141 lines
3.1 KiB
Nix
141 lines
3.1 KiB
Nix
{ hostRegistry, config, pkgs, lib, strings, ... }:
|
|
|
|
let
|
|
eth0 = "ens18";
|
|
in
|
|
{
|
|
imports = [
|
|
# Include the results of the hardware scan.
|
|
./hardware-configuration.nix
|
|
./streamdump.nix
|
|
# ../../config
|
|
# ../../config/hq.nix
|
|
# ../../config/shared.nix
|
|
];
|
|
|
|
c3d2 = {
|
|
k-ot.enable = true;
|
|
isInHq = true;
|
|
mergeHostsFile = true;
|
|
hq.interface = eth0;
|
|
mountCeph = "/mnt/cephfs";
|
|
};
|
|
|
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
|
|
|
boot.loader.grub = {
|
|
enable = true;
|
|
version = 2;
|
|
efiSupport = true;
|
|
devices = [ "nodev" ];
|
|
};
|
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
systemd.enableEmergencyMode = false;
|
|
|
|
networking = {
|
|
hostName = "storage-ng";
|
|
# usePredictableInterfacenames = false;
|
|
interfaces."${eth0}" = {
|
|
ipv4.addresses = [{
|
|
address = config.c3d2.hosts.${config.networking.hostName}.ip4;
|
|
prefixLength = 24;
|
|
}];
|
|
ipv6.addresses = [{
|
|
address = config.c3d2.hosts.${config.networking.hostName}.ip6;
|
|
prefixLength = 64;
|
|
}];
|
|
};
|
|
|
|
defaultGateway.address = "172.22.99.4";
|
|
defaultGateway.interface = eth0;
|
|
nameservers = [
|
|
hostRegistry.hosts.dnscache.ip4
|
|
hostRegistry.hosts.dnscache.ip6
|
|
"9.9.9.9"
|
|
];
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
screen
|
|
zsh
|
|
lftp
|
|
lsof
|
|
psmisc
|
|
git-annex
|
|
|
|
mpv
|
|
iotop
|
|
];
|
|
|
|
programs.bash.enableCompletion = true;
|
|
programs.mtr.enable = true;
|
|
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
allowSFTP = true;
|
|
};
|
|
|
|
services.atftpd = {
|
|
enable = true;
|
|
root = "/mnt/cephfs/c3d2/tftp";
|
|
};
|
|
|
|
services.samba = {
|
|
enable = true;
|
|
enableNmbd = true;
|
|
extraConfig = ''
|
|
workgroup = HQ
|
|
server string = storage
|
|
netbios name = storage
|
|
hosts allow = 172.20.0.0/14 127.0.0.0/8 ::1/128 fe80::/64 fd23:42:c3d2:500::/56 2a00:8180:2c00:200::/56
|
|
hosts deny = 0.0.0.0/0
|
|
security = user
|
|
guest account = nobody
|
|
map to guest = bad user
|
|
smb encrypt = required
|
|
ntlm auth = yes
|
|
passdb backend = smbpasswd
|
|
'';
|
|
shares = {
|
|
c3d2 = {
|
|
path = "/mnt/cephfs/c3d2";
|
|
browseable = "yes";
|
|
writable = "yes";
|
|
"valid users" = "k-ot";
|
|
"guest ok" = "no";
|
|
"create mode" = "0666";
|
|
"directory mode" = "0777";
|
|
};
|
|
};
|
|
};
|
|
services.nfs.server = {
|
|
enable = true;
|
|
exports =
|
|
let
|
|
allowed = [
|
|
"172.22.99.0/24"
|
|
"172.20.72.0/21"
|
|
"30c:c3d2:b946:76d0::/64"
|
|
"2a00:8180:2c00:200::/56"
|
|
"fd23:42:c3d2:500::/56"
|
|
];
|
|
opts = lib.concatStringsSep "," [
|
|
"async" "ro" "no_subtree_check" "no_root_squash" "fsid=0"
|
|
];
|
|
in ''
|
|
/mnt/cephfs/c3d2/hosts/rpi-nfsroot ${
|
|
lib.concatMapStringsSep " " (subnet:
|
|
"${subnet}(${opts})"
|
|
) allowed
|
|
}
|
|
'';
|
|
createMountPoints = true;
|
|
};
|
|
|
|
networking.firewall.enable = false;
|
|
|
|
system.stateVersion = "19.03"; # Did you read the comment?
|
|
}
|