hosts/storage-ng: linting
This commit is contained in:
parent
96d5d6bdb7
commit
2e8ca6c52f
|
@ -5,17 +5,22 @@
|
||||||
{ config, pkgs, lib, strings, ... }:
|
{ config, pkgs, lib, strings, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports = [ # Include the results of the hardware scan.
|
||||||
[ # Include the results of the hardware scan.
|
./hardware-configuration.nix
|
||||||
./hardware-configuration.nix
|
../../lib
|
||||||
../../lib/hq.nix
|
../../lib/hq.nix
|
||||||
../../lib/shared.nix
|
../../lib/shared.nix
|
||||||
../../lib/users.nix
|
../../lib/users.nix
|
||||||
./ncdc.nix
|
./ncdc.nix
|
||||||
#./jellyfin.nix
|
../../lib/mpd.nix
|
||||||
../../lib/mpd.nix
|
../../lib/default-gateway.nix
|
||||||
../../lib/default-gateway.nix
|
];
|
||||||
];
|
|
||||||
|
c3d2 = {
|
||||||
|
isInHq = true;
|
||||||
|
mapHqHosts = true;
|
||||||
|
hq.interface = "ens18";
|
||||||
|
};
|
||||||
|
|
||||||
hq.yggdrasil = {
|
hq.yggdrasil = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -23,68 +28,45 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
systemd = {
|
systemd.enableEmergencyMode = false;
|
||||||
enableEmergencyMode = false;
|
|
||||||
};
|
|
||||||
# Use the GRUB 2 boot loader.
|
|
||||||
#boot.loader.grub.enable = true;
|
|
||||||
#boot.loader.grub.version = 2;
|
|
||||||
# boot.loader.grub.efiSupport = true;
|
|
||||||
# boot.loader.grub.efiInstallAsRemovable = true;
|
|
||||||
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
|
||||||
# Define on which hard drive you want to install Grub.
|
|
||||||
#boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
|
|
||||||
|
|
||||||
# networking = {
|
|
||||||
# hostName = "storage2";
|
|
||||||
# interfaces.ens18.ipv4.addresses = [{
|
|
||||||
# address = "172.22.99.20";
|
|
||||||
# prefixLength = 24;
|
|
||||||
# }];
|
|
||||||
# };
|
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "storage-ng";
|
hostName = "storage-ng";
|
||||||
# usePredictableInterfacenames = false;
|
# usePredictableInterfacenames = false;
|
||||||
interfaces.ens18.ipv4.addresses = [{
|
interfaces.ens18.ipv4.addresses = [{
|
||||||
address = "172.22.99.20";
|
address = "172.22.99.20";
|
||||||
prefixLength = 24;
|
prefixLength = 24;
|
||||||
}];
|
}];
|
||||||
interfaces.ens18.ipv6.addresses = [{
|
interfaces.ens18.ipv6.addresses = [{
|
||||||
address= "2a02:8106:208:5201::20";
|
address = "2a02:8106:208:5201::20";
|
||||||
prefixLength = 64;
|
prefixLength = 64;
|
||||||
}];
|
}];
|
||||||
|
|
||||||
defaultGateway.interface = "ens18";
|
defaultGateway.interface = "ens18";
|
||||||
|
|
||||||
#defaultGateway6 = {
|
|
||||||
# address = "fe80::a800:42ff:fe7a:3246";
|
|
||||||
# interface = "ens18";
|
|
||||||
#};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# List packages installed in system profile. To search, run:
|
# List packages installed in system profile. To search, run:
|
||||||
# $ nix search wget
|
# $ nix search wget
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
wget
|
wget
|
||||||
vim
|
vim
|
||||||
screen
|
screen
|
||||||
zsh
|
zsh
|
||||||
lftp
|
lftp
|
||||||
# ceph
|
lsof
|
||||||
lsof
|
psmisc
|
||||||
psmisc
|
gitAndTools.git-annex
|
||||||
gitAndTools.git-annex
|
gitAndTools.git
|
||||||
gitAndTools.git
|
tmux
|
||||||
tmux
|
|
||||||
|
|
||||||
mpv
|
mpv
|
||||||
iotop
|
iotop
|
||||||
];
|
];
|
||||||
|
|
||||||
services.ceph = {
|
services.ceph = {
|
||||||
# enable = true;
|
enable = false;
|
||||||
client.enable = true;
|
client.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
# fixme, we need a floating ip here
|
# fixme, we need a floating ip here
|
||||||
|
@ -92,11 +74,19 @@
|
||||||
# does not exist yet
|
# does not exist yet
|
||||||
|
|
||||||
# secretfile does not work :(
|
