From 96d5d6bdb7321f43f1607aaab61586544fedc67a Mon Sep 17 00:00:00 2001
From: Emery Hemingway <ehmry@posteo.net>
Date: Tue, 3 Dec 2019 20:01:40 +0100
Subject: [PATCH] Take storage-ng configuration from the host

---
 hosts/storage-ng/configuration.nix | 72 +++++++++++++++++++-----------
 1 file changed, 45 insertions(+), 27 deletions(-)

diff --git a/hosts/storage-ng/configuration.nix b/hosts/storage-ng/configuration.nix
index 450606e2..747a322c 100644
--- a/hosts/storage-ng/configuration.nix
+++ b/hosts/storage-ng/configuration.nix
@@ -8,19 +8,18 @@
   imports =
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
-      ../../lib
       ../../lib/hq.nix
       ../../lib/shared.nix
       ../../lib/users.nix
       ./ncdc.nix
+      #./jellyfin.nix
       ../../lib/mpd.nix
       ../../lib/default-gateway.nix
     ];
 
-  c3d2 = {
-    isInHq = true;
-    mapHqHosts = true;
-    hq.interface = "eth0";
+  hq.yggdrasil = {
+    enable = true;
+    interface = "ens18";
   };
 
   boot.loader.systemd-boot.enable = true;
@@ -88,20 +87,6 @@
       client.enable = true;
   };
 
-  services.samba = {
-      enable = true;
-      enableNmbd = true;
-      shares = { 
-      xpool = {
-        browseable = "yes";
-              comment = "Public samba share.";
-              # guest ok = "yes";
-              path = "/mnt/cephfs/c3d2/files";
-              # read only = false;
-            };
-        };
-  };
-
   # fixme, we need a floating ip here
   # correct is floating ip 172.22.99.21
   # does not exist yet
@@ -111,7 +96,7 @@
   fileSystems."/mnt/cephfs" = {
     device = "172.22.99.13:6789:/";
     fsType = "ceph";
-    options = [ "name=storage2" ("secret=" + (import ../../secrets/hosts/storage-ng/storage-secret.nix)) "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
+    options = [ "name=storage2" "secret=AQAvRhxcaCK0IxAAnoe00oiopcpQeKZgL02RWw=="  "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
   };
 
   # Some programs need SUID wrappers, can be configured further or are
@@ -150,17 +135,49 @@
         http2 = true;
         # addSSL = true;
         locations = {
-          "/c3d2" = {
-            alias = "/mnt/cephfs/c3d2/files/";
-            extraConfig = ''
-              fancyindex on;
-              # autoindex on;
-            '';
-          };
+          "/" =
+	    let
+	      authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
+	    in {
+              alias = "/mnt/cephfs/c3d2/files/";
+              extraConfig = ''
+		auth_basic "Chaos";
+		auth_basic_user_file ${authFile};
+                fancyindex on;
+                # autoindex on;
+              '';
+            };
         };
       };
     };
   };
+
+  services.samba = {
+    enable = false; # samba is garbage
+    enableNmbd = true;
+    extraConfig = ''
+      workgroup = WORKGROUP
+      server string = storage
+      netbios name = storage
+      hosts allow = 172.20 172.22 172.22.99.146
+      hosts deny = 0.0.0.0/0
+      guest account = k-ot
+      map to guest = Bad user
+    '';
+    shares = {
+      c3d2 = {
+        path = "/mnt/cephfs/c3d2";
+        browseable = "yes";
+        "read only" = "no";
+        "guest ok" = "yes";
+        "create mask" = "0644";
+        "directory mask" = "0755";
+        "force user" = "k-ot";
+        "force group" = "k-ot";
+      };
+    };
+  };
+
   # Open ports in the firewall.
   networking.firewall.allowedTCPPorts = [ 
     23
@@ -172,6 +189,7 @@
     69
     137 138 445 139 # samba
    ];
+
   # Or disable the firewall altogether.
   networking.firewall.enable = false;