diff --git a/common.nix b/common.nix new file mode 100644 index 00000000..98701d1d --- /dev/null +++ b/common.nix @@ -0,0 +1,12 @@ +{ config, pkgs, ... }: + +{ + time.timeZone = "Europe/Berlin"; + + networking = { + domain = "hq.c3d2.de"; + defaultGateway.address = "172.22.99.1"; + nameservers = [ "172.20.72.6" "9.9.9.9" "74.82.42.42" ]; + }; + +} diff --git a/hosts/storage-ng/configuration.nix b/hosts/storage-ng/configuration.nix new file mode 100644 index 00000000..96cb9ac7 --- /dev/null +++ b/hosts/storage-ng/configuration.nix @@ -0,0 +1,176 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, lib, strings, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ../../common.nix + ../../users.nix + #./ncdc.nix + ../../mpd.nix + ]; + + boot.loader.systemd-boot.enable = true; + systemd = { + enableEmergencyMode = false; + }; + # Use the GRUB 2 boot loader. + #boot.loader.grub.enable = true; + #boot.loader.grub.version = 2; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; + # Define on which hard drive you want to install Grub. + #boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only + + # networking = { + # hostName = "storage2"; + # interfaces.ens18.ipv4.addresses = [{ + # address = "172.22.99.20"; + # prefixLength = 24; + # }]; + # }; + + networking = { + hostName = "storage-ng"; + # usePredictableInterfacenames = false; + interfaces.ens18.ipv4.addresses = [{ + address = "172.22.99.20"; + prefixLength = 24; + }]; + interfaces.ens18.ipv6.addresses = [{ + address= "2a02:8106:208:5201::20"; + prefixLength = 64; + }]; + + defaultGateway.interface = "ens18"; + + #defaultGateway6 = { + # address = "fe80::a800:42ff:fe7a:3246"; + # interface = "ens18"; + #}; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + wget + vim + screen + zsh + lftp + # ceph + lsof + psmisc + gitAndTools.git-annex + gitAndTools.git + tmux + ]; + + services.ceph = { + # enable = true; + client.enable = true; + }; + + services.samba = { + enable = true; + enableNmbd = true; + shares = { + xpool = { + browseable = "yes"; + comment = "Public samba share."; + # guest ok = "yes"; + path = "/mnt/cephfs/c3d2/files"; + # read only = false; + }; + }; + }; + + # fixme, we need a floating ip here + # correct is floating ip 172.22.99.21 + # does not exist yet + + # secretfile does not work :( + + fileSystems."/mnt/cephfs" = { + device = "172.22.99.13:6789:/"; + fsType = "ceph"; + options = [ "name=storage2" ("secret=" + (builtins.readFile("/etc/nixos/storage-secret.key"))) "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ]; + }; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + programs.bash.enableCompletion = true; + programs.mtr.enable = true; + # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + services.atftpd = { + enable = true; + root = "/mnt/cephfs/c3d2/tftp"; + }; + + services.nfs.server = { + enable = true; +# exports = "/mnt/cephfs/c3d2/dacbert-rootfs dacbert.hq.c3d2.de(rw) *(ro)"; + exports = "/mnt/cephfs/c3d2/dacbert-rootfs *(rw)"; + }; + + + services.nginx = { + enable = true; + #modules = [ pkgs.nginxModules.nixfancyindex ]; + package = pkgs.nginx.override { + modules = with pkgs.nginxModules; [ fancyindex ]; + }; + virtualHosts = { + "storage-ng.hq.c3d2.de" = { + root = "/etc/nixos/www"; + serverAliases = [ "storage" "storage2" "storageng" ]; + http2 = true; + # addSSL = true; + locations = { + "/c3d2" = { + alias = "/mnt/cephfs/c3d2/files/"; + extraConfig = '' + fancyindex on; + # autoindex on; + ''; + }; + }; + }; + }; + }; + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [ + 23 + 80 + 443 + 137 138 445 139 # samba + ]; + networking.firewall.allowedUDPPorts = [ + 69 + 137 138 445 139 # samba + ]; + # Or disable the firewall altogether. + networking.firewall.enable = false; + + # Enable sound. + # sound.enable = true; + # hardware.pulseaudio.enable = true; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "18.09"; # Did you read the comment? + +} diff --git a/hosts/storage-ng/hardware-configuration.nix b/hosts/storage-ng/hardware-configuration.nix new file mode 100644 index 00000000..6ed6e0b6 --- /dev/null +++ b/hosts/storage-ng/hardware-configuration.nix @@ -0,0 +1,30 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/dcaea9ca-4aeb-441f-a0d6-7f31c8f16a2a"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/5C15-758A"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/68aade1c-47b6-403e-8f2f-21909d55044a"; } + ]; + + nix.maxJobs = lib.mkDefault 4; +} diff --git a/hosts/storage-ng/ncdc.nix b/hosts/storage-ng/ncdc.nix new file mode 100644 index 00000000..193ba3b5 --- /dev/null +++ b/hosts/storage-ng/ncdc.nix @@ -0,0 +1,18 @@ +{ config, pkgs, lib, ... }: + +let + ncdcPort = 1512; +in +{ + users.users.ncdc = + { isNormalUser = true; + uid = ncdcPort; + openssh.authorizedKeys.keys = + config.users.users.k-ot.openssh.authorizedKeys.keys; + password = "k-ot"; + packages = [ pkgs.tmux pkgs.ncdc ]; + }; + networking.firewall.allowedTCPPorts = [ ncdcPort ]; + networking.firewall.allowedUDPPorts = [ ncdcPort ]; +} + diff --git a/mpd.nix b/mpd.nix new file mode 100644 index 00000000..55674d29 --- /dev/null +++ b/mpd.nix @@ -0,0 +1,28 @@ +{ config, pkgs, lib, ... }: + +let + hostMpd = if config.networking.hostName == "storage-ng" then + { + musicDirectory = "/mnt/cephfs/c3d2/rpool/Music"; + } + else + { + dbFile = null; + musicDirectory = "/mnt/storage/Music"; + extraConfig = '' + database { + plugin "proxy" + host "172.22.99.20" + } + ''; + }; +in +{ + services.mpd = (hostMpd // { + enable=true; + network.listenAddress = "any"; + }); + + networking.firewall.allowedTCPPorts = + [ config.mpd.network.port ]; +} diff --git a/users.nix b/users.nix new file mode 100644 index 00000000..818432e5 --- /dev/null +++ b/users.nix @@ -0,0 +1,13 @@ +{ pkgs, ... }: + +{ + users.users.k-ot = { + packages = with pkgs; + [ screen tmux ]; + createHome = true; + isNormalUser = true; + uid = 1000; + extraGroups = [ "wheel" "audio" ]; + password = "k-otk-ot"; + }; +}