Browse Source

Add storage-ng

pull/1/head
ehmry 2 months ago
parent
commit
30b23abbed
6 changed files with 277 additions and 0 deletions
  1. 12
    0
      common.nix
  2. 176
    0
      hosts/storage-ng/configuration.nix
  3. 30
    0
      hosts/storage-ng/hardware-configuration.nix
  4. 18
    0
      hosts/storage-ng/ncdc.nix
  5. 28
    0
      mpd.nix
  6. 13
    0
      users.nix

+ 12
- 0
common.nix View File

@@ -0,0 +1,12 @@
1
+{ config, pkgs, ... }:
2
+
3
+{
4
+  time.timeZone = "Europe/Berlin";
5
+
6
+  networking = {
7
+    domain = "hq.c3d2.de";
8
+    defaultGateway.address = "172.22.99.1";
9
+    nameservers = [ "172.20.72.6" "9.9.9.9" "74.82.42.42" ];
10
+  };
11
+
12
+}

+ 176
- 0
hosts/storage-ng/configuration.nix View File

@@ -0,0 +1,176 @@
1
+# Edit this configuration file to define what should be installed on
2
+# your system.  Help is available in the configuration.nix(5) man page
3
+# and in the NixOS manual (accessible by running ‘nixos-help’).
4
+
5
+{ config, pkgs, lib, strings, ... }:
6
+
7
+{
8
+  imports =
9
+    [ # Include the results of the hardware scan.
10
+      ./hardware-configuration.nix
11
+      ../../common.nix
12
+      ../../users.nix
13
+      #./ncdc.nix
14
+      ../../mpd.nix
15
+    ];
16
+
17
+  boot.loader.systemd-boot.enable = true;
18
+  systemd = {
19
+    enableEmergencyMode = false;
20
+  };
21
+  # Use the GRUB 2 boot loader.
22
+  #boot.loader.grub.enable = true;
23
+  #boot.loader.grub.version = 2;
24
+  # boot.loader.grub.efiSupport = true;
25
+  # boot.loader.grub.efiInstallAsRemovable = true;
26
+  # boot.loader.efi.efiSysMountPoint = "/boot/efi";
27
+  # Define on which hard drive you want to install Grub.
28
+  #boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
29
+
30
+  # networking = {
31
+  #   hostName = "storage2";
32
+  #   interfaces.ens18.ipv4.addresses = [{
33
+  #       address = "172.22.99.20";
34
+  #       prefixLength = 24;
35
+  #   }];
36
+  # };
37
+
38
+  networking = {
39
+    hostName = "storage-ng";
40
+    # usePredictableInterfacenames = false;
41
+    interfaces.ens18.ipv4.addresses = [{
42
+        address = "172.22.99.20";
43
+        prefixLength = 24;
44
+    }];
45
+    interfaces.ens18.ipv6.addresses = [{
46
+        address= "2a02:8106:208:5201::20";
47
+        prefixLength = 64;
48
+    }];
49
+
50
+    defaultGateway.interface = "ens18";
51
+
52
+    #defaultGateway6 = {
53
+    #  address = "fe80::a800:42ff:fe7a:3246";
54
+    #  interface = "ens18";
55
+    #};
56
+  };
57
+
58
+  # List packages installed in system profile. To search, run:
59
+  # $ nix search wget
60
+  environment.systemPackages = with pkgs; [
61
+     wget
62
+     vim
63
+     screen
64
+     zsh
65
+     lftp
66
+     # ceph
67
+     lsof
68
+     psmisc
69
+     gitAndTools.git-annex
70
+     gitAndTools.git
71
+     tmux
72
+  ];
73
+
74
+  services.ceph = {
75
+      # enable = true;
76
+      client.enable = true;
77
+  };
78
+
79
+  services.samba = {
80
+      enable = true;
81
+      enableNmbd = true;
82
+      shares = { 
83
+      xpool = {
84
+        browseable = "yes";
85
+              comment = "Public samba share.";
86
+              # guest ok = "yes";
87
+              path = "/mnt/cephfs/c3d2/files";
88
+              # read only = false;
89
+            };
90
+        };
91
+  };
92
+
93
+  # fixme, we need a floating ip here
94
+  # correct is floating ip 172.22.99.21
95
+  # does not exist yet
96
+
97
+  # secretfile does not work :(
98
+  
99
+  fileSystems."/mnt/cephfs" = {
100
+    device = "172.22.99.13:6789:/";
101
+    fsType = "ceph";
102
+    options = [ "name=storage2" ("secret=" + (builtins.readFile("/etc/nixos/storage-secret.key"))) "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
103
+  };
104
+
105
+  # Some programs need SUID wrappers, can be configured further or are
106
+  # started in user sessions.
107
+  programs.bash.enableCompletion = true;
108
+  programs.mtr.enable = true;
109
+  # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
110
+
111
+  # List services that you want to enable:
112
+
113
+  # Enable the OpenSSH daemon.
114
+  services.openssh.enable = true;
115
+
116
+  services.atftpd = {
117
+    enable = true;
118
+    root = "/mnt/cephfs/c3d2/tftp";
119
+  };
120
+
121
+  services.nfs.server = {
122
+    enable = true;
123
+#    exports = "/mnt/cephfs/c3d2/dacbert-rootfs dacbert.hq.c3d2.de(rw) *(ro)";
124
+    exports = "/mnt/cephfs/c3d2/dacbert-rootfs *(rw)";
125
+  };
126
+
127
+
128
+  services.nginx = {
129
+    enable = true;
130
+    #modules = [ pkgs.nginxModules.nixfancyindex ];
131
+    package = pkgs.nginx.override {
132
+      modules = with pkgs.nginxModules; [ fancyindex ];
133
+    };
134
+    virtualHosts = {
135
+      "storage-ng.hq.c3d2.de" = {
136
+        root = "/etc/nixos/www";
137
+        serverAliases = [ "storage" "storage2" "storageng" ];
138
+        http2 = true;
139
+        # addSSL = true;
140
+        locations = {
141
+          "/c3d2" = {
142
+            alias = "/mnt/cephfs/c3d2/files/";
143
+            extraConfig = ''
144
+              fancyindex on;
145
+              # autoindex on;
146
+            '';
147
+          };
148
+        };
149
+      };
150
+    };
151
+  };
152
+  # Open ports in the firewall.
153
+  networking.firewall.allowedTCPPorts = [ 
154
+    23
155
+    80
156
+    443
157
+    137 138 445 139 # samba
158
+   ];
159
+  networking.firewall.allowedUDPPorts = [ 
160
+    69
161
+    137 138 445 139 # samba
162
+   ];
163
+  # Or disable the firewall altogether.
164
+  networking.firewall.enable = false;
165
+
166
+  # Enable sound.
167
+  # sound.enable = true;
168
+  # hardware.pulseaudio.enable = true;
169
+
170
+  # This value determines the NixOS release with which your system is to be
171
+  # compatible, in order to avoid breaking some software such as database
172
+  # servers. You should change this only after NixOS release notes say you
173
+  # should.
174
+  system.stateVersion = "18.09"; # Did you read the comment?
175
+
176
+}

