test 3 #29

Closed
revol-xut wants to merge 4 commits from storage-ng into master
  1. 2
      host-registry.nix
  2. 41
      hosts/server7/containers/samba/default.nix
  3. 49
      hosts/server7/containers/storage/default.nix
  4. 57
      hosts/storage-ng/configuration.nix

2
host-registry.nix

@ -17,6 +17,7 @@ rec {
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGzWhy2T7avsFf+ZS8R99kah2wPQs7MYWUP+t4VBi28a";
pulsebert.publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG";
samba = { };
storage-ng.publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMeg5ojU7U8+Lx824y+brazVJ007mEJDM7C7aUruOWGP";
@ -57,6 +58,7 @@ rec {
};
server7.publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiDm1b0NubTtcE9NuKrIpEOea5oS/yCW0Ncoaf/w3uy";
storage = { };
};

41
hosts/server7/containers/samba/default.nix

@ -0,0 +1,41 @@
name:
(import ../outer-defaults.nix name) // {
bindMounts."/srv/c3d2" = {
hostPath = "/srv/ceph/c3d2";
isReadOnly = true;
};
config = { config, pkgs, lib, ... }: {
imports = [ ../inner-defaults.nix ];
c3d2.hq.statistics.enable = true;
services.samba = {
enable = true;
enableNmbd = true;
extraConfig = ''
workgroup = WORKGROUP
server string = storage
netbios name = storage
hosts allow = 172.20 172.22 172.22.99.146
hosts deny = 0.0.0.0/0
map to guest = Bad user
'';
shares = {
c3d2 = {
path = "/srv/c3d2";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0644";
"directory mask" = "0755";
};
};
};
networking.firewall.enable = false;
};
}

49
hosts/server7/containers/storage/default.nix

@ -0,0 +1,49 @@
name:
(import ../outer-defaults.nix name) // {
bindMounts."/srv/files" = {
hostPath = "/srv/ceph/c3d2/files";
isReadOnly = true;
};
config = { config, pkgs, lib, ... }: {
imports = [ ../inner-defaults.nix ];
c3d2.hq.statistics.enable = true;
services.nginx = {
enable = true;
package = pkgs.nginx.override {
modules = with pkgs.nginxModules; [ fancyindex ];
};
virtualHosts = {
"storage-ng.hq.c3d2.de".extraConfig = ''
server_name storage-ng.hq.c3d2.de;
return 301 $scheme://storage.hq.c3d2.de$request_uri;
'';
"storage.hq.c3d2.de" = {
default = true;
http2 = true;
# addSSL = true;
locations = {
"/" = let authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
in {
alias = "/srv/files/";
extraConfig = ''
auth_basic "Chaos";
auth_basic_user_file ${authFile};
fancyindex on;
# autoindex on;
'';
};
};
};
};
};
networking.firewall.enable = false;
};
}

57
hosts/storage-ng/configuration.nix

@ -106,69 +106,12 @@ in {
root = "/mnt/cephfs/c3d2/tftp";
};
services.nginx = {
enable = true;
#modules = [ pkgs.nginxModules.nixfancyindex ];
package =
pkgs.nginx.override { modules = with pkgs.nginxModules; [ fancyindex ]; };
virtualHosts = {
"storage-ng.hq.c3d2.de" = {
root = "/etc/nixos/www";
serverAliases = [ "storage" "storage2" "storageng" ];
http2 = true;
# addSSL = true;
locations = {
"/" = let authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
in {
alias = "/mnt/cephfs/c3d2/files/";
extraConfig = ''
auth_basic "Chaos";
auth_basic_user_file ${authFile};
fancyindex on;
# autoindex on;
'';
};
};
};
};
};
services.samba = {
enable = false; # samba is garbage
enableNmbd = true;
extraConfig = ''
workgroup = WORKGROUP
server string = storage
netbios name = storage
hosts allow = 172.20 172.22 172.22.99.146
hosts deny = 0.0.0.0/0
guest account = k-ot
map to guest = Bad user
'';
shares = {
c3d2 = {
path = "/mnt/cephfs/c3d2";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "k-ot";
"force group" = "k-ot";
};
};
};
/* # Open ports in the firewall.
networking.firewall.allowedTCPPorts = [
23
80
443
137 138 445 139 # samba
];
networking.firewall.allowedUDPPorts = [
69
137 138 445 139 # samba
];
*/

Loading…
Cancel
Save