configurations of hq services
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

configuration.nix 4.5KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180
  1. # Edit this configuration file to define what should be installed on
  2. # your system. Help is available in the configuration.nix(5) man page
  3. # and in the NixOS manual (accessible by running ‘nixos-help’).
  4. { config, pkgs, lib, strings, ... }:
  5. {
  6. imports =
  7. [ # Include the results of the hardware scan.
  8. ./hardware-configuration.nix
  9. ../../lib/common/c3d2.nix
  10. ../../lib/shared.nix
  11. ../../lib/users.nix
  12. ./ncdc.nix
  13. ../../lib/mpd.nix
  14. ];
  15. boot.loader.systemd-boot.enable = true;
  16. systemd = {
  17. enableEmergencyMode = false;
  18. };
  19. # Use the GRUB 2 boot loader.
  20. #boot.loader.grub.enable = true;
  21. #boot.loader.grub.version = 2;
  22. # boot.loader.grub.efiSupport = true;
  23. # boot.loader.grub.efiInstallAsRemovable = true;
  24. # boot.loader.efi.efiSysMountPoint = "/boot/efi";
  25. # Define on which hard drive you want to install Grub.
  26. #boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
  27. # networking = {
  28. # hostName = "storage2";
  29. # interfaces.ens18.ipv4.addresses = [{
  30. # address = "172.22.99.20";
  31. # prefixLength = 24;
  32. # }];
  33. # };
  34. networking = {
  35. hostName = "storage-ng";
  36. # usePredictableInterfacenames = false;
  37. interfaces.ens18.ipv4.addresses = [{
  38. address = "172.22.99.20";
  39. prefixLength = 24;
  40. }];
  41. interfaces.ens18.ipv6.addresses = [{
  42. address= "2a02:8106:208:5201::20";
  43. prefixLength = 64;
  44. }];
  45. defaultGateway.interface = "ens18";
  46. #defaultGateway6 = {
  47. # address = "fe80::a800:42ff:fe7a:3246";
  48. # interface = "ens18";
  49. #};
  50. };
  51. # List packages installed in system profile. To search, run:
  52. # $ nix search wget
  53. environment.systemPackages = with pkgs; [
  54. wget
  55. vim
  56. screen
  57. zsh
  58. lftp
  59. # ceph
  60. lsof
  61. psmisc
  62. gitAndTools.git-annex
  63. gitAndTools.git
  64. tmux
  65. mpv
  66. iotop
  67. ];
  68. services.ceph = {
  69. # enable = true;
  70. client.enable = true;
  71. };
  72. services.samba = {
  73. enable = true;
  74. enableNmbd = true;
  75. shares = {
  76. xpool = {
  77. browseable = "yes";
  78. comment = "Public samba share.";
  79. # guest ok = "yes";
  80. path = "/mnt/cephfs/c3d2/files";
  81. # read only = false;
  82. };
  83. };
  84. };
  85. # fixme, we need a floating ip here
  86. # correct is floating ip 172.22.99.21
  87. # does not exist yet
  88. # secretfile does not work :(
  89. fileSystems."/mnt/cephfs" = {
  90. device = "172.22.99.13:6789:/";
  91. fsType = "ceph";
  92. options = [ "name=storage2" ("secret=" + (import ../../secrets/hosts/storage-ng/storage-secret.nix)) "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
  93. };
  94. # Some programs need SUID wrappers, can be configured further or are
  95. # started in user sessions.
  96. programs.bash.enableCompletion = true;
  97. programs.mtr.enable = true;
  98. # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
  99. # List services that you want to enable:
  100. # Enable the OpenSSH daemon.
  101. services.openssh.enable = true;
  102. services.atftpd = {
  103. enable = true;
  104. root = "/mnt/cephfs/c3d2/tftp";
  105. };
  106. services.nfs.server = {
  107. enable = true;
  108. # exports = "/mnt/cephfs/c3d2/dacbert-rootfs dacbert.hq.c3d2.de(rw) *(ro)";
  109. exports = "/mnt/cephfs/c3d2/dacbert-rootfs *(rw)";
  110. };
  111. services.nginx = {
  112. enable = true;
  113. #modules = [ pkgs.nginxModules.nixfancyindex ];
  114. package = pkgs.nginx.override {
  115. modules = with pkgs.nginxModules; [ fancyindex ];
  116. };
  117. virtualHosts = {
  118. "storage-ng.hq.c3d2.de" = {
  119. root = "/etc/nixos/www";
  120. serverAliases = [ "storage" "storage2" "storageng" ];
  121. http2 = true;
  122. # addSSL = true;
  123. locations = {
  124. "/c3d2" = {
  125. alias = "/mnt/cephfs/c3d2/files/";
  126. extraConfig = ''
  127. fancyindex on;
  128. # autoindex on;
  129. '';
  130. };
  131. };
  132. };
  133. };
  134. };
  135. # Open ports in the firewall.
  136. networking.firewall.allowedTCPPorts = [
  137. 23
  138. 80
  139. 443
  140. 137 138 445 139 # samba
  141. ];
  142. networking.firewall.allowedUDPPorts = [
  143. 69
  144. 137 138 445 139 # samba
  145. ];
  146. # Or disable the firewall altogether.
  147. networking.firewall.enable = false;
  148. # Enable sound.
  149. # sound.enable = true;
  150. # hardware.pulseaudio.enable = true;
  151. # This value determines the NixOS release with which your system is to be
  152. # compatible, in order to avoid breaking some software such as database
  153. # servers. You should change this only after NixOS release notes say you
  154. # should.
  155. system.stateVersion = "19.03"; # Did you read the comment?
  156. }