about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--nix/hosts/lampadas/configuration.nix90
1 files changed, 68 insertions, 22 deletions
diff --git a/nix/hosts/lampadas/configuration.nix b/nix/hosts/lampadas/configuration.nix
index ab35751..cc829d8 100644
--- a/nix/hosts/lampadas/configuration.nix
+++ b/nix/hosts/lampadas/configuration.nix
@@ -60,11 +60,11 @@ in
     firewall.enable = true;
 
     firewall.allowedTCPPorts = [
-      # 5201 # iperf
+      5201 # iperf
       8080 # filebrowser web
     ];
     firewall.allowedUDPPorts = [
-      # 5201
+      5201 # iperf
     ];
 
     nameservers = [
@@ -130,7 +130,8 @@ in
     emile = {
       filebrowser = {
         enable = true;
-        address = "192.168.1.196";
+        # address = "192.168.1.196";
+        address = "100.87.209.97";
         port = 8080;
         root = "/data";
       };
@@ -176,12 +177,46 @@ in
       openFirewall = true;
       settings = {
         global = {
-          "security" = "user";
-          "passwd program" = "/run/wrappers/bin/passwd %u";
-          "invalid users" = ["root"];
 
-          "workgroup" = "WORKGROUP";
+          ## Browsing/Identification ###
+          "workgroup" = "Pacific";
           "server string" = "lampadas";
+          "disable netbios" = "yes";
+
+          #### Debugging/Accounting ####
+          "log level" = "0";
+          "max log size" = "1000";
+          "logging" = "file";
+          "log file" = "/dev/null";
+
+          ####### Authentication #######
+          "server role" = "standalone server";
+          "obey pam restrictions" = "yes";
+          "unix password sync" = "yes";
+          "passwd program" = "/usr/bin/env passwd %u";
+          "passwd chat" = "*Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .";
+          "pam password change" = "yes";
+          "map to guest" = "bad user";
+
+          "ea support" = "yes";
+          "client ipc signing" = "disabled";
+          "aio max threads" = "200";
+          "aio read size" = "1";
+          "aio write size" = "1";
+
+          # optimization adapted from https://docs.openmediavault.org/en/latest/administration/services/samba.html
+          "load printers" = "no";
+          "disable spoolss" = "yes";
+          "printing" = "bsd";
+          "printcap name" = "/dev/null";
+          "time server" = "no";
+          "wins support" = "no";
+
+
+          # random other settings that seem to make sense
+          "server min protocol" = "SMB3";
+          "security" = "user";
+          "invalid users" = ["root"];
           "netbios name" = "lampadas";
           "hosts allow" = [
             "100.64.0.0/255.192.0.0"
@@ -192,26 +227,32 @@ in
           ];
           "hosts deny" = "0.0.0.0/0";
           "guest account" = "samba-guest";
-          "map to guest" = "bad user";
-          "load printers" = "no";
-          "server min protocol" = "SMB3";
           "server smb encrypt" = "required";
-          "min receivefile size" = "16384";
+          "min receivefile size" = "65536";
           "use sendfile" = "yes";
-          "aio read size" = "16384";
-          "aio write size" = "16384";
           "server multi channel support" = "yes";
           "socket options" = [
             "TCP_NODELAY"
             "IPTOS_LOWDELAY"
-            "SO_RCVBUF=131072"
-            "SO_SNDBUF=131072"
+            "SO_RCVBUF=67108864"
+            "SO_SNDBUF=67108864"
           ];
           "read raw" = "yes";
           "write raw" = "yes";
           "large readwrite" = "yes";
           "getwd cache" = "yes";
           "deadtime" = "30";
+          "store dos attributes" = "yes";
+          "dns proxy" = "no";
+          "map hidden" = "no";
+          "map system" = "no";
+          "map archive" = "no";
+          "nt acl support" = "yes";
+
+          "inherit acls" = "yes";
+          "map acl inherit" = "yes";
+          "encrypt passwords" = "yes";
+          "client plaintext auth" = "no";
 
           # make SMB work faster when being accessed from macos
           "file_ids_off" = "yes";
@@ -261,18 +302,23 @@ in
           "path" = "/data/time_machine";
           "comment" = "time machine backups";
 
-          "force user" = "emile";
-          "fruit:aapl" = "yes";
-          "fruit:copyfile" = "yes";
-          "fruit:delete_empty_adfiles" = "yes";
+          # macOS / iOS config, adaption from https://wiki.samba.org/index.php/Configure_Samba_to_Work_Better_with_Mac_OS_X
           "fruit:metadata" = "stream";
+          "fruit:model" = "MacSamba";
           "fruit:posix_rename" = "yes";
-          "fruit:time machine" = "yes";
           "fruit:veto_appledouble" = "no";
-          "fruit:wipe_intentionally_left_blank_rfork" = "yes";
           "fruit:nfs_aces" = "no";
+          "fruit:wipe_intentionally_left_blank_rfork" = "yes";
+          "fruit:delete_empty_adfiles" = "yes";
+          "fruit:encoding" = "private";
+          "fruit:locking" = "none";
+          "fruit:resource" = "file";
+
+          "force user" = "emile";
+          "fruit:aapl" = "yes";
+          "fruit:copyfile" = "yes";
+          "fruit:time machine" = "yes";
           # "fruit:zero_file_id" = "yes";
-          # "fruit:encoding" = "native";
           "public" = "no";
           "valid users" = "emile";
           "vfs objects" = ["catia" "fruit" "streams_xattr"];
generated by cgit-pink 1.4.1
rss feed of @hanemile@chaos.social mastodon lieu webring search engine XXIIVV webring activitypub