ljkasdljkasdljk

This commit is contained in:
Peder Bergebakken Sundt 2024-02-25 15:43:54 +01:00
parent d73b1f10c4
commit 0c5dbe2fd1
5 changed files with 124 additions and 2 deletions

View File

@ -24,6 +24,7 @@
../../profiles/mounts/freon-nfs.nix ../../profiles/mounts/freon-nfs.nix
../../profiles/mounts/reidun-nfs.nix ../../profiles/mounts/reidun-nfs.nix
../../profiles/mounts/meconium-nfs.nix ../../profiles/mounts/meconium-nfs.nix
../../profiles/mounts/fridge-nfs.nix
../../profiles/shell/base.nix ../../profiles/shell/base.nix
../../profiles/shell/archives.nix ../../profiles/shell/archives.nix

View File

@ -19,6 +19,7 @@
../../profiles/mounts/freon-nfs.nix ../../profiles/mounts/freon-nfs.nix
../../profiles/mounts/reidun-nfs.nix ../../profiles/mounts/reidun-nfs.nix
../../profiles/mounts/meconium-zfs.nix ../../profiles/mounts/meconium-zfs.nix
../../profiles/mounts/fridge-nfs.nix
../../profiles/shell/base.nix ../../profiles/shell/base.nix
../../profiles/shell/archives.nix ../../profiles/shell/archives.nix

View File

@ -28,7 +28,8 @@
#services.zfs.trim.enable = true; #services.zfs.trim.enable = true;
# the `sharenfs` property generates /etc/exports.d/zfs.exports file, automatically processed by NFS # the `sharenfs` property generates /etc/exports.d/zfs.exports file, automatically processed by NFS
# # zfs set sharenfs="-maproot=0:0 -network=192.168.1.0/24" Meconium # # zfs set sharenfs="-maproot=0:0 -network=192.168.1.0/24" Reidun
# # zfs set sharenfs="ro=192.168.1.0/24,all_squash,anonuid=70,anongid=70" Meconium # # zfs set sharenfs="ro=192.168.1.0/24,all_squash,anonuid=70,anongid=70" Meconium
# # zfs set sharenfs="rw=192.168.1.0/24" Meconium
services.nfs.server.enable = lib.mkDefault true; services.nfs.server.enable = lib.mkDefault true;
} }

View File

@ -0,0 +1,119 @@
{ config, pkgs, lib, ... }:
{
#boot.kernelParams = [ "nfs.nfs4_disable_idmapping=0" "nfsd.nfs4_disable_idmapping=0" ];
# TODO: wg-common.nix
#wireguard fyrkat client
# https://nixos.wiki/wiki/WireGuard
networking.firewall.allowedUDPPorts = [ config.networking.wireguard.interfaces."wg0".listenPort ];
networking.wireguard.interfaces."wg0" = {
ips = [ "172.22.48.3/24" ];
listenPort = 51820; # (random is default)
generatePrivateKeyFile = true;
privateKeyFile = "/var/lib/wg/wireguard_key";
peers = [
{
# get your pubkey to give to fyrkat with `wg pubkey </var/lib/wg/wireguard_key`
publicKey = "AbXutGF+GZ/3o3iyHJNQEuSEFpGbfnUb9gMfUHggkVM=";
endpoint = "fridge.fyrkat.no:51820";
# Forward all the traffic via VPN.
allowedIPs = [
"172.22.48.0/24" # fyrkat wg subnet
"10.48.0.0/16" # fyrkat subnet
];
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25;
}
];
};
users.users.wireguard.group = "writeguard";
users.groups.writeguard = {};
users.users.wireguard.isSystemUser = true;
users.users.wireguard.createHome = true;
users.users.wireguard.home = "/var/lib/wg";
fileSystems = let
mkMount = mountpoint: server: subdir: {
"${mountpoint}${subdir}" = {
device = "${server}${subdir}";
fsType = "nfs";
#options = [ "nfsvers=4.2" ];
};
};
# TODO: combine nameValuePair and listToAttrs
joinSets = sets: builtins.foldl' (l: r: l // r) {} sets;
in joinSets (
# TODO: space in dirname is not supported
(map (mkMount "/mnt/fridgepool" "10.48.101.252:/pub") [
# zfs list -rHo mountpoint,sharenfs fridpool/pub | grep ro= | cut -f1
""
"/ebook"
#"/games" # not mounted server side
"/games/3ds"
"/games/dos"
"/games/ds"
"/games/flash"
"/games/macos"
"/games/nes"
"/games/snes"
"/games/wii"
"/games/windows"
"/incoming"
"/manga"
#"/media" # not mounted server side
"/media/anime"
"/media/documentary"
#"/media/franchise" # not mounted server side
"/media/franchise/avatar"
"/media/franchise/doraemon"
"/media/franchise/lego"
"/media/franchise/masterclass"
"/media/franchise/star.trek"
"/media/movies"
"/media/movies-old"
"/media/music"
"/media/music-old"
#"/media/series" # not mounted server side
"/media/series-old"
"/media/series/cn"
"/media/series/en"
"/media/series/fr"
"/media/series/jp"
"/media/series/kr"
"/media/series/nl"
"/media/series/no"
"/media/shorts"
"/media/soundtrack"
#"/media/standup" # not mounted server side
"/media/standup/en"
"/media/standup/nl"
"/media/webvid"
#"/old"
#"/oses" # not mounted server side
"/oses/apple"
"/oses/diagnostic"
"/oses/freebsd"
"/oses/linux"
"/oses/netbsd"
"/oses/openindiana"
"/oses/philips-tv"
"/oses/reactos"
"/oses/smartos"
"/oses/vmware"
"/oses/windows"
"/password"
#"/software" # not mounted server side
"/software/esx"
"/software/jvm"
"/software/mac"
"/software/win"
"/wallpapers"
"/webcomics"
])
);
}

View File

@ -18,7 +18,7 @@
(map (mkMount "/mnt/reidun" "192.168.1.3:/Reidun/shared") [ (map (mkMount "/mnt/reidun" "192.168.1.3:/Reidun/shared") [
"" ""
#"/Backups" #"/Backups"
"/Comics" #"/Comics"
"/Downloads" "/Downloads"
#"/Games" #"/Games"
#"/Games/Installable" #"/Games/Installable"