2019-07-02 21:11:32 +02:00
|
|
|
|
# Edit this configuration file to define what should be installed on
|
|
|
|
|
# your system. Help is available in the configuration.nix(5) man page
|
|
|
|
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
|
|
|
|
|
|
|
|
|
{ config, pkgs, lib, strings, ... }:
|
|
|
|
|
|
2020-01-26 12:22:10 +01:00
|
|
|
|
let eth0 = "ens18";
|
|
|
|
|
in {
|
2019-12-03 20:04:13 +01:00
|
|
|
|
imports = [ # Include the results of the hardware scan.
|
|
|
|
|
./hardware-configuration.nix
|
|
|
|
|
../../lib
|
|
|
|
|
../../lib/hq.nix
|
|
|
|
|
../../lib/shared.nix
|
|
|
|
|
../../lib/users.nix
|
|
|
|
|
./ncdc.nix
|
|
|
|
|
../../lib/default-gateway.nix
|
2020-01-26 12:22:10 +01:00
|
|
|
|
../../lib/emery.nix
|
2019-12-03 20:04:13 +01:00
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
c3d2 = {
|
|
|
|
|
isInHq = true;
|
|
|
|
|
mapHqHosts = true;
|
2020-01-26 12:22:10 +01:00
|
|
|
|
hq.interface = eth0;
|
2019-12-03 20:04:13 +01:00
|
|
|
|
};
|
2019-07-02 21:11:32 +02:00
|
|
|
|
|
2019-12-03 20:01:40 +01:00
|
|
|
|
hq.yggdrasil = {
|
|
|
|
|
enable = true;
|
2020-01-26 12:22:10 +01:00
|
|
|
|
interface = eth0;
|
2019-12-03 17:03:48 +01:00
|
|
|
|
};
|
|
|
|
|
|
2019-07-02 21:11:32 +02:00
|
|
|
|
boot.loader.systemd-boot.enable = true;
|
2019-12-03 20:04:13 +01:00
|
|
|
|
systemd.enableEmergencyMode = false;
|
2019-07-02 21:11:32 +02:00
|
|
|
|
|
|
|
|
|
networking = {
|
|
|
|
|
hostName = "storage-ng";
|
|
|
|
|
# usePredictableInterfacenames = false;
|
2020-01-26 12:22:10 +01:00
|
|
|
|
interfaces.${eth0} = {
|
|
|
|
|
ipv4.addresses = [{
|
2019-12-03 20:04:13 +01:00
|
|
|
|
address = "172.22.99.20";
|
|
|
|
|
prefixLength = 24;
|
2019-07-02 21:11:32 +02:00
|
|
|
|
}];
|
2020-01-26 12:22:10 +01:00
|
|
|
|
ipv6.addresses = [{
|
2019-12-03 20:04:13 +01:00
|
|
|
|
address = "2a02:8106:208:5201::20";
|
|
|
|
|
prefixLength = 64;
|
2019-07-02 21:11:32 +02:00
|
|
|
|
}];
|
2020-01-26 12:22:10 +01:00
|
|
|
|
};
|
2019-07-02 21:11:32 +02:00
|
|
|
|
|
2020-01-26 12:22:10 +01:00
|
|
|
|
defaultGateway.interface = eth0;
|
2019-07-02 21:11:32 +02:00
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# List packages installed in system profile. To search, run:
|
|
|
|
|
# $ nix search wget
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
2019-12-03 20:04:13 +01:00
|
|
|
|
wget
|
|
|
|
|
vim
|
|
|
|
|
screen
|
|
|
|
|
zsh
|
|
|
|
|
lftp
|
|
|
|
|
lsof
|
|
|
|
|
psmisc
|
|
|
|
|
gitAndTools.git-annex
|
|
|
|
|
gitAndTools.git
|
|
|
|
|
tmux
|
|
|
|
|
|
|
|
|
|
mpv
|
|
|
|
|
iotop
|
2019-07-02 21:11:32 +02:00
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
services.ceph = {
|
2019-12-03 20:04:13 +01:00
|
|
|
|
enable = false;
|
|
|
|
|
client.enable = true;
|
2019-07-02 21:11:32 +02:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# fixme, we need a floating ip here
|
|
|
|
|
# correct is floating ip 172.22.99.21
|
|
|
|
|
# does not exist yet
|
|
|
|
|
|
|
|
|
|
# secretfile does not work :(
|
2019-12-03 20:04:13 +01:00
|
|
|
|
|
2019-07-02 21:11:32 +02:00
|
|
|
|
fileSystems."/mnt/cephfs" = {
|
|
|
|
|
device = "172.22.99.13:6789:/";
|
|
|
|
|
fsType = "ceph";
|
2019-12-03 20:04:13 +01:00
|
|
|
|
options = [
|
|
|
|
|
"name=storage2"
|
|
|
|
|
"secret=AQAvRhxcaCK0IxAAnoe00oiopcpQeKZgL02RWw=="
|
|
|
|
|
"noatime,_netdev"
|
|
|
|
|
"noauto"
|
|
|
|
|
"x-systemd.automount"
|
|
|
|
|
"x-systemd.device-timeout=175"
|
|
|
|
|
"users"
|
|
|
|
|
];
|
2019-07-02 21:11:32 +02:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Some programs need SUID wrappers, can be configured further or are
