aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKarel Kočí <cynerd@email.cz>2024-09-11 12:42:36 +0200
committerKarel Kočí <cynerd@email.cz>2024-09-11 12:45:54 +0200
commit02bae7bce4bb28b0ddfd7672c34a006ac0789702 (patch)
tree24821057f0ab2974242ebc2cfcd1df9c2217b638
parentd1309a4e463d448cdfc07974d2aa96a39d4a366e (diff)
downloadnixos-personal-02bae7bce4bb28b0ddfd7672c34a006ac0789702.tar.gz
nixos-personal-02bae7bce4bb28b0ddfd7672c34a006ac0789702.tar.bz2
nixos-personal-02bae7bce4bb28b0ddfd7672c34a006ac0789702.zip
nixos/spt-omnia: remove NAS capability
All drives failed and it is multiple drives in the row. I am just giving up with using Turris as NAS this way.
-rw-r--r--nixos/configurations/lipwig.nix14
-rw-r--r--nixos/configurations/spt-omnia.nix74
2 files changed, 4 insertions, 84 deletions
diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix
index 1a137db..be28239 100644
--- a/nixos/configurations/lipwig.nix
+++ b/nixos/configurations/lipwig.nix
@@ -43,20 +43,6 @@
fsType = "fuse.bindfs";
options = ["map=syncthing/nextcloud:@syncthing/@nextcloud"];
};
- "/nas/spt" = {
- device = "nas@omnia.spt:/data/nas";
- fsType = "fuse.sshfs";
- options = [
- "allow_other"
- "_netdev"
- "x-systemd.automount"
- "reconnect"
- "identityfile=/run/secrets/nas.ssh.priv"
- "idmap=user"
- "uid=nextcloud"
- "gid=nextcloud"
- ];
- };
};
networking = {
diff --git a/nixos/configurations/spt-omnia.nix b/nixos/configurations/spt-omnia.nix
index 29fe8c4..79ced79 100644
--- a/nixos/configurations/spt-omnia.nix
+++ b/nixos/configurations/spt-omnia.nix
@@ -45,71 +45,15 @@ in {
SystemMaxUse=8G
'';
- environment = {
- etc.crypttab.text = ''
- nas UUID=3472bef9-cbae-48bd-873e-fd4858a0b72f /run/secrets/luks-spt-omnia-nas.key luks
- nassec UUID=016e9e75-bbc8-4b24-8bb7-c800c8f6a500 /run/secrets/luks-spt-omnia-nas.key luks
- '';
- systemPackages = with pkgs; [
- cryptsetup
- ];
- };
- fileSystems = {
- "/data" = {
- device = "/dev/mapper/nas";
- fsType = "btrfs";
- options = ["compress=lzo" "subvol=@data" "nofail"];
- };
- "/srv" = {
- device = "/dev/mapper/nas";
- fsType = "btrfs";
- options = ["compress=lzo" "subvol=@srv" "nofail"];
- depends = ["/data"];
- };
- };
services.btrfs.autoScrub = {
enable = true;
- fileSystems = ["/" "/data"];
+ fileSystems = ["/"];
};
- services.udev.packages = [
- (pkgs.writeTextFile rec {
- name = "queue_depth_sata.rules";
- destination = "/etc/udev/rules.d/50-${name}";
- text = ''
- SUBSYSTEMS=="pci", DRIVER=="ahci", ATTR{device}!="0x0612", GOTO="turris_pci_end"
- ACTION=="add|change", SUBSYSTEM=="scsi", ATTR{vendor}=="ATA", ATTR{queue_depth}="1"
- LABEL="turris_pci_end"
- '';
- })
- ];
- users = {
- groups.nas = {};
- users = {
- nas = {
- group = "nas";
- openssh.authorizedKeys.keyFiles = [
- (config.personal-secrets + "/unencrypted/nas.pub")
- (config.personal-secrets + "/unencrypted/nas-spt.pub")
- ];
- isNormalUser = true;
- home = "/data/nas";
- homeMode = "770";
- };
- cynerd.extraGroups = ["nas"];
- };
- };
- services.openssh = {
- settings.Macs = ["hmac-sha2-256"]; # Allow sha2-256 for Nexcloud access
- extraConfig = ''
- Match User nas
- X11Forwarding no
- AllowTcpForwarding no
- AllowAgentForwarding no
- ForceCommand internal-sftp -d /data/nas
- '';
+ services.fail2ban = {
+ enable = true;
+ ignoreIP = ["10.8.1.0/24" "10.8.2.0/24"];
};
- services.fail2ban.enable = true;
networking.useDHCP = false;
systemd.network = {
@@ -187,14 +131,4 @@ in {
tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4"
iifname {"home", "personalvpn", "wg"} oifname {"home", "personalvpn", "wg"} accept
'';
-
- services.syncthing = {
- enable = false;
- openDefaultPorts = true;
-
- overrideDevices = false;
- overrideFolders = false;
-
- dataDir = "/data"; # TODO this can't be the location
- };
}