119 lines
2.6 KiB
Nix
119 lines
2.6 KiB
Nix
{ hostRegistry, config, pkgs, lib, strings, ... }:
|
|
|
|
let
|
|
eth0 = "ens18";
|
|
in
|
|
{
|
|
imports = [
|
|
# Include the results of the hardware scan.
|
|
./hardware-configuration.nix
|
|
./streamdump.nix
|
|
# ../../config
|
|
# ../../config/hq.nix
|
|
# ../../config/shared.nix
|
|
];
|
|
|
|
c3d2 = {
|
|
k-ot.enable = true;
|
|
isInHq = true;
|
|
mergeHostsFile = true;
|
|
hq.interface = eth0;
|
|
mountCeph = "/mnt/cephfs";
|
|
};
|
|
|
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
|
|
|
boot.loader.grub = {
|
|
enable = true;
|
|
version = 2;
|
|
efiSupport = true;
|
|
devices = [ "nodev" ];
|
|
};
|
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
systemd.enableEmergencyMode = false;
|
|
|
|
networking = {
|
|
hostName = "storage-ng";
|
|
# usePredictableInterfacenames = false;
|
|
interfaces."${eth0}" = {
|
|
ipv4.addresses = [{
|
|
address = config.c3d2.hosts.${config.networking.hostName}.ip4;
|
|
prefixLength = 24;
|
|
}];
|
|
ipv6.addresses = [{
|
|
address = config.c3d2.hosts.${config.networking.hostName}.ip6;
|
|
prefixLength = 64;
|
|
}];
|
|
};
|
|
|
|
defaultGateway.address = "172.22.99.4";
|
|
defaultGateway.interface = eth0;
|
|
nameservers = [
|
|
hostRegistry.hosts.dnscache.ip4
|
|
hostRegistry.hosts.dnscache.ip6
|
|
"9.9.9.9"
|
|
];
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
screen
|
|
zsh
|
|
lftp
|
|
lsof
|
|
psmisc
|
|
git-annex
|
|
|
|
mpv
|
|
iotop
|
|
];
|
|
|
|
programs.bash.enableCompletion = true;
|
|
programs.mtr.enable = true;
|
|
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
allowSFTP = true;
|
|
};
|
|
|
|
services.atftpd = {
|
|
enable = true;
|
|
root = "/mnt/cephfs/c3d2/tftp";
|
|
};
|
|
|
|
services.samba = {
|
|
enable = true;
|
|
enableNmbd = true;
|
|
extraConfig = ''
|
|
workgroup = HQ
|
|
server string = storage
|
|
netbios name = storage
|
|
hosts allow = 172.20.0.0/14 127.0.0.0/8 ::1/128 fe80::/64 fd23:42:c3d2:500::/56 2a00:8180:2c00:200::/56
|
|
hosts deny = 0.0.0.0/0
|
|
security = user
|
|
guest account = nobody
|
|
map to guest = bad user
|
|
smb encrypt = required
|
|
ntlm auth = yes
|
|
passdb backend = smbpasswd
|
|
server smb encrypt = desired
|
|
'';
|
|
shares = {
|
|
c3d2 = {
|
|
path = "/mnt/cephfs/c3d2";
|
|
browseable = "yes";
|
|
writable = "yes";
|
|
"valid users" = "k-ot";
|
|
"guest ok" = "no";
|
|
"create mode" = "0666";
|
|
"directory mode" = "0777";
|
|
};
|
|
};
|
|
};
|
|
|
|
networking.firewall.enable = false;
|
|
|
|
system.stateVersion = "19.03"; # Did you read the comment?
|
|
}
|