nix-config/hosts/storage-ng/default.nix

{ hostRegistry, config, pkgs, lib, strings, ... }:

let
  eth0 = "ens18";
in
{
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
    # ../../lib
    # ../../lib/hq.nix
    # ../../lib/shared.nix
  ];

  c3d2 = {
    users.k-ot = true;
    isInHq = true;
    mapHqHosts = true;
    hq.interface = eth0;
  };

  boot.loader.grub = {
    enable = true;
    version = 2;
    efiSupport = true;
    devices = [ "nodev" ];
  };
  boot.loader.efi.canTouchEfiVariables = true;
  systemd.enableEmergencyMode = false;

  networking = {
    hostName = "storage-ng";
    # usePredictableInterfacenames = false;
    interfaces."${eth0}" = {
      ipv4.addresses = [{
        address = hostRegistry.hosts.${config.networking.hostName}.ip4;
        prefixLength = 24;
      }];
      ipv6.addresses = [{
        address = hostRegistry.hosts.${config.networking.hostName}.ip6;
        prefixLength = 64;
      }];
    };

    defaultGateway.address = "172.22.99.4";
    defaultGateway.interface = eth0;
  };

  environment.systemPackages = with pkgs; [
    screen
    zsh
    lftp
    lsof
    psmisc
    git-annex

    mpv
    iotop
  ];

  services.ceph = {
    enable = false;
    client.enable = true;
  };

  # fixme, we need a floating ip here
  # correct is floating ip 172.22.99.21
  # does not exist yet
  # TODO: where, exactly?

  # secretfile does not work :(
  fileSystems."/mnt/cephfs" = {
    device = "172.22.99.13:6789:/";
    fsType = "ceph";
    options = [
      "name=storage2"
      "secret=AQAvRhxcaCK0IxAAnoe00oiopcpQeKZgL02RWw=="
      "noatime,_netdev"
      "noauto"
      "x-systemd.automount"
      "x-systemd.device-timeout=175"
      "users"
    ];
  };

  programs.bash.enableCompletion = true;
  programs.mtr.enable = true;
  # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };

  services.openssh = {
    enable = true;
    allowSFTP = true;
  };

  services.atftpd = {
    enable = true;
    root = "/mnt/cephfs/c3d2/tftp";
  };

  /* # Open ports in the firewall.
    networking.firewall.allowedTCPPorts = [
    23
    ];
    networking.firewall.allowedUDPPorts = [
    69
    ];
  */

  networking.firewall.enable = false;

  system.stateVersion = "19.03"; # Did you read the comment?
}