hosts/storage-ng: linting

This commit is contained in:
Emery Hemingway 2019-12-03 20:04:13 +01:00 committed by Astro
parent 96d5d6bdb7
commit 2e8ca6c52f
1 changed files with 70 additions and 92 deletions

View File

@ -5,17 +5,22 @@
{ config, pkgs, lib, strings, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
../../lib/hq.nix
../../lib/shared.nix
../../lib/users.nix
./ncdc.nix
#./jellyfin.nix
../../lib/mpd.nix
../../lib/default-gateway.nix
];
imports = [ # Include the results of the hardware scan.
./hardware-configuration.nix
../../lib
../../lib/hq.nix
../../lib/shared.nix
../../lib/users.nix
./ncdc.nix
../../lib/mpd.nix
../../lib/default-gateway.nix
];
c3d2 = {
isInHq = true;
mapHqHosts = true;
hq.interface = "ens18";
};
hq.yggdrasil = {
enable = true;
@ -23,68 +28,45 @@
};
boot.loader.systemd-boot.enable = true;
systemd = {
enableEmergencyMode = false;
};
# Use the GRUB 2 boot loader.
#boot.loader.grub.enable = true;
#boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
#boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
# networking = {
# hostName = "storage2";
# interfaces.ens18.ipv4.addresses = [{
# address = "172.22.99.20";
# prefixLength = 24;
# }];
# };
systemd.enableEmergencyMode = false;
networking = {
hostName = "storage-ng";
# usePredictableInterfacenames = false;
interfaces.ens18.ipv4.addresses = [{
address = "172.22.99.20";
prefixLength = 24;
address = "172.22.99.20";
prefixLength = 24;
}];
interfaces.ens18.ipv6.addresses = [{
address= "2a02:8106:208:5201::20";
prefixLength = 64;
address = "2a02:8106:208:5201::20";
prefixLength = 64;
}];
defaultGateway.interface = "ens18";
#defaultGateway6 = {
# address = "fe80::a800:42ff:fe7a:3246";
# interface = "ens18";
#};
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
wget
vim
screen
zsh
lftp
# ceph
lsof
psmisc
gitAndTools.git-annex
gitAndTools.git
tmux
wget
vim
screen
zsh
lftp
lsof
psmisc
gitAndTools.git-annex
gitAndTools.git
tmux
mpv
iotop
mpv
iotop
];
services.ceph = {
# enable = true;
client.enable = true;
enable = false;
client.enable = true;
};
# fixme, we need a floating ip here
@ -92,11 +74,19 @@
# does not exist yet
# secretfile does not work :(
fileSystems."/mnt/cephfs" = {
device = "172.22.99.13:6789:/";
fsType = "ceph";
options = [ "name=storage2" "secret=AQAvRhxcaCK0IxAAnoe00oiopcpQeKZgL02RWw==" "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
options = [
"name=storage2"
"secret=AQAvRhxcaCK0IxAAnoe00oiopcpQeKZgL02RWw=="
"noatime,_netdev"
"noauto"
"x-systemd.automount"
"x-systemd.device-timeout=175"
"users"
];
};
# Some programs need SUID wrappers, can be configured further or are
@ -117,17 +107,15 @@
services.nfs.server = {
enable = true;
# exports = "/mnt/cephfs/c3d2/dacbert-rootfs dacbert.hq.c3d2.de(rw) *(ro)";
# exports = "/mnt/cephfs/c3d2/dacbert-rootfs dacbert.hq.c3d2.de(rw) *(ro)";
exports = "/mnt/cephfs/c3d2/dacbert-rootfs *(rw)";
};
services.nginx = {
enable = true;
#modules = [ pkgs.nginxModules.nixfancyindex ];
package = pkgs.nginx.override {
modules = with pkgs.nginxModules; [ fancyindex ];
};
package =
pkgs.nginx.override { modules = with pkgs.nginxModules; [ fancyindex ]; };
virtualHosts = {
"storage-ng.hq.c3d2.de" = {
root = "/etc/nixos/www";
@ -135,18 +123,16 @@
http2 = true;
# addSSL = true;
locations = {
"/" =
let
authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
in {
alias = "/mnt/cephfs/c3d2/files/";
extraConfig = ''
auth_basic "Chaos";
auth_basic_user_file ${authFile};
fancyindex on;
# autoindex on;
'';
};
"/" = let authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
in {
alias = "/mnt/cephfs/c3d2/files/";
extraConfig = ''
auth_basic "Chaos";
auth_basic_user_file ${authFile};
fancyindex on;
# autoindex on;
'';
};
};
};
};
@ -178,29 +164,21 @@
};
};
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [
23
80
443
137 138 445 139 # samba
];
networking.firewall.allowedUDPPorts = [
69
137 138 445 139 # samba
];
/* # Open ports in the firewall.
networking.firewall.allowedTCPPorts = [
23
80
443
137 138 445 139 # samba
];
networking.firewall.allowedUDPPorts = [
69
137 138 445 139 # samba
];
*/
# Or disable the firewall altogether.
networking.firewall.enable = false;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "19.03"; # Did you read the comment?
}