From 8793120436b06b15241081b7200d51eb832d57a4 Mon Sep 17 00:00:00 2001 From: ahtlon Date: Sat, 18 Jan 2025 23:40:11 +0100 Subject: [PATCH 01/17] Only run on push --- .gitea/workflows/flake-check.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitea/workflows/flake-check.yml b/.gitea/workflows/flake-check.yml index 2685715..4357cb5 100644 --- a/.gitea/workflows/flake-check.yml +++ b/.gitea/workflows/flake-check.yml @@ -1,6 +1,5 @@ name: "Check flake syntax" on: - pull_request: push: jobs: flake-check: @@ -11,5 +10,5 @@ jobs: run: | apt update -y apt install sudo -y - - uses: cachix/install-nix-action@v27 + - uses: cachix/install-nix-action@v30 - run: nix flake check --no-update-lock-file --accept-flake-config . From 52824e39eea9513e7ed85077c5102040904315fa Mon Sep 17 00:00:00 2001 From: ahtlon Date: Sat, 18 Jan 2025 23:41:53 +0100 Subject: [PATCH 02/17] with nix flake check the hydraJobs output is evaluated in the same way as Hydra's hydra-eval-jobs --- .gitea/workflows/eval-hydra-jobs.yml | 15 --------------- 1 file changed, 15 deletions(-) delete mode 100644 .gitea/workflows/eval-hydra-jobs.yml diff --git a/.gitea/workflows/eval-hydra-jobs.yml b/.gitea/workflows/eval-hydra-jobs.yml deleted file mode 100644 index 6a6d5ee..0000000 --- a/.gitea/workflows/eval-hydra-jobs.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: "Evaluate Hydra Jobs" -on: - pull_request: - push: -jobs: - eval-hydra-jobs: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Install dependencies for Nix setup action - run: | - apt update -y - apt install sudo -y - - uses: cachix/install-nix-action@v27 - - run: nix eval --no-update-lock-file --accept-flake-config .\#hydraJobs From 2500b8ab9a4c701fd8e5afe519277c097dfe05d6 Mon Sep 17 00:00:00 2001 From: ahtlon Date: Tue, 26 Nov 2024 13:57:15 +0100 Subject: [PATCH 03/17] basic discourse example --- machines/durruti/configuration.nix | 1 + machines/modules/try/discourse.nix | 13 +++++++++++++ 2 files changed, 14 insertions(+) create mode 100644 machines/modules/try/discourse.nix diff --git a/machines/durruti/configuration.nix b/machines/durruti/configuration.nix index 0285dce..a17f53a 100644 --- a/machines/durruti/configuration.nix +++ b/machines/durruti/configuration.nix @@ -28,6 +28,7 @@ with lib; ../modules/malobeo_user.nix ../modules/sshd.nix ../modules/minimal_tools.nix + ../modules/try/discourse.nix #also wiki.js nextcloud+collective ]; services.malobeo-tasklist.enable = true; diff --git a/machines/modules/try/discourse.nix b/machines/modules/try/discourse.nix new file mode 100644 index 0000000..a5c8ac6 --- /dev/null +++ b/machines/modules/try/discourse.nix @@ -0,0 +1,13 @@ +{}:{ + services.discourse = { + enable = true; + hostname = "forum.malobeol.org"; + admin = { + email = "admin@"; + username = "admin"; + fullName = "Admin"; + passwordFile = ""; #sops? + }; + secretKeyBaseFile = "/run/keys/secret_key_base"; + }; +} \ No newline at end of file From d9cf3588bf2e0fc228aea4b5be02220311464ef0 Mon Sep 17 00:00:00 2001 From: ahtlon Date: Tue, 26 Nov 2024 18:28:12 +0100 Subject: [PATCH 04/17] Start over but right this time --- machines/.sops.yaml | 9 ++++ machines/configuration.nix | 8 +++ machines/discourse/configuration.nix | 37 +++++++++++++ machines/discourse/secrets.yaml | 81 ++++++++++++++++++++++++++++ machines/durruti/configuration.nix | 1 - machines/modules/try/discourse.nix | 13 ----- 6 files changed, 135 insertions(+), 14 deletions(-) create mode 100644 machines/discourse/configuration.nix create mