|
@@ -0,0 +1,176 @@
|
|
1
|
+# Edit this configuration file to define what should be installed on
|
|
2
|
+# your system. Help is available in the configuration.nix(5) man page
|
|
3
|
+# and in the NixOS manual (accessible by running ‘nixos-help’).
|
|
4
|
+
|
|
5
|
+{ config, pkgs, lib, strings, ... }:
|
|
6
|
+
|
|
7
|
+{
|
|
8
|
+ imports =
|
|
9
|
+ [ # Include the results of the hardware scan.
|
|
10
|
+ ./hardware-configuration.nix
|
|
11
|
+ ../../common.nix
|
|
12
|
+ ../../users.nix
|
|
13
|
+ #./ncdc.nix
|
|
14
|
+ ../../mpd.nix
|
|
15
|
+ ];
|
|
16
|
+
|
|
17
|
+ boot.loader.systemd-boot.enable = true;
|
|
18
|
+ systemd = {
|
|
19
|
+ enableEmergencyMode = false;
|
|
20
|
+ };
|
|
21
|
+ # Use the GRUB 2 boot loader.
|
|
22
|
+ #boot.loader.grub.enable = true;
|
|
23
|
+ #boot.loader.grub.version = 2;
|
|
24
|
+ # boot.loader.grub.efiSupport = true;
|
|
25
|
+ # boot.loader.grub.efiInstallAsRemovable = true;
|
|
26
|
+ # boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
|
27
|
+ # Define on which hard drive you want to install Grub.
|
|
28
|
+ #boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
|
|
29
|
+
|
|
30
|
+ # networking = {
|
|
31
|
+ # hostName = "storage2";
|
|
32
|
+ # interfaces.ens18.ipv4.addresses = [{
|
|
33
|
+ # address = "172.22.99.20";
|
|
34
|
+ # prefixLength = 24;
|
|
35
|
+ # }];
|
|
36
|
+ # };
|
|
37
|
+
|
|
38
|
+ networking = {
|
|
39
|
+ hostName = "storage-ng";
|
|
40
|
+ # usePredictableInterfacenames = false;
|
|
41
|
+ interfaces.ens18.ipv4.addresses = [{
|
|
42
|
+ address = "172.22.99.20";
|
|
43
|
+ prefixLength = 24;
|
|
44
|
+ }];
|
|
45
|
+ interfaces.ens18.ipv6.addresses = [{
|
|
46
|
+ address= "2a02:8106:208:5201::20";
|
|
47
|
+ prefixLength = 64;
|
|
48
|
+ }];
|
|
49
|
+
|
|
50
|
+ defaultGateway.interface = "ens18";
|
|
51
|
+
|
|
52
|
+ #defaultGateway6 = {
|
|
53
|
+ # address = "fe80::a800:42ff:fe7a:3246";
|
|
54
|
+ # interface = "ens18";
|
|
55
|
+ #};
|
|
56
|
+ };
|
|
57
|
+
|
|
58
|
+ # List packages installed in system profile. To search, run:
|
|
59
|
+ # $ nix search wget
|
|
60
|
+ environment.systemPackages = with pkgs; [
|
|
61
|
+ wget
|
|
62
|
+ vim
|
|
63
|
+ screen
|
|
64
|
+ zsh
|
|
65
|
+ lftp
|
|
66
|
+ # ceph
|
|
67
|
+ lsof
|
|
68
|
+ psmisc
|
|
69
|
+ gitAndTools.git-annex
|
|
70
|
+ gitAndTools.git
|
|
71
|
+ tmux
|
|
72
|
+ ];
|
|
73
|
+
|
|
74
|
+ services.ceph = {
|
|
75
|
+ # enable = true;
|
|
76
|
+ client.enable = true;
|
|
77
|
+ };
|
|
78
|
+
|
|
79
|
+ services.samba = {
|
|
80
|
+ enable = true;
|
|
81
|
+ enableNmbd = true;
|
|
82
|
+ shares = {
|
|
83
|
+ xpool = {
|
|
84
|
+ browseable = "yes";
|
|
85
|
+ comment = "Public samba share.";
|
|
86
|
+ # guest ok = "yes";
|
|
87
|
+ path = "/mnt/cephfs/c3d2/files";
|
|
88
|
+ # read only = false;
|
|
89
|
+ };
|
|
90
|
+ };
|
|
91
|
+ };
|
|
92
|
+
|
|
93
|
+ # fixme, we need a floating ip here
|
|
94
|
+ # correct is floating ip 172.22.99.21
|
|
95
|
+ # does not exist yet
|
|
96
|
+
|
|
97
|
+ # secretfile does not work :(
|
|
98
|
+
|
|
99
|
+ fileSystems."/mnt/cephfs" = {
|
|
100
|
+ device = "172.22.99.13:6789:/";
|
|
101
|
+ fsType = "ceph";
|
|
102
|
+ options = [ "name=storage2" ("secret=" + (builtins.readFile("/etc/nixos/storage-secret.key"))) "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
|
|
103
|
+ };
|
|
104
|
+
|
|
105
|
+ # Some programs need SUID wrappers, can be configured further or are
|
|
106
|
+ # started in user sessions.