+ 30
- 0
hosts/storage-ng/hardware-configuration.nix View File

@@ -0,0 +1,30 @@
1
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
2
+# and may be overwritten by future invocations.  Please make changes
3
+# to /etc/nixos/configuration.nix instead.
4
+{ config, lib, pkgs, ... }:
5
+
6
+{
7
+  imports =
8
+    [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
9
+    ];
10
+
11
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
12
+  boot.kernelModules = [ ];
13
+  boot.extraModulePackages = [ ];
14
+
15
+  fileSystems."/" =
16
+    { device = "/dev/disk/by-uuid/dcaea9ca-4aeb-441f-a0d6-7f31c8f16a2a";
17
+      fsType = "ext4";
18
+    };
19
+
20
+  fileSystems."/boot" =
21
+    { device = "/dev/disk/by-uuid/5C15-758A";
22
+      fsType = "vfat";
23
+    };
24
+
25
+  swapDevices =
26
+    [ { device = "/dev/disk/by-uuid/68aade1c-47b6-403e-8f2f-21909d55044a"; }
27
+    ];
28
+
29
+  nix.maxJobs = lib.mkDefault 4;
30
+}

+ 18
- 0
hosts/storage-ng/ncdc.nix View File

@@ -0,0 +1,18 @@
1
+{ config, pkgs, lib, ... }:
2
+
3
+let
4
+  ncdcPort = 1512;
5
+in
6
+{
7
+  users.users.ncdc =
8
+    { isNormalUser = true;
9
+      uid = ncdcPort;
10
+      openssh.authorizedKeys.keys =
11
+        config.users.users.k-ot.openssh.authorizedKeys.keys;
12
+      password = "k-ot";
13
+      packages = [ pkgs.tmux pkgs.ncdc ];
14
+    };
15
+  networking.firewall.allowedTCPPorts = [ ncdcPort ];
16
+  networking.firewall.allowedUDPPorts = [ ncdcPort ];
17
+}
18
+

+ 28
- 0
mpd.nix View File

@@ -0,0 +1,28 @@
1
+{ config, pkgs, lib, ... }:
2
+
3
+let
4
+  hostMpd = if config.networking.hostName == "storage-ng" then
5
+    {
6
+      musicDirectory = "/mnt/cephfs/c3d2/rpool/Music";
7
+    }
8
+    else
9
+    {
10
+      dbFile = null;
11
+      musicDirectory = "/mnt/storage/Music";
12
+      extraConfig = ''
13
+        database {
14
+          plugin "proxy"
15
+          host "172.22.99.20"
16
+        }
17
+      '';
18
+    };
19
+in
20
+{
21
+  services.mpd = (hostMpd // {
22
+    enable=true;
23
+    network.listenAddress = "any";
24
+  });
25
+
26
+  networking.firewall.allowedTCPPorts =
27
+   [ config.mpd.network.port ];
28
+}

+ 13
- 0
users.nix View File

@@ -0,0 +1,13 @@
1
+{ pkgs, ... }:
2
+
3
+{
4
+  users.users.k-ot = {
5
+    packages = with pkgs;
6
+      [ screen tmux ];
7
+    createHome = true;
8
+    isNormalUser = true;
9
+    uid = 1000;
10
+    extraGroups = [ "wheel" "audio" ];
11
+    password = "k-otk-ot";
12
+  };
13
+}

Loading…
Cancel
Save