c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Take storage-ng configuration from the host

This commit is contained in:
Ehmry - 2019-12-03 20:01:40 +01:00 committed by Astro
parent f2548258f5
commit 96d5d6bdb7
1 changed files with 45 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
hosts/storage-ng/configuration.nix
View File

@ -8,19 +8,18 @@
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
../../lib
../../lib/hq.nix ../../lib/hq.nix
../../lib/shared.nix ../../lib/shared.nix
../../lib/users.nix ../../lib/users.nix
./ncdc.nix ./ncdc.nix
#./jellyfin.nix
../../lib/mpd.nix ../../lib/mpd.nix
../../lib/default-gateway.nix ../../lib/default-gateway.nix
]; ];
c3d2 = { hq.yggdrasil = {
isInHq = true; enable = true;
mapHqHosts = true; interface = "ens18";
hq.interface = "eth0";
}; };
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
@ -88,20 +87,6 @@
client.enable = true; client.enable = true;
}; };
services.samba = {
enable = true;
enableNmbd = true;
shares = {
xpool = {
browseable = "yes";
comment = "Public samba share.";
# guest ok = "yes";
path = "/mnt/cephfs/c3d2/files";
# read only = false;
};
};
};
# fixme, we need a floating ip here # fixme, we need a floating ip here
# correct is floating ip 172.22.99.21 # correct is floating ip 172.22.99.21
# does not exist yet # does not exist yet
@ -111,7 +96,7 @@
fileSystems."/mnt/cephfs" = { fileSystems."/mnt/cephfs" = {
device = "172.22.99.13:6789:/"; device = "172.22.99.13:6789:/";
fsType = "ceph"; fsType = "ceph";
options = [ "name=storage2" ("secret=" + (import ../../secrets/hosts/storage-ng/storage-secret.nix)) "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ]; options = [ "name=storage2" "secret=AQAvRhxcaCK0IxAAnoe00oiopcpQeKZgL02RWw==" "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
}; };
# Some programs need SUID wrappers, can be configured further or are # Some programs need SUID wrappers, can be configured further or are
@ -150,17 +135,49 @@
http2 = true; http2 = true;
# addSSL = true; # addSSL = true;
locations = { locations = {
"/c3d2" = { "/" =
alias = "/mnt/cephfs/c3d2/files/"; let
extraConfig = '' authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
fancyindex on; in {
# autoindex on; alias = "/mnt/cephfs/c3d2/files/";
''; extraConfig = ''
}; auth_basic "Chaos";
auth_basic_user_file ${authFile};
fancyindex on;
# autoindex on;
'';
};
}; };
}; };
}; };
}; };
services.samba = {
enable = false; # samba is garbage
enableNmbd = true;
extraConfig = ''
workgroup = WORKGROUP
server string = storage
netbios name = storage
hosts allow = 172.20 172.22 172.22.99.146
hosts deny = 0.0.0.0/0
guest account = k-ot
map to guest = Bad user
'';
shares = {
c3d2 = {
path = "/mnt/cephfs/c3d2";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "k-ot";
"force group" = "k-ot";
};
};
};
# Open ports in the firewall. # Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
23 23
@ -172,6 +189,7 @@
69 69
137 138 445 139 # samba 137 138 445 139 # samba
]; ];
# Or disable the firewall altogether. # Or disable the firewall altogether.
networking.firewall.enable = false; networking.firewall.enable = false;