Take storage-ng configuration from the host
This commit is contained in:
parent
f2548258f5
commit
96d5d6bdb7
|
@ -8,19 +8,18 @@
|
||||||
imports =
|
imports =
|
||||||
[ # Include the results of the hardware scan.
|
[ # Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../../lib
|
|
||||||
../../lib/hq.nix
|
../../lib/hq.nix
|
||||||
../../lib/shared.nix
|
../../lib/shared.nix
|
||||||
../../lib/users.nix
|
../../lib/users.nix
|
||||||
./ncdc.nix
|
./ncdc.nix
|
||||||
|
#./jellyfin.nix
|
||||||
../../lib/mpd.nix
|
../../lib/mpd.nix
|
||||||
../../lib/default-gateway.nix
|
../../lib/default-gateway.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
c3d2 = {
|
hq.yggdrasil = {
|
||||||
isInHq = true;
|
enable = true;
|
||||||
mapHqHosts = true;
|
interface = "ens18";
|
||||||
hq.interface = "eth0";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
@ -88,20 +87,6 @@
|
||||||
client.enable = true;
|
client.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.samba = {
|
|
||||||
enable = true;
|
|
||||||
enableNmbd = true;
|
|
||||||
shares = {
|
|
||||||
xpool = {
|
|
||||||
browseable = "yes";
|
|
||||||
comment = "Public samba share.";
|
|
||||||
# guest ok = "yes";
|
|
||||||
path = "/mnt/cephfs/c3d2/files";
|
|
||||||
# read only = false;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# fixme, we need a floating ip here
|
# fixme, we need a floating ip here
|
||||||
# correct is floating ip 172.22.99.21
|
# correct is floating ip 172.22.99.21
|
||||||
# does not exist yet
|
# does not exist yet
|
||||||
|
@ -111,7 +96,7 @@
|
||||||
fileSystems."/mnt/cephfs" = {
|
fileSystems."/mnt/cephfs" = {
|
||||||
device = "172.22.99.13:6789:/";
|
device = "172.22.99.13:6789:/";
|
||||||
fsType = "ceph";
|
fsType = "ceph";
|
||||||
options = [ "name=storage2" ("secret=" + (import ../../secrets/hosts/storage-ng/storage-secret.nix)) "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
|
options = [ "name=storage2" "secret=AQAvRhxcaCK0IxAAnoe00oiopcpQeKZgL02RWw==" "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Some programs need SUID wrappers, can be configured further or are
|
# Some programs need SUID wrappers, can be configured further or are
|
||||||
|
@ -150,17 +135,49 @@
|
||||||
http2 = true;
|
http2 = true;
|
||||||
# addSSL = true;
|
# addSSL = true;
|
||||||
locations = {
|
locations = {
|
||||||
"/c3d2" = {
|
"/" =
|
||||||
alias = "/mnt/cephfs/c3d2/files/";
|
let
|
||||||
extraConfig = ''
|
authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
|
||||||
fancyindex on;
|
in {
|
||||||
# autoindex on;
|
alias = "/mnt/cephfs/c3d2/files/";
|
||||||
'';
|
extraConfig = ''
|
||||||
};
|
auth_basic "Chaos";
|
||||||
|
auth_basic_user_file ${authFile};
|
||||||
|
fancyindex on;
|
||||||
|
# autoindex on;
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.samba = {
|
||||||
|
enable = false; # samba is garbage
|
||||||
|
enableNmbd = true;
|
||||||
|
extraConfig = ''
|
||||||
|
workgroup = WORKGROUP
|
||||||
|
server string = storage
|
||||||
|
netbios name = storage
|
||||||
|
hosts allow = 172.20 172.22 172.22.99.146
|
||||||
|
hosts deny = 0.0.0.0/0
|
||||||
|
guest account = k-ot
|
||||||
|
map to guest = Bad user
|
||||||
|
'';
|
||||||
|
shares = {
|
||||||
|
c3d2 = {
|
||||||
|
path = "/mnt/cephfs/c3d2";
|
||||||
|
browseable = "yes";
|
||||||
|
"read only" = "no";
|
||||||
|
"guest ok" = "yes";
|
||||||
|
"create mask" = "0644";
|
||||||
|
"directory mask" = "0755";
|
||||||
|
"force user" = "k-ot";
|
||||||
|
"force group" = "k-ot";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# Open ports in the firewall.
|
# Open ports in the firewall.
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [
|
||||||
23
|
23
|
||||||
|
@ -172,6 +189,7 @@
|
||||||
69
|
69
|
||||||
137 138 445 139 # samba
|
137 138 445 139 # samba
|
||||||
];
|
];
|
||||||
|
|
||||||
# Or disable the firewall altogether.
|
# Or disable the firewall altogether.
|
||||||
networking.firewall.enable = false;
|
networking.firewall.enable = false;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user