nix-conf/hosts/common/network.nix

{ pkgs, ... }:
{
  environment.systemPackages = [ pkgs.opensnitch-ui ];
  networking = {
    networkmanager.enable = true;

    firewall = {
      enable = true;
      allowPing = true;
      allowedTCPPorts = [
        2375
        4780
        11470
        25565
      ];
      allowedUDPPorts = [
        3478
        41641
        8888
        8899
      ];
    };
  };

  services = {
    opensnitch = {
      enable = true;
    };
    tailscale = {
      enable = true;
      useRoutingFeatures = "client";
      extraUpFlags = [
        "--accept-dns=false"
        "--reset"
      ];
    };
    openssh.enable = true;
    # openssh.settings.X11Forwarding = true;
  };

  virtualisation = {
    docker = {
      enable = true;
      logDriver = "journald";
      package = pkgs.docker_25;
      storageDriver = "btrfs";
      daemon.settings = {
        hosts = [ "unix:///var/run/docker.sock" ];
        features.cdi = true;
        userland-proxy = false;
        experimental = true;
        metrics-addr = "0.0.0.0:9323";
      };
    };

    podman.enable = true;
  };
  virtualisation.waydroid.enable = true;

  services.samba = {
    enable = true;
    openFirewall = true;

    settings = {
      global = {
        "workgroup" = "WORKGROUP";
        "server string" = "smbnix";
        "netbios name" = "smbnix";
        "hosts allow" = "192.168.0. 192.168. 192.168.122.55 127.0.0.1 192.168.122.197 localhost";
        "hosts deny" = "0.0.0.0/0";
        "guest account" = "nobody";
        "map to guest" = "bad user";
        security = "user";
        # used for xp priter vm
        #   # Windows XP compatibility settings
        #   "server min protocol" = "NT1";  # Enable SMB1 for Windows XP
        #   "client min protocol" = "NT1";
        #   "ntlm auth" = "yes";  # Required for Windows XP
        #   "lanman auth" = "yes";  # Required for Windows XP
        # };
        # # Share for Windows XP access
        # "shared" = {
        #   "path" = "/home/thiago/shared";
        #   "browseable" = "yes";
        #   "read only" = "no";
        #   "guest ok" = "yes";
        #   "create mask" = "0644";
        #   "directory mask" = "0755";
      };
    };
  };

  systemd = {
    services.docker.serviceConfig = {
      StandardOutput = "journal";
      StandardError = "journal";
      logFilterPatterns = [
        ".*skip loading plugin.*"
        "skip plugin"
      ];
    };
    tmpfiles.rules = [
      "d /usr/local/share/polkit-1 0755 root root -"
      "d /usr/local/share/polkit-1/rules.d 0755 root root -"
    ];
  };
}