|
|
|
|
|
# started in user sessions.
|
|
|
|
|
programs.bash.enableCompletion = true;
|
|
|
|
|
programs.mtr.enable = true;
|
|
|
|
|
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
|
|
|
|
|
|
|
|
|
|
# List services that you want to enable:
|
|
|
|
|
|
|
|
|
|
# Enable the OpenSSH daemon.
|
|
|
|
|
services.openssh.enable = true;
|
|
|
|
|
|
|
|
|
|
services.atftpd = {
|
|
|
|
|
enable = true;
|
|
|
|
|
root = "/mnt/cephfs/c3d2/tftp";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.nfs.server = {
|
|
|
|
|
enable = true;
|
2019-12-03 20:04:13 +01:00
|
|
|
|
# exports = "/mnt/cephfs/c3d2/dacbert-rootfs dacbert.hq.c3d2.de(rw) *(ro)";
|
2019-07-02 21:11:32 +02:00
|
|
|
|
exports = "/mnt/cephfs/c3d2/dacbert-rootfs *(rw)";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.nginx = {
|
|
|
|
|
enable = true;
|
|
|
|
|
#modules = [ pkgs.nginxModules.nixfancyindex ];
|
2019-12-03 20:04:13 +01:00
|
|
|
|
package =
|
|
|
|
|
pkgs.nginx.override { modules = with pkgs.nginxModules; [ fancyindex ]; };
|
2019-07-02 21:11:32 +02:00
|
|
|
|
virtualHosts = {
|
|
|
|
|
"storage-ng.hq.c3d2.de" = {
|
|
|
|
|
root = "/etc/nixos/www";
|
|
|
|
|
serverAliases = [ "storage" "storage2" "storageng" ];
|
|
|
|
|
http2 = true;
|
|
|
|
|
# addSSL = true;
|
|
|
|
|
locations = {
|
2019-12-03 20:04:13 +01:00
|
|
|
|
"/" = let authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
|
|
|
|
|
in {
|
|
|
|
|
alias = "/mnt/cephfs/c3d2/files/";
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
auth_basic "Chaos";
|
|
|
|
|
auth_basic_user_file ${authFile};
|
|
|
|
|
fancyindex on;
|
|
|
|
|
# autoindex on;
|
|
|
|
|
'';
|
|
|
|
|
};
|
2019-07-02 21:11:32 +02:00
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2019-12-03 20:01:40 +01:00
|
|
|
|
|
|
|
|
|
services.samba = {
|
|
|
|
|
enable = false; # samba is garbage
|
|
|
|
|
enableNmbd = true;
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
workgroup = WORKGROUP
|
|
|
|
|
server string = storage
|
|
|
|
|
netbios name = storage
|
|
|
|
|
hosts allow = 172.20 172.22 172.22.99.146
|
|
|
|
|
hosts deny = 0.0.0.0/0
|
|
|
|
|
guest account = k-ot
|
|
|
|
|
map to guest = Bad user
|
|
|
|
|
'';
|
|
|
|
|
shares = {
|
|
|
|
|
c3d2 = {
|
|
|
|
|
path = "/mnt/cephfs/c3d2";
|
|
|
|
|
browseable = "yes";
|
|
|
|
|
"read only" = "no";
|
|
|
|
|
"guest ok" = "yes";
|
|
|
|
|
"create mask" = "0644";
|
|
|
|
|
"directory mask" = "0755";
|
|
|
|
|
"force user" = "k-ot";
|
|
|
|
|
"force group" = "k-ot";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2019-12-03 20:04:13 +01:00
|
|
|
|
/* # Open ports in the firewall.
|
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
|
|
|
23
|
|
|
|
|
80
|
|
|
|
|
443
|
|
|
|
|
137 138 445 139 # samba
|
|
|
|
|
];
|
|
|
|
|
networking.firewall.allowedUDPPorts = [
|
|
|
|
|
69
|
|
|
|
|
137 138 445 139 # samba
|
|
|
|
|
];
|
|
|
|
|
*/
|
2019-07-02 21:11:32 +02:00
|
|
|
|
|
2019-12-03 20:04:13 +01:00
|
|
|
|
networking.firewall.enable = false;
|
2019-07-02 21:11:32 +02:00
|
|
|
|
|
2019-07-04 00:31:45 +02:00
|
|
|
|
system.stateVersion = "19.03"; # Did you read the comment?
|
2019-07-02 21:11:32 +02:00
|
|
|
|
|
|
|
|
|
}
|