C3D2
/
nix-config


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176
							# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, lib, strings, ... }:

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
      ../../common.nix
      ../../users.nix
      #./ncdc.nix
      ../../mpd.nix
    ];

  boot.loader.systemd-boot.enable = true;
  systemd = {
    enableEmergencyMode = false;
  };
  # Use the GRUB 2 boot loader.
  #boot.loader.grub.enable = true;
  #boot.loader.grub.version = 2;
  # boot.loader.grub.efiSupport = true;
  # boot.loader.grub.efiInstallAsRemovable = true;
  # boot.loader.efi.efiSysMountPoint = "/boot/efi";
  # Define on which hard drive you want to install Grub.
  #boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only

  # networking = {
  #   hostName = "storage2";
  #   interfaces.ens18.ipv4.addresses = [{
  #       address = "172.22.99.20";
  #       prefixLength = 24;
  #   }];
  # };

  networking = {
    hostName = "storage-ng";
    # usePredictableInterfacenames = false;
    interfaces.ens18.ipv4.addresses = [{
        address = "172.22.99.20";
        prefixLength = 24;
    }];
    interfaces.ens18.ipv6.addresses = [{
        address= "2a02:8106:208:5201::20";
        prefixLength = 64;
    }];

    defaultGateway.interface = "ens18";

    #defaultGateway6 = {
    #  address = "fe80::a800:42ff:fe7a:3246";
    #  interface = "ens18";
    #};
  };

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
     wget
     vim
     screen
     zsh
     lftp
     # ceph
     lsof
     psmisc
     gitAndTools.git-annex
     gitAndTools.git
     tmux
  ];

  services.ceph = {
      # enable = true;
      client.enable = true;
  };

  services.samba = {
      enable = true;
      enableNmbd = true;
      shares = { 
      xpool = {
        browseable = "yes";
              comment = "Public samba share.";
              # guest ok = "yes";
              path = "/mnt/cephfs/c3d2/files";
              # read only = false;
            };
        };
  };

  # fixme, we need a floating ip here
  # correct is floating ip 172.22.99.21
  # does not exist yet

  # secretfile does not work :(
  
  fileSystems."/mnt/cephfs" = {
    device = "172.22.99.13:6789:/";
    fsType = "ceph";
    options = [ "name=storage2" ("secret=" + (builtins.readFile("/etc/nixos/storage-secret.key"))) "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
  };

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  programs.bash.enableCompletion = true;
  programs.mtr.enable = true;
  # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };

  # List services that you want to enable:

  # Enable the OpenSSH daemon.
  services.openssh.enable = true;

  services.atftpd = {
    enable = true;
    root = "/mnt/cephfs/c3d2/tftp";
  };

  services.nfs.server = {
    enable = true;
#    exports = "/mnt/cephfs/c3d2/dacbert-rootfs dacbert.hq.c3d2.de(rw) *(ro)";
    exports = "/mnt/cephfs/c3d2/dacbert-rootfs *(rw)";
  };


  services.nginx = {
    enable = true;
    #modules = [ pkgs.nginxModules.nixfancyindex ];
    package = pkgs.nginx.override {
      modules = with pkgs.nginxModules; [ fancyindex ];
    };
    virtualHosts = {
      "storage-ng.hq.c3d2.de" = {
        root = "/etc/nixos/www";
        serverAliases = [ "storage" "storage2" "storageng" ];
        http2 = true;
        # addSSL = true;
        locations = {
          "/c3d2" = {
            alias = "/mnt/cephfs/c3d2/files/";
            extraConfig = ''
              fancyindex on;
              # autoindex on;
            '';
          };
        };
      };
    };
  };
  # Open ports in the firewall.
  networking.firewall.allowedTCPPorts = [ 
    23
    80
    443
    137 138 445 139 # samba
   ];
  networking.firewall.allowedUDPPorts = [ 
    69
    137 138 445 139 # samba
   ];
  # Or disable the firewall altogether.
  networking.firewall.enable = false;

  # Enable sound.
  # sound.enable = true;
  # hardware.pulseaudio.enable = true;

  # This value determines the NixOS release with which your system is to be
  # compatible, in order to avoid breaking some software such as database
  # servers. You should change this only after NixOS release notes say you
  # should.
  system.stateVersion = "18.09"; # Did you read the comment?

}