ljkasdljkasdljk
This commit is contained in:
parent
d73b1f10c4
commit
0c5dbe2fd1
|
@ -24,6 +24,7 @@
|
||||||
../../profiles/mounts/freon-nfs.nix
|
../../profiles/mounts/freon-nfs.nix
|
||||||
../../profiles/mounts/reidun-nfs.nix
|
../../profiles/mounts/reidun-nfs.nix
|
||||||
../../profiles/mounts/meconium-nfs.nix
|
../../profiles/mounts/meconium-nfs.nix
|
||||||
|
../../profiles/mounts/fridge-nfs.nix
|
||||||
|
|
||||||
../../profiles/shell/base.nix
|
../../profiles/shell/base.nix
|
||||||
../../profiles/shell/archives.nix
|
../../profiles/shell/archives.nix
|
||||||
|
|
|
@ -19,6 +19,7 @@
|
||||||
../../profiles/mounts/freon-nfs.nix
|
../../profiles/mounts/freon-nfs.nix
|
||||||
../../profiles/mounts/reidun-nfs.nix
|
../../profiles/mounts/reidun-nfs.nix
|
||||||
../../profiles/mounts/meconium-zfs.nix
|
../../profiles/mounts/meconium-zfs.nix
|
||||||
|
../../profiles/mounts/fridge-nfs.nix
|
||||||
|
|
||||||
../../profiles/shell/base.nix
|
../../profiles/shell/base.nix
|
||||||
../../profiles/shell/archives.nix
|
../../profiles/shell/archives.nix
|
||||||
|
|
|
@ -28,7 +28,8 @@
|
||||||
#services.zfs.trim.enable = true;
|
#services.zfs.trim.enable = true;
|
||||||
|
|
||||||
# the `sharenfs` property generates /etc/exports.d/zfs.exports file, automatically processed by NFS
|
# the `sharenfs` property generates /etc/exports.d/zfs.exports file, automatically processed by NFS
|
||||||
# # zfs set sharenfs="-maproot=0:0 -network=192.168.1.0/24" Meconium
|
# # zfs set sharenfs="-maproot=0:0 -network=192.168.1.0/24" Reidun
|
||||||
# # zfs set sharenfs="ro=192.168.1.0/24,all_squash,anonuid=70,anongid=70" Meconium
|
# # zfs set sharenfs="ro=192.168.1.0/24,all_squash,anonuid=70,anongid=70" Meconium
|
||||||
|
# # zfs set sharenfs="rw=192.168.1.0/24" Meconium
|
||||||
services.nfs.server.enable = lib.mkDefault true;
|
services.nfs.server.enable = lib.mkDefault true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,119 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
{
|
||||||
|
#boot.kernelParams = [ "nfs.nfs4_disable_idmapping=0" "nfsd.nfs4_disable_idmapping=0" ];
|
||||||
|
|
||||||
|
# TODO: wg-common.nix
|
||||||
|
|
||||||
|
#wireguard fyrkat client
|
||||||
|
# https://nixos.wiki/wiki/WireGuard
|
||||||
|
networking.firewall.allowedUDPPorts = [ config.networking.wireguard.interfaces."wg0".listenPort ];
|
||||||
|
networking.wireguard.interfaces."wg0" = {
|
||||||
|
ips = [ "172.22.48.3/24" ];
|
||||||
|
listenPort = 51820; # (random is default)
|
||||||
|
generatePrivateKeyFile = true;
|
||||||
|
privateKeyFile = "/var/lib/wg/wireguard_key";
|
||||||
|
|
||||||
|
peers = [
|
||||||
|
{
|
||||||
|
# get your pubkey to give to fyrkat with `wg pubkey </var/lib/wg/wireguard_key`
|
||||||
|
publicKey = "AbXutGF+GZ/3o3iyHJNQEuSEFpGbfnUb9gMfUHggkVM=";
|
||||||
|
endpoint = "fridge.fyrkat.no:51820";