# secretfile does not work :(
|
||||||
|
|
||||||
fileSystems."/mnt/cephfs" = {
|
fileSystems."/mnt/cephfs" = {
|
||||||
device = "172.22.99.13:6789:/";
|
device = "172.22.99.13:6789:/";
|
||||||
fsType = "ceph";
|
fsType = "ceph";
|
||||||
options = [ "name=storage2" "secret=AQAvRhxcaCK0IxAAnoe00oiopcpQeKZgL02RWw==" "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
|
options = [
|
||||||
|
"name=storage2"
|
||||||
|
"secret=AQAvRhxcaCK0IxAAnoe00oiopcpQeKZgL02RWw=="
|
||||||
|
"noatime,_netdev"
|
||||||
|
"noauto"
|
||||||
|
"x-systemd.automount"
|
||||||
|
"x-systemd.device-timeout=175"
|
||||||
|
"users"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Some programs need SUID wrappers, can be configured further or are
|
# Some programs need SUID wrappers, can be configured further or are
|
||||||
|
@ -117,17 +107,15 @@
|
||||||
|
|
||||||
services.nfs.server = {
|
services.nfs.server = {
|
||||||
enable = true;
|
enable = true;
|
||||||
# exports = "/mnt/cephfs/c3d2/dacbert-rootfs dacbert.hq.c3d2.de(rw) *(ro)";
|
# exports = "/mnt/cephfs/c3d2/dacbert-rootfs dacbert.hq.c3d2.de(rw) *(ro)";
|
||||||
exports = "/mnt/cephfs/c3d2/dacbert-rootfs *(rw)";
|
exports = "/mnt/cephfs/c3d2/dacbert-rootfs *(rw)";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
#modules = [ pkgs.nginxModules.nixfancyindex ];
|
#modules = [ pkgs.nginxModules.nixfancyindex ];
|
||||||
package = pkgs.nginx.override {
|
package =
|
||||||
modules = with pkgs.nginxModules; [ fancyindex ];
|
pkgs.nginx.override { modules = with pkgs.nginxModules; [ fancyindex ]; };
|
||||||
};
|
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"storage-ng.hq.c3d2.de" = {
|
"storage-ng.hq.c3d2.de" = {
|
||||||
root = "/etc/nixos/www";
|
root = "/etc/nixos/www";
|
||||||
|
@ -135,18 +123,16 @@
|
||||||
http2 = true;
|
http2 = true;
|
||||||
# addSSL = true;
|
# addSSL = true;
|
||||||
locations = {
|
locations = {
|
||||||
"/" =
|
"/" = let authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
|
||||||
let
|
in {
|
||||||
authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
|
alias = "/mnt/cephfs/c3d2/files/";
|
||||||
in {
|
extraConfig = ''
|
||||||
alias = "/mnt/cephfs/c3d2/files/";
|
auth_basic "Chaos";
|
||||||
extraConfig = ''
|
auth_basic_user_file ${authFile};
|
||||||
auth_basic "Chaos";
|
fancyindex on;
|
||||||
auth_basic_user_file ${authFile};
|
# autoindex on;
|
||||||
fancyindex on;
|
'';
|
||||||
# autoindex on;
|
};
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -178,29 +164,21 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Open ports in the firewall.
|
/* # Open ports in the firewall.
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [
|
||||||
23
|
23
|
||||||
80
|
80
|
||||||
443
|
443
|
||||||
137 138 445 139 # samba
|
137 138 445 139 # samba
|
||||||
];
|
];
|
||||||
networking.firewall.allowedUDPPorts = [
|
networking.firewall.allowedUDPPorts = [
|
||||||
69
|
69
|
||||||
137 138 445 139 # samba
|
137 138 445 139 # samba
|
||||||
];
|
];
|
||||||
|
*/
|
||||||
|
|
||||||
# Or disable the firewall altogether.
|
|
||||||
networking.firewall.enable = false;
|
networking.firewall.enable = false;
|
||||||
|
|
||||||
# Enable sound.
|
|
||||||
# sound.enable = true;
|
|
||||||
# hardware.pulseaudio.enable = true;
|
|
||||||
|
|
||||||
# This value determines the NixOS release with which your system is to be
|
|
||||||
# compatible, in order to avoid breaking some software such as database
|
|
||||||
# servers. You should change this only after NixOS release notes say you
|
|
||||||
# should.
|
|
||||||
system.stateVersion = "19.03"; # Did you read the comment?
|
system.stateVersion = "19.03"; # Did you read the comment?
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue