ 67 ];
+    };
  };
  system.stateVersion = "23.11";
 }
--- a/machines/kat-orchid/configuration.nix
+++ b/machines/kat-orchid/configuration.nix
@ -43,38 +43,33 @@
    };
  };

-  systemd.network.enable = lib.mkForce false;
-  networking = {
-    useNetworkd = lib.mkForce false;
-    firewall.allowedTCPPorts = [
-      80
-      443
-    ];
-    interfaces."enp1s0" = {
-      useDHCP = false;
-      ipv4.addresses = [
-        {
-          address = "192.168.122.6";
-          prefixLength = 24;
-        }
+  systemd.network.networks = {
+    "10-enp1s0" = {
+      name = "enp1s0";
+      address = [
+        "192.168.1.201/32"
+        "192.168.122.6/24"
+        "fe80::6/64"
      ];
-      ipv6.addresses = [
+      routes = [
+        { Gateway = "192.168.122.1"; }
        {
-          address = "fe80::6";
-          prefixLength = 64;
+          Gateway = "192.168.122.1";
+          Destination = "192.168.1.0/24";
+          Source = "192.122.1.2O1";
        }
+        { Gateway = "fe80::1"; }
+      ];
+      dns = [
+        "8.8.8.8"
+        "1.1.1.1"
      ];
    };
-    defaultGateway = "192.168.122.1";
-    defaultGateway6 = {
-      address = "fe80::1";
-      interface = "enp1s0";
-    };
-    nameservers = [
-      "192.168.122.1"
-      "fe80::1%enp1s0"
-    ];
  };
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];

  nixpkgs.config.allowUnfree = true;

@ -121,6 +116,17 @@
        };
      };
    };
+    samba = {
+      enable = true;
+      openFirewall = true;
+      settings.orchid = {
+        browseable = "yes";
+        writable = "yes";
+        path = "/home/orchid/content";
+        "create mask" = "0644";
+        "directory mask" = "0755";
+      };
+    };
  };
  containers.wordpress =
    let
@ -137,7 +143,12 @@
      localAddress = "192.168.123.2";
      autoStart = true;
      specialArgs = {
-        inherit kat-path ssh-keys sources self-meta;
+        inherit
+          kat-path
+          ssh-keys
+          sources
+          self-meta
+          ;
      };
      config = {
        imports = [ kat-path ];