185 lines
4.2 KiB
Nix
185 lines
4.2 KiB
Nix
# Edit this configuration file to define what should be installed on
|
||
# your system. Help is available in the configuration.nix(5) man page
|
||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||
|
||
{ config, pkgs, lib, strings, ... }:
|
||
|
||
{
|
||
imports = [ # Include the results of the hardware scan.
|
||
./hardware-configuration.nix
|
||
../../lib
|
||
../../lib/hq.nix
|
||
../../lib/shared.nix
|
||
../../lib/users.nix
|
||
./ncdc.nix
|
||
../../lib/mpd.nix
|
||
../../lib/default-gateway.nix
|
||
];
|
||
|
||
c3d2 = {
|
||
isInHq = true;
|
||
mapHqHosts = true;
|
||
hq.interface = "ens18";
|
||
};
|
||
|
||
hq.yggdrasil = {
|
||
enable = true;
|
||
interface = "ens18";
|
||
};
|
||
|
||
boot.loader.systemd-boot.enable = true;
|
||
systemd.enableEmergencyMode = false;
|
||
|
||
networking = {
|
||
hostName = "storage-ng";
|
||
# usePredictableInterfacenames = false;
|
||
interfaces.ens18.ipv4.addresses = [{
|
||
address = "172.22.99.20";
|
||
prefixLength = 24;
|
||
}];
|
||
interfaces.ens18.ipv6.addresses = [{
|
||
address = "2a02:8106:208:5201::20";
|
||
prefixLength = 64;
|
||
}];
|
||
|
||
defaultGateway.interface = "ens18";
|
||
|
||
};
|
||
|
||
# List packages installed in system profile. To search, run:
|
||
# $ nix search wget
|
||
environment.systemPackages = with pkgs; [
|
||
wget
|
||
vim
|
||
screen
|
||
zsh
|
||
lftp
|
||
lsof
|
||
psmisc
|
||
gitAndTools.git-annex
|
||
gitAndTools.git
|
||
tmux
|
||
|
||
mpv
|
||
iotop
|
||
];
|
||
|
||
services.ceph = {
|
||
enable = false;
|
||
client.enable = true;
|
||
};
|
||
|
||
# fixme, we need a floating ip here
|
||
# correct is floating ip 172.22.99.21
|
||
# does not exist yet
|
||
|
||
# secretfile does not work :(
|
||
|
||
fileSystems."/mnt/cephfs" = {
|
||
device = "172.22.99.13:6789:/";
|
||
fsType = "ceph";
|
||
options = [
|
||
"name=storage2"
|
||
"secret=AQAvRhxcaCK0IxAAnoe00oiopcpQeKZgL02RWw=="
|
||
"noatime,_netdev"
|
||
"noauto"
|
||
"x-systemd.automount"
|
||
"x-systemd.device-timeout=175"
|
||
"users"
|
||
];
|
||
};
|
||
|
||
# Some programs need SUID wrappers, can be configured further or are
|
||
# started in user sessions.
|
||
programs.bash.enableCompletion = true;
|
||
programs.mtr.enable = true;
|
||
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
|
||
|
||
# List services that you want to enable:
|
||
|
||
# Enable the OpenSSH daemon.
|
||
services.openssh.enable = true;
|
||
|
||
services.atftpd = {
|
||
enable = true;
|
||
root = "/mnt/cephfs/c3d2/tftp";
|
||
};
|
||
|
||
services.nfs.server = {
|
||
enable = true;
|
||
# exports = "/mnt/cephfs/c3d2/dacbert-rootfs dacbert.hq.c3d2.de(rw) *(ro)";
|
||
exports = "/mnt/cephfs/c3d2/dacbert-rootfs *(rw)";
|
||
};
|
||
|
||
services.nginx = {
|
||
enable = true;
|
||
#modules = [ pkgs.nginxModules.nixfancyindex ];
|
||
package =
|
||
pkgs.nginx.override { modules = with pkgs.nginxModules; [ fancyindex ]; };
|
||
virtualHosts = {
|
||
"storage-ng.hq.c3d2.de" = {
|
||
root = "/etc/nixos/www";
|
||
serverAliases = [ "storage" "storage2" "storageng" ];
|
||
http2 = true;
|
||
# addSSL = true;
|
||
locations = {
|
||
"/" = let authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
|
||
in {
|
||
alias = "/mnt/cephfs/c3d2/files/";
|
||
extraConfig = ''
|
||
auth_basic "Chaos";
|
||
auth_basic_user_file ${authFile};
|
||
fancyindex on;
|
||
# autoindex on;
|
||
'';
|
||
};
|
||
};
|
||
};
|
||
};
|
||
};
|
||
|
||
services.samba = {
|
||
enable = false; # samba is garbage
|
||
enableNmbd = true;
|
||
extraConfig = ''
|
||
workgroup = WORKGROUP
|
||
server string = storage
|
||
netbios name = storage
|
||
hosts allow = 172.20 172.22 172.22.99.146
|
||
hosts deny = 0.0.0.0/0
|
||
guest account = k-ot
|
||
map to guest = Bad user
|
||
'';
|
||
shares = {
|
||
c3d2 = {
|
||
path = "/mnt/cephfs/c3d2";
|
||
browseable = "yes";
|
||
"read only" = "no";
|
||
"guest ok" = "yes";
|
||
"create mask" = "0644";
|
||
"directory mask" = "0755";
|
||
"force user" = "k-ot";
|
||
"force group" = "k-ot";
|
||
};
|
||
};
|
||
};
|
||
|
||
/* # Open ports in the firewall.
|
||
networking.firewall.allowedTCPPorts = [
|
||
23
|
||
80
|
||
443
|
||
137 138 445 139 # samba
|
||
];
|
||
networking.firewall.allowedUDPPorts = [
|
||
69
|
||
137 138 445 139 # samba
|
||
];
|
||
*/
|
||
|
||
networking.firewall.enable = false;
|
||
|
||
system.stateVersion = "19.03"; # Did you read the comment?
|
||
|
||
}
|