|
||||||
|
|
||||||
|
# Forward all the traffic via VPN.
|
||||||
|
allowedIPs = [
|
||||||
|
"172.22.48.0/24" # fyrkat wg subnet
|
||||||
|
"10.48.0.0/16" # fyrkat subnet
|
||||||
|
];
|
||||||
|
|
||||||
|
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
users.users.wireguard.group = "writeguard";
|
||||||
|
users.groups.writeguard = {};
|
||||||
|
users.users.wireguard.isSystemUser = true;
|
||||||
|
users.users.wireguard.createHome = true;
|
||||||
|
users.users.wireguard.home = "/var/lib/wg";
|
||||||
|
|
||||||
|
fileSystems = let
|
||||||
|
mkMount = mountpoint: server: subdir: {
|
||||||
|
"${mountpoint}${subdir}" = {
|
||||||
|
device = "${server}${subdir}";
|
||||||
|
fsType = "nfs";
|
||||||
|
#options = [ "nfsvers=4.2" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
# TODO: combine nameValuePair and listToAttrs
|
||||||
|
joinSets = sets: builtins.foldl' (l: r: l // r) {} sets;
|
||||||
|
in joinSets (
|
||||||
|
# TODO: space in dirname is not supported
|
||||||
|
(map (mkMount "/mnt/fridgepool" "10.48.101.252:/pub") [
|
||||||
|
# zfs list -rHo mountpoint,sharenfs fridpool/pub | grep ro= | cut -f1
|
||||||
|
""
|
||||||
|
"/ebook"
|
||||||
|
#"/games" # not mounted server side
|
||||||
|
"/games/3ds"
|
||||||
|
"/games/dos"
|
||||||
|
"/games/ds"
|
||||||
|
"/games/flash"
|
||||||
|
"/games/macos"
|
||||||
|
"/games/nes"
|
||||||
|
"/games/snes"
|
||||||
|
"/games/wii"
|
||||||
|
"/games/windows"
|
||||||
|
"/incoming"
|
||||||
|
"/manga"
|
||||||
|
#"/media" # not mounted server side
|
||||||
|
"/media/anime"
|
||||||
|
"/media/documentary"
|
||||||
|
#"/media/franchise" # not mounted server side
|
||||||
|
"/media/franchise/avatar"
|
||||||
|
"/media/franchise/doraemon"
|
||||||
|
"/media/franchise/lego"
|
||||||
|
"/media/franchise/masterclass"
|
||||||
|
"/media/franchise/star.trek"
|
||||||
|
"/media/movies"
|
||||||
|
"/media/movies-old"
|
||||||
|
"/media/music"
|
||||||
|
"/media/music-old"
|
||||||
|
#"/media/series" # not mounted server side
|
||||||
|
"/media/series-old"
|
||||||
|
"/media/series/cn"
|
||||||
|
"/media/series/en"
|
||||||
|
"/media/series/fr"
|
||||||
|
"/media/series/jp"
|
||||||
|
"/media/series/kr"
|
||||||
|
"/media/series/nl"
|
||||||
|
"/media/series/no"
|
||||||
|
"/media/shorts"
|
||||||
|
"/media/soundtrack"
|
||||||
|
#"/media/standup" # not mounted server side
|
||||||
|
"/media/standup/en"
|
||||||
|
"/media/standup/nl"
|
||||||
|
"/media/webvid"
|
||||||
|
#"/old"
|
||||||
|
#"/oses" # not mounted server side
|
||||||
|
"/oses/apple"
|
||||||
|
"/oses/diagnostic"
|
||||||
|
"/oses/freebsd"
|
||||||
|
"/oses/linux"
|
||||||
|
"/oses/netbsd"
|
||||||
|
"/oses/openindiana"
|
||||||
|
"/oses/philips-tv"
|
||||||
|
"/oses/reactos"
|
||||||
|
"/oses/smartos"
|
||||||
|
"/oses/vmware"
|
||||||
|
"/oses/windows"
|
||||||
|
"/password"
|
||||||
|
#"/software" # not mounted server side
|
||||||
|
"/software/esx"
|
||||||
|
"/software/jvm"
|
||||||
|
"/software/mac"
|
||||||
|
"/software/win"
|
||||||
|
"/wallpapers"
|
||||||
|
"/webcomics"
|
||||||
|
])
|
||||||
|
);
|
||||||
|
|
||||||
|
}
|
|
@ -18,7 +18,7 @@
|
||||||
(map (mkMount "/mnt/reidun" "192.168.1.3:/Reidun/shared") [
|
(map (mkMount "/mnt/reidun" "192.168.1.3:/Reidun/shared") [
|
||||||
""
|
""
|
||||||
#"/Backups"
|
#"/Backups"
|
||||||
"/Comics"
|
#"/Comics"
|
||||||
"/Downloads"
|
"/Downloads"
|
||||||
#"/Games"
|
#"/Games"
|
||||||
#"/Games/Installable"
|
#"/Games/Installable"
|
||||||
|
|
Loading…
Reference in New Issue