feat(samba): internal samba

2025-01-02 10:45:51 +01:00 · 2025-01-02 10:45:51 +01:00 · 84511befad
commit 84511befad
parent cdddcec211
2 changed files with 93 additions and 34 deletions
--- a/machines/kat-manah/configuration.nix
+++ b/machines/kat-manah/configuration.nix
@ -44,10 +44,41 @@
  systemd.network = {
    enable = true;
    networks = {
      "10-enp1s0" = {
        name = "enp1s0";
        DHCP = "ipv4";
        networkConfig = {
          IPv6AcceptRA = "yes";
          IPv4ProxyARP = "yes";
        };
      };
      "50-wg0" = {
        name = "wg0";
        address = [ "10.42.0.1/16" ];
      };
      "50-virbr0" = {
        name = "virbr0";
        address = [
          "192.168.122.1/24"
          "fe80::1/64"
        ];
        routes = [
          {
            Destination = "192.168.1.201/32";
            Gateway = "192.168.122.6";
          }
        ];
        networkConfig.DHCPServer = "yes";
        linkConfig.ActivationPolicy = "always-up";
      };
      "50-vnet4" = {
        name = "vnet4";
        networkConfig.Bridge = "virbr0";
      };
      "50-vnet7" = {
        name = "vnet7";
        networkConfig.Bridge = "virbr0";
      };
    };
    netdevs = {
      "50-wg0" = {
@ -70,6 +101,12 @@
          }
        ];
      };
      "50-virbr0" = {
        netdevConfig = {
          Name = "virbr0";
          Kind = "bridge";
        };
      };
    };
  };
@ -97,7 +134,17 @@
    };
  };
-  networking.firewall = {
+  networking = {
    nftables.tables.nat = {
      family = "ip";
      content = ''
        chain postrouting {
          type nat hook postrouting priority 100;
          ip saddr 192.168.122.0/24 ip daddr != 192.168.122.0/24 masquerade
        };
      '';
    };
    firewall = {
      allowedTCPPorts = [
        9000
        9500
@ -105,5 +152,6 @@
      ];
      allowedUDPPorts = [ 67 ];
    };
  };
  system.stateVersion = "23.11";
 }
--- a/machines/kat-orchid/configuration.nix
+++ b/machines/kat-orchid/configuration.nix
@ -43,38 +43,33 @@
    };
  };
-  systemd.network.enable = lib.mkForce false;
+  systemd.network.networks = {
-  networking = {
+    "10-enp1s0" = {
-    useNetworkd = lib.mkForce false;
+      name = "enp1s0";
-    firewall.allowedTCPPorts = [
+      address = [
        "192.168.1.201/32"
        "192.168.122.6/24"
        "fe80::6/64"
      ];
      routes = [
        { Gateway = "192.168.122.1"; }
        {
          Gateway = "192.168.122.1";
          Destination = "192.168.1.0/24";
          Source = "192.122.1.2O1";
        }
        { Gateway = "fe80::1"; }
      ];
      dns = [
        "8.8.8.8"
        "1.1.1.1"
      ];
    };
  };
  networking.firewall.allowedTCPPorts = [
    80
    443
  ];
    interfaces."enp1s0" = {
      useDHCP = false;
      ipv4.addresses = [
        {
          address = "192.168.122.6";
          prefixLength = 24;
        }
      ];
      ipv6.addresses = [
        {
          address = "fe80::6";
          prefixLength = 64;
        }
      ];
    };
    defaultGateway = "192.168.122.1";
    defaultGateway6 = {
      address = "fe80::1";
      interface = "enp1s0";
    };
    nameservers = [
      "192.168.122.1"
      "fe80::1%enp1s0"
    ];
  };
  nixpkgs.config.allowUnfree = true;
@ -121,6 +116,17 @@
        };
      };
    };
    samba = {
      enable = true;
      openFirewall = true;
      settings.orchid = {
        browseable = "yes";
        writable = "yes";
        path = "/home/orchid/content";
        "create mask" = "0644";
        "directory mask" = "0755";
      };
    };
  };
  containers.wordpress =
    let
@ -137,7 +143,12 @@
      localAddress = "192.168.123.2";
      autoStart = true;
      specialArgs = {
-        inherit kat-path ssh-keys sources self-meta;
+        inherit
          kat-path
          ssh-keys
          sources
          self-meta
          ;
      };
      config = {
        imports = [ kat-path ];