diff --git a/hosts/storage-ng/configuration.nix b/hosts/storage-ng/configuration.nix index 747a322c..482eab14 100644 --- a/hosts/storage-ng/configuration.nix +++ b/hosts/storage-ng/configuration.nix @@ -5,17 +5,22 @@ { config, pkgs, lib, strings, ... }: { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ../../lib/hq.nix - ../../lib/shared.nix - ../../lib/users.nix - ./ncdc.nix - #./jellyfin.nix - ../../lib/mpd.nix - ../../lib/default-gateway.nix - ]; + imports = [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ../../lib + ../../lib/hq.nix + ../../lib/shared.nix + ../../lib/users.nix + ./ncdc.nix + ../../lib/mpd.nix + ../../lib/default-gateway.nix + ]; + + c3d2 = { + isInHq = true; + mapHqHosts = true; + hq.interface = "ens18"; + }; hq.yggdrasil = { enable = true; @@ -23,68 +28,45 @@ }; boot.loader.systemd-boot.enable = true; - systemd = { - enableEmergencyMode = false; - }; - # Use the GRUB 2 boot loader. - #boot.loader.grub.enable = true; - #boot.loader.grub.version = 2; - # boot.loader.grub.efiSupport = true; - # boot.loader.grub.efiInstallAsRemovable = true; - # boot.loader.efi.efiSysMountPoint = "/boot/efi"; - # Define on which hard drive you want to install Grub. - #boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only - - # networking = { - # hostName = "storage2"; - # interfaces.ens18.ipv4.addresses = [{ - # address = "172.22.99.20"; - # prefixLength = 24; - # }]; - # }; + systemd.enableEmergencyMode = false; networking = { hostName = "storage-ng"; # usePredictableInterfacenames = false; interfaces.ens18.ipv4.addresses = [{ - address = "172.22.99.20"; - prefixLength = 24; + address = "172.22.99.20"; + prefixLength = 24; }]; interfaces.ens18.ipv6.addresses = [{ - address= "2a02:8106:208:5201::20"; - prefixLength = 64; + address = "2a02:8106:208:5201::20"; + prefixLength = 64; }]; defaultGateway.interface = "ens18"; - #defaultGateway6 = { - # address = "fe80::a800:42ff:fe7a:3246"; - # interface = "ens18"; - #}; }; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ - wget - vim - screen - zsh - lftp - # ceph - lsof - psmisc - gitAndTools.git-annex - gitAndTools.git - tmux + wget + vim + screen + zsh + lftp + lsof + psmisc + gitAndTools.git-annex + gitAndTools.git + tmux - mpv - iotop + mpv + iotop ]; services.ceph = { - # enable = true; - client.enable = true; + enable = false; + client.enable = true; }; # fixme, we need a floating ip here @@ -92,11 +74,19 @@ # does not exist yet # secretfile does not work :( - + fileSystems."/mnt/cephfs" = { device = "172.22.99.13:6789:/"; fsType = "ceph"; - options = [ "name=storage2" "secret=AQAvRhxcaCK0IxAAnoe00oiopcpQeKZgL02RWw==" "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ]; + options = [ + "name=storage2" + "secret=AQAvRhxcaCK0IxAAnoe00oiopcpQeKZgL02RWw==" + "noatime,_netdev" + "noauto" + "x-systemd.automount" + "x-systemd.device-timeout=175" + "users" + ]; }; # Some programs need SUID wrappers, can be configured further or are @@ -117,17 +107,15 @@ services.nfs.server = { enable = true; -# exports = "/mnt/cephfs/c3d2/dacbert-rootfs dacbert.hq.c3d2.de(rw) *(ro)"; + # exports = "/mnt/cephfs/c3d2/dacbert-rootfs dacbert.hq.c3d2.de(rw) *(ro)"; exports = "/mnt/cephfs/c3d2/dacbert-rootfs *(rw)"; }; - services.nginx = { enable = true; #modules = [ pkgs.nginxModules.nixfancyindex ]; - package = pkgs.nginx.override { - modules = with pkgs.nginxModules; [ fancyindex ]; - }; + package = + pkgs.nginx.override { modules = with pkgs.nginxModules; [ fancyindex ]; }; virtualHosts = { "storage-ng.hq.c3d2.de" = { root = "/etc/nixos/www"; @@ -135,18 +123,16 @@ http2 = true; # addSSL = true; locations = { - "/" = - let - authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY"; - in { - alias = "/mnt/cephfs/c3d2/files/"; - extraConfig = '' - auth_basic "Chaos"; - auth_basic_user_file ${authFile}; - fancyindex on; - # autoindex on; - ''; - }; + "/" = let authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY"; + in { + alias = "/mnt/cephfs/c3d2/files/"; + extraConfig = '' + auth_basic "Chaos"; + auth_basic_user_file ${authFile}; + fancyindex on; + # autoindex on; + ''; + }; }; }; }; @@ -178,29 +164,21 @@ }; }; - # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ - 23 - 80 - 443 - 137 138 445 139 # samba - ]; - networking.firewall.allowedUDPPorts = [ - 69 - 137 138 445 139 # samba - ]; + /* # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [ + 23 + 80 + 443 + 137 138 445 139 # samba + ]; + networking.firewall.allowedUDPPorts = [ + 69 + 137 138 445 139 # samba + ]; + */ - # Or disable the firewall altogether. networking.firewall.enable = false; - # Enable sound. - # sound.enable = true; - # hardware.pulseaudio.enable = true; - - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. system.stateVersion = "19.03"; # Did you read the comment? }