From 97a9bbce42aa96d03d8746c4514d7f70b6504411 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Sat, 22 Jun 2024 16:27:54 +0200 Subject: [PATCH] nfs: init --- hosts/fujitsu/default.nix | 1 + hosts/fujitsu/modules/nfs/default.nix | 19 +++++++++++++++ hosts/nuc/modules/networks/default.nix | 8 +++++++ hosts/thinkpad/modules/security/default.nix | 24 +++++++++++++++++++ .../modules/virtualisation/default.nix | 12 ++++------ 5 files changed, 56 insertions(+), 8 deletions(-) create mode 100644 hosts/fujitsu/modules/nfs/default.nix diff --git a/hosts/fujitsu/default.nix b/hosts/fujitsu/default.nix index bbac861..3685021 100644 --- a/hosts/fujitsu/default.nix +++ b/hosts/fujitsu/default.nix @@ -4,6 +4,7 @@ ./hardware-configuration.nix ./modules/networks ./modules/monitoring + ./modules/nfs ]; boot.loader.grub.enable = true; diff --git a/hosts/fujitsu/modules/nfs/default.nix b/hosts/fujitsu/modules/nfs/default.nix new file mode 100644 index 0000000..890a8be --- /dev/null +++ b/hosts/fujitsu/modules/nfs/default.nix @@ -0,0 +1,19 @@ +{ ... }: +{ + fileSystems."/export" = { + device = "/dev/sda2"; + fsType = "btrfs"; + options = [ "subvol=export" "compress=zstd" "noatime" ]; + }; + + services.nfs.server = { + enable = true; + exports = '' + /export 192.168.42.2(rw,fsid=0,no_subtree_check) + /export/movies 192.168.42.2(rw,fsid=0,no_subtree_check) + /export/shows 192.168.42.2(rw,fsid=0,no_subtree_check) + ''; + }; + networking.firewall.allowedTCPPorts = [ 2049 ]; + +} diff --git a/hosts/nuc/modules/networks/default.nix b/hosts/nuc/modules/networks/default.nix index 70f154e..7c260c3 100644 --- a/hosts/nuc/modules/networks/default.nix +++ b/hosts/nuc/modules/networks/default.nix @@ -1,5 +1,13 @@ { ... }: { + fileSystems."/media/movies" = { + device = "fujitsu.vpn.rfive.de:/movies"; + fsType = "nfs"; + }; + fileSystems."/media/shows" = { + device = "fujitsu.vpn.rfive.de:/movies"; + fsType = "nfs"; + }; networking = { hostName = "nuc"; domain = "rfive.de"; diff --git a/hosts/thinkpad/modules/security/default.nix b/hosts/thinkpad/modules/security/default.nix index 416969f..f67a81f 100644 --- a/hosts/thinkpad/modules/security/default.nix +++ b/hosts/thinkpad/modules/security/default.nix @@ -20,6 +20,30 @@ sudo.u2fAuth = true; }; }; + krb5 = { + enable = true; + settings = { + libdefaults = { + default_realm = "AGDSN.DE"; + dns_lookup_realm = false; + dns_lookup_kdc = true; + ticket_lifetime = "24h"; + forwardable = "yes"; + }; + realms."AGDSN.DE" = { + kdc = "idm.agdsn.network:88"; + master_kdc = "idm.agdsn.network:88"; + admin_server = "idm.agdsn.network:749"; + default_domain = "agdsn.de"; + }; + domain_realm = { + "agdsn.de" = "AGDSN.DE"; + ".agdsn.de" = "AGDSN.DE"; + "agdsn" = "AGDSN.DE"; + ".agdsn" = "AGDSN.DE"; + }; + }; + }; }; services = { fprintd.enable = true; # log in using fingerprint diff --git a/hosts/thinkpad/modules/virtualisation/default.nix b/hosts/thinkpad/modules/virtualisation/default.nix index d38155e..7536dfc 100644 --- a/hosts/thinkpad/modules/virtualisation/default.nix +++ b/hosts/thinkpad/modules/virtualisation/default.nix @@ -1,14 +1,9 @@ { pkgs, ... }: { virtualisation = { - docker = { - rootless = { - enable = true; - setSocketVariable = true; - daemon.settings = { - iptables = false; - }; - }; + podman = { + enable = true; + defaultNetwork.settings.dns_enabled = true; }; libvirtd = { enable = true; @@ -27,5 +22,6 @@ programs.virt-manager.enable = true; environment.systemPackages = with pkgs; [ virt-viewer + podman-compose ]; }