Take storage-ng configuration from the host

2019-12-03 20:01:40 +01:00 · 2019-12-03 20:01:40 +01:00 · 96d5d6bdb7
parent f2548258f5
commit 96d5d6bdb7
1 changed files with 45 additions and 27 deletions
--- a/hosts/storage-ng/configuration.nix
+++ b/hosts/storage-ng/configuration.nix
@ -8,19 +8,18 @@
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
-      ../../lib
      ../../lib/hq.nix
      ../../lib/shared.nix
      ../../lib/users.nix
      ./ncdc.nix
+      #./jellyfin.nix
      ../../lib/mpd.nix
      ../../lib/default-gateway.nix
    ];

-  c3d2 = {
-    isInHq = true;
-    mapHqHosts = true;
-    hq.interface = "eth0";
+  hq.yggdrasil = {
+    enable = true;
+    interface = "ens18";
  };

  boot.loader.systemd-boot.enable = true;
@ -88,20 +87,6 @@
      client.enable = true;
  };

-  services.samba = {
-      enable = true;
-      enableNmbd = true;
-      shares = { 
-      xpool = {
-        browseable = "yes";
-              comment = "Public samba share.";
-              # guest ok = "yes";
-              path = "/mnt/cephfs/c3d2/files";
-              # read only = false;
-            };
-        };
-  };
-
  # fixme, we need a floating ip here
  # correct is floating ip 172.22.99.21
  # does not exist yet
@ -111,7 +96,7 @@
  fileSystems."/mnt/cephfs" = {
    device = "172.22.99.13:6789:/";
    fsType = "ceph";
-    options = [ "name=storage2" ("secret=" + (import ../../secrets/hosts/storage-ng/storage-secret.nix)) "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
+    options = [ "name=storage2" "secret=AQAvRhxcaCK0IxAAnoe00oiopcpQeKZgL02RWw=="  "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
  };

  # Some programs need SUID wrappers, can be configured further or are
@ -150,17 +135,49 @@
        http2 = true;
        # addSSL = true;
        locations = {
-          "/c3d2" = {
-            alias = "/mnt/cephfs/c3d2/files/";
-            extraConfig = ''
-              fancyindex on;
-              # autoindex on;
-            '';
-          };
+          "/" =
+	    let
+	      authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
+	    in {
+              alias = "/mnt/cephfs/c3d2/files/";
+              extraConfig = ''
+		auth_basic "Chaos";
+		auth_basic_user_file ${authFile};
+                fancyindex on;
+                # autoindex on;
+              '';
+            };
        };
      };
    };
  };
+
+  services.samba = {
+    enable = false; # samba is garbage
+    enableNmbd = true;
+    extraConfig = ''
+      workgroup = WORKGROUP
+      server string = storage
+      netbios name = storage
+      hosts allow = 172.20 172.22 172.22.99.146
+      hosts deny = 0.0.0.0/0
+      guest account = k-ot
+      map to guest = Bad user
+    '';
+    shares = {
+      c3d2 = {
+        path = "/mnt/cephfs/c3d2";
+        browseable = "yes";
+        "read only" = "no";
+        "guest ok" = "yes";
+        "create mask" = "0644";
+        "directory mask" = "0755";
+        "force user" = "k-ot";
+        "force group" = "k-ot";
+      };
+    };
+  };
+
  # Open ports in the firewall.
  networking.firewall.allowedTCPPorts = [ 
    23
@ -172,6 +189,7 @@
    69
    137 138 445 139 # samba
   ];
+
  # Or disable the firewall altogether.
  networking.firewall.enable = false;