nfs: init

2024-11-15 05:13:10 +01:00 · 2024-06-22 16:27:54 +02:00 · 2024-06-22 16:27:54 +02:00 · 97a9bbce42
parent bff20285d2
commit 97a9bbce42
5 changed files with 56 additions and 8 deletions
--- a/hosts/fujitsu/default.nix
+++ b/hosts/fujitsu/default.nix
@ -4,6 +4,7 @@
    ./hardware-configuration.nix
    ./modules/networks
    ./modules/monitoring
+    ./modules/nfs
  ];

  boot.loader.grub.enable = true;
--- a/hosts/fujitsu/modules/nfs/default.nix
+++ b/hosts/fujitsu/modules/nfs/default.nix
@ -0,0 +1,19 @@
+{ ... }:
+{
+  fileSystems."/export" = {
+    device = "/dev/sda2";
+    fsType = "btrfs";
+    options = [ "subvol=export" "compress=zstd" "noatime" ];
+  };
+
+  services.nfs.server = {
+    enable = true;
+    exports = ''
+      /export        192.168.42.2(rw,fsid=0,no_subtree_check)
+      /export/movies 192.168.42.2(rw,fsid=0,no_subtree_check)
+      /export/shows  192.168.42.2(rw,fsid=0,no_subtree_check)
+    '';
+  };
+  networking.firewall.allowedTCPPorts = [ 2049 ];
+
+}
--- a/hosts/nuc/modules/networks/default.nix
+++ b/hosts/nuc/modules/networks/default.nix
@ -1,5 +1,13 @@
 { ... }:
 {
+  fileSystems."/media/movies" = {
+    device = "fujitsu.vpn.rfive.de:/movies";
+    fsType = "nfs";
+  };
+  fileSystems."/media/shows" = {
+    device = "fujitsu.vpn.rfive.de:/movies";
+    fsType = "nfs";
+  };
  networking = {
    hostName = "nuc";
    domain = "rfive.de";
--- a/hosts/thinkpad/modules/security/default.nix
+++ b/hosts/thinkpad/modules/security/default.nix
@ -20,6 +20,30 @@
        sudo.u2fAuth = true;
      };
    };
+    krb5 = {
+      enable = true;
+      settings = {
+        libdefaults = {
+          default_realm = "AGDSN.DE";
+          dns_lookup_realm = false;
+          dns_lookup_kdc = true;
+          ticket_lifetime = "24h";
+          forwardable = "yes";
+        };
+        realms."AGDSN.DE" = {
+          kdc = "idm.agdsn.network:88";
+          master_kdc = "idm.agdsn.network:88";
+          admin_server = "idm.agdsn.network:749";
+          default_domain = "agdsn.de";
+        };
+        domain_realm = {
+          "agdsn.de" = "AGDSN.DE";
+          ".agdsn.de" = "AGDSN.DE";
+          "agdsn" = "AGDSN.DE";
+          ".agdsn" = "AGDSN.DE";
+        };
+      };
+    };
  };
  services = {
    fprintd.enable = true; # log in using fingerprint
--- a/hosts/thinkpad/modules/virtualisation/default.nix
+++ b/hosts/thinkpad/modules/virtualisation/default.nix
@ -1,14 +1,9 @@
 { pkgs, ... }:
 {
  virtualisation = {
-    docker = {
-      rootless = {
-        enable = true;
-        setSocketVariable = true;
-        daemon.settings = {
-          iptables = false;
-        };
-      };
+    podman = {
+      enable = true;
+      defaultNetwork.settings.dns_enabled = true;
    };
    libvirtd = {
      enable = true;
@ -27,5 +22,6 @@
  programs.virt-manager.enable = true;
  environment.systemPackages = with pkgs; [
    virt-viewer
+    podman-compose
  ];
 }