configurations of hq services
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

configuration.nix 4.7KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188
  1. # Edit this configuration file to define what should be installed on
  2. # your system. Help is available in the configuration.nix(5) man page
  3. # and in the NixOS manual (accessible by running ‘nixos-help’).
  4. { config, pkgs, lib, strings, ... }:
  5. {
  6. imports =
  7. [ # Include the results of the hardware scan.
  8. ./hardware-configuration.nix
  9. ../../lib
  10. ../../lib/hq.nix
  11. ../../lib/shared.nix
  12. ../../lib/users.nix
  13. ./ncdc.nix
  14. ../../lib/mpd.nix
  15. ../../lib/default-gateway.nix
  16. ];
  17. c3d2 = {
  18. isInHq = true;
  19. mapHqHosts = true;
  20. hq.interface = "eth0";
  21. };
  22. boot.loader.systemd-boot.enable = true;
  23. systemd = {
  24. enableEmergencyMode = false;
  25. };
  26. # Use the GRUB 2 boot loader.
  27. #boot.loader.grub.enable = true;
  28. #boot.loader.grub.version = 2;
  29. # boot.loader.grub.efiSupport = true;
  30. # boot.loader.grub.efiInstallAsRemovable = true;
  31. # boot.loader.efi.efiSysMountPoint = "/boot/efi";
  32. # Define on which hard drive you want to install Grub.
  33. #boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
  34. # networking = {
  35. # hostName = "storage2";
  36. # interfaces.ens18.ipv4.addresses = [{
  37. # address = "172.22.99.20";
  38. # prefixLength = 24;
  39. # }];
  40. # };
  41. networking = {
  42. hostName = "storage-ng";
  43. # usePredictableInterfacenames = false;
  44. interfaces.ens18.ipv4.addresses = [{
  45. address = "172.22.99.20";
  46. prefixLength = 24;
  47. }];
  48. interfaces.ens18.ipv6.addresses = [{
  49. address= "2a02:8106:208:5201::20";
  50. prefixLength = 64;
  51. }];
  52. defaultGateway.interface = "ens18";
  53. #defaultGateway6 = {
  54. # address = "fe80::a800:42ff:fe7a:3246";
  55. # interface = "ens18";
  56. #};
  57. };
  58. # List packages installed in system profile. To search, run:
  59. # $ nix search wget
  60. environment.systemPackages = with pkgs; [
  61. wget
  62. vim
  63. screen
  64. zsh
  65. lftp
  66. # ceph
  67. lsof
  68. psmisc
  69. gitAndTools.git-annex
  70. gitAndTools.git
  71. tmux
  72. mpv
  73. iotop
  74. ];
  75. services.ceph = {
  76. # enable = true;
  77. client.enable = true;
  78. };
  79. services.samba = {
  80. enable = true;
  81. enableNmbd = true;
  82. shares = {
  83. xpool = {
  84. browseable = "yes";
  85. comment = "Public samba share.";
  86. # guest ok = "yes";
  87. path = "/mnt/cephfs/c3d2/files";
  88. # read only = false;
  89. };
  90. };
  91. };
  92. # fixme, we need a floating ip here
  93. # correct is floating ip 172.22.99.21
  94. # does not exist yet
  95. # secretfile does not work :(
  96. fileSystems."/mnt/cephfs" = {
  97. device = "172.22.99.13:6789:/";
  98. fsType = "ceph";
  99. options = [ "name=storage2" ("secret=" + (import ../../secrets/hosts/storage-ng/storage-secret.nix)) "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
  100. };
  101. # Some programs need SUID wrappers, can be configured further or are
  102. # started in user sessions.
  103. programs.bash.enableCompletion = true;
  104. programs.mtr.enable = true;
  105. # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
  106. # List services that you want to enable:
  107. # Enable the OpenSSH daemon.
  108. services.openssh.enable = true;
  109. services.atftpd = {
  110. enable = true;
  111. root = "/mnt/cephfs/c3d2/tftp";
  112. };
  113. services.nfs.server = {
  114. enable = true;
  115. # exports = "/mnt/cephfs/c3d2/dacbert-rootfs dacbert.hq.c3d2.de(rw) *(ro)";
  116. exports = "/mnt/cephfs/c3d2/dacbert-rootfs *(rw)";
  117. };
  118. services.nginx = {
  119. enable = true;
  120. #modules = [ pkgs.nginxModules.nixfancyindex ];
  121. package = pkgs.nginx.override {
  122. modules = with pkgs.nginxModules; [ fancyindex ];
  123. };
  124. virtualHosts = {
  125. "storage-ng.hq.c3d2.de" = {
  126. root = "/etc/nixos/www";
  127. serverAliases = [ "storage" "storage2" "storageng" ];
  128. http2 = true;
  129. # addSSL = true;
  130. locations = {
  131. "/c3d2" = {
  132. alias = "/mnt/cephfs/c3d2/files/";
  133. extraConfig = ''
  134. fancyindex on;
  135. # autoindex on;
  136. '';
  137. };
  138. };
  139. };
  140. };
  141. };
  142. # Open ports in the firewall.
  143. networking.firewall.allowedTCPPorts = [
  144. 23
  145. 80
  146. 443
  147. 137 138 445 139 # samba
  148. ];
  149. networking.firewall.allowedUDPPorts = [
  150. 69
  151. 137 138 445 139 # samba
  152. ];
  153. # Or disable the firewall altogether.
  154. networking.firewall.enable = false;
  155. # Enable sound.
  156. # sound.enable = true;
  157. # hardware.pulseaudio.enable = true;
  158. # This value determines the NixOS release with which your system is to be
  159. # compatible, in order to avoid breaking some software such as database
  160. # servers. You should change this only after NixOS release notes say you
  161. # should.
  162. system.stateVersion = "19.03"; # Did you read the comment?
  163. }