diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix index 5f1d6e121..87029a693 100644 --- a/makefu/1systems/darth.nix +++ b/makefu/1systems/darth.nix @@ -16,16 +16,32 @@ in { ../2configs/smart-monitor.nix ../2configs/exim-retiolum.nix ../2configs/virtualization.nix + + ../2configs/temp-share-samba.nix ]; + services.samba.shares = { + isos = { + path = "/data/isos/"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; services.tinc.networks.siem = { name = "sdarth"; extraConfig = "ConnectTo = sjump"; }; + + makefu.forward-journal = { + enable = true; + src = "10.8.10.2"; + dst = "10.8.10.6"; + }; + #networking.firewall.enable = false; krebs.retiolum.enable = true; boot.kernelModules = [ "coretemp" "f71882fg" ]; - hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; networking = { @@ -33,6 +49,7 @@ in { firewall = { allowPing = true; logRefusedConnections = false; + trustedInterfaces = [ "eno1" ]; allowedUDPPorts = [ 80 655 1655 67 ]; allowedTCPPorts = [ 80 655 1655 ]; }; diff --git a/makefu/2configs/temp-share-samba.nix b/makefu/2configs/temp-share-samba.nix index 5f21e3bf7..0907c2dbf 100644 --- a/makefu/2configs/temp-share-samba.nix +++ b/makefu/2configs/temp-share-samba.nix @@ -1,9 +1,12 @@ {config, ... }:{ + networking.firewall.allowedUDPPorts = [ 137 138 ]; + networking.firewall.allowedTCPPorts = [ 139 445 ]; users.users.smbguest = { name = "smbguest"; uid = config.ids.uids.smbguest; description = "smb guest user"; - home = "/var/empty"; + home = "/home/share"; + createHome = true; }; services.samba = { enable = true; diff --git a/makefu/3modules/forward-journal.nix b/makefu/3modules/forward-journal.nix new file mode 100644 index 000000000..26de3ffdd --- /dev/null +++ b/makefu/3modules/forward-journal.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; +let + cfg = config.makefu.forward-journal; + + out = { + options.makefu.forward-journal = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "forward journal via syslog"; + src = mkOption { + type = types.str; + description = "syslog host identifier"; + default = config.networking.hostName; + }; + dst = mkOption { + type = types.str; + description = "syslog host identifier"; + default = ""; + }; + proto = mkOption { + type = types.str; + default = "udp"; + }; + port = mkOption { + type = types.int; + description = "destination port"; + default = 514; + }; + + }; + + imp = { + services.syslog-ng = { + enable = true; + extraConfig = '' + template t_remote { template("<$PRI>$DATE ${cfg.src} $PROGRAM[$PID]: $MSG\n"); }; + source s_all { system(); internal(); }; + destination d_loghost { udp("${cfg.dst}" port(${toString cfg.port}) template(t_remote)); }; + log { source(s_all); destination(d_loghost); }; + ''; + }; + }; + +in +out +