|
|
107
|
+ programs.bash.enableCompletion = true;
|
|
108
|
+ programs.mtr.enable = true;
|
|
109
|
+ # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
|
|
110
|
+
|
|
111
|
+ # List services that you want to enable:
|
|
112
|
+
|
|
113
|
+ # Enable the OpenSSH daemon.
|
|
114
|
+ services.openssh.enable = true;
|
|
115
|
+
|
|
116
|
+ services.atftpd = {
|
|
117
|
+ enable = true;
|
|
118
|
+ root = "/mnt/cephfs/c3d2/tftp";
|
|
119
|
+ };
|
|
120
|
+
|
|
121
|
+ services.nfs.server = {
|
|
122
|
+ enable = true;
|
|
123
|
+# exports = "/mnt/cephfs/c3d2/dacbert-rootfs dacbert.hq.c3d2.de(rw) *(ro)";
|
|
124
|
+ exports = "/mnt/cephfs/c3d2/dacbert-rootfs *(rw)";
|
|
125
|
+ };
|
|
126
|
+
|
|
127
|
+
|
|
128
|
+ services.nginx = {
|
|
129
|
+ enable = true;
|
|
130
|
+ #modules = [ pkgs.nginxModules.nixfancyindex ];
|
|
131
|
+ package = pkgs.nginx.override {
|
|
132
|
+ modules = with pkgs.nginxModules; [ fancyindex ];
|
|
133
|
+ };
|
|
134
|
+ virtualHosts = {
|
|
135
|
+ "storage-ng.hq.c3d2.de" = {
|
|
136
|
+ root = "/etc/nixos/www";
|
|
137
|
+ serverAliases = [ "storage" "storage2" "storageng" ];
|
|
138
|
+ http2 = true;
|
|
139
|
+ # addSSL = true;
|
|
140
|
+ locations = {
|
|
141
|
+ "/c3d2" = {
|
|
142
|
+ alias = "/mnt/cephfs/c3d2/files/";
|
|
143
|
+ extraConfig = ''
|
|
144
|
+ fancyindex on;
|
|
145
|
+ # autoindex on;
|
|
146
|
+ '';
|
|
147
|
+ };
|
|
148
|
+ };
|
|
149
|
+ };
|
|
150
|
+ };
|
|
151
|
+ };
|
|
152
|
+ # Open ports in the firewall.
|
|
153
|
+ networking.firewall.allowedTCPPorts = [
|
|
154
|
+ 23
|
|
155
|
+ 80
|
|
156
|
+ 443
|
|
157
|
+ 137 138 445 139 # samba
|
|
158
|
+ ];
|
|
159
|
+ networking.firewall.allowedUDPPorts = [
|
|
160
|
+ 69
|
|
161
|
+ 137 138 445 139 # samba
|
|
162
|
+ ];
|
|
163
|
+ # Or disable the firewall altogether.
|
|
164
|
+ networking.firewall.enable = false;
|
|
165
|
+
|
|
166
|
+ # Enable sound.
|
|
167
|
+ # sound.enable = true;
|
|
168
|
+ # hardware.pulseaudio.enable = true;
|
|
169
|
+
|
|
170
|
+ # This value determines the NixOS release with which your system is to be
|
|
171
|
+ # compatible, in order to avoid breaking some software such as database
|
|
172
|
+ # servers. You should change this only after NixOS release notes say you
|
|
173
|
+ # should.
|
|
174
|
+ system.stateVersion = "18.09"; # Did you read the comment?
|
|
175
|
+
|
|
176
|
+}
|