configurations of hq services
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

configuration.nix 4.5KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176
  1. # Edit this configuration file to define what should be installed on
  2. # your system. Help is available in the configuration.nix(5) man page
  3. # and in the NixOS manual (accessible by running ‘nixos-help’).
  4. { config, pkgs, lib, strings, ... }:
  5. {
  6. imports =
  7. [ # Include the results of the hardware scan.
  8. ./hardware-configuration.nix
  9. ../../common.nix
  10. ../../users.nix
  11. #./ncdc.nix
  12. ../../mpd.nix
  13. ];
  14. boot.loader.systemd-boot.enable = true;
  15. systemd = {
  16. enableEmergencyMode = false;
  17. };
  18. # Use the GRUB 2 boot loader.
  19. #boot.loader.grub.enable = true;
  20. #boot.loader.grub.version = 2;
  21. # boot.loader.grub.efiSupport = true;
  22. # boot.loader.grub.efiInstallAsRemovable = true;
  23. # boot.loader.efi.efiSysMountPoint = "/boot/efi";
  24. # Define on which hard drive you want to install Grub.
  25. #boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
  26. # networking = {
  27. # hostName = "storage2";
  28. # interfaces.ens18.ipv4.addresses = [{
  29. # address = "172.22.99.20";
  30. # prefixLength = 24;
  31. # }];
  32. # };
  33. networking = {
  34. hostName = "storage-ng";
  35. # usePredictableInterfacenames = false;
  36. interfaces.ens18.ipv4.addresses = [{
  37. address = "172.22.99.20";
  38. prefixLength = 24;
  39. }];
  40. interfaces.ens18.ipv6.addresses = [{
  41. address= "2a02:8106:208:5201::20";
  42. prefixLength = 64;
  43. }];
  44. defaultGateway.interface = "ens18";
  45. #defaultGateway6 = {
  46. # address = "fe80::a800:42ff:fe7a:3246";
  47. # interface = "ens18";
  48. #};
  49. };
  50. # List packages installed in system profile. To search, run:
  51. # $ nix search wget
  52. environment.systemPackages = with pkgs; [
  53. wget
  54. vim
  55. screen
  56. zsh
  57. lftp
  58. # ceph
  59. lsof
  60. psmisc
  61. gitAndTools.git-annex
  62. gitAndTools.git
  63. tmux
  64. ];
  65. services.ceph = {
  66. # enable = true;
  67. client.enable = true;
  68. };
  69. services.samba = {
  70. enable = true;
  71. enableNmbd = true;
  72. shares = {
  73. xpool = {
  74. browseable = "yes";
  75. comment = "Public samba share.";
  76. # guest ok = "yes";
  77. path = "/mnt/cephfs/c3d2/files";
  78. # read only = false;
  79. };
  80. };
  81. };
  82. # fixme, we need a floating ip here
  83. # correct is floating ip 172.22.99.21
  84. # does not exist yet
  85. # secretfile does not work :(
  86. fileSystems."/mnt/cephfs" = {
  87. device = "172.22.99.13:6789:/";
  88. fsType = "ceph";
  89. options = [ "name=storage2" ("secret=" + (builtins.readFile("/etc/nixos/storage-secret.key"))) "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
  90. };
  91. # Some programs need SUID wrappers, can be configured further or are
  92. # started in user sessions.
  93. programs.bash.enableCompletion = true;
  94. programs.mtr.enable = true;
  95. # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
  96. # List services that you want to enable:
  97. # Enable the OpenSSH daemon.
  98. services.openssh.enable = true;
  99. services.atftpd = {
  100. enable = true;
  101. root = "/mnt/cephfs/c3d2/tftp";
  102. };
  103. services.nfs.server = {
  104. enable = true;
  105. # exports = "/mnt/cephfs/c3d2/dacbert-rootfs dacbert.hq.c3d2.de(rw) *(ro)";
  106. exports = "/mnt/cephfs/c3d2/dacbert-rootfs *(rw)";
  107. };
  108. services.nginx = {
  109. enable = true;
  110. #modules = [ pkgs.nginxModules.nixfancyindex ];
  111. package = pkgs.nginx.override {
  112. modules = with pkgs.nginxModules; [ fancyindex ];
  113. };
  114. virtualHosts = {
  115. "storage-ng.hq.c3d2.de" = {
  116. root = "/etc/nixos/www";
  117. serverAliases = [ "storage" "storage2" "storageng" ];
  118. http2 = true;
  119. # addSSL = true;
  120. locations = {
  121. "/c3d2" = {
  122. alias = "/mnt/cephfs/c3d2/files/";
  123. extraConfig = ''
  124. fancyindex on;
  125. # autoindex on;
  126. '';
  127. };
  128. };
  129. };
  130. };
  131. };
  132. # Open ports in the firewall.
  133. networking.firewall.allowedTCPPorts = [
  134. 23
  135. 80
  136. 443
  137. 137 138 445 139 # samba
  138. ];
  139. networking.firewall.allowedUDPPorts = [
  140. 69
  141. 137 138 445 139 # samba
  142. ];
  143. # Or disable the firewall altogether.
  144. networking.firewall.enable = false;
  145. # Enable sound.
  146. # sound.enable = true;
  147. # hardware.pulseaudio.enable = true;
  148. # This value determines the NixOS release with which your system is to be
  149. # compatible, in order to avoid breaking some software such as database
  150. # servers. You should change this only after NixOS release notes say you
  151. # should.
  152. system.stateVersion = "18.09"; # Did you read the comment?
  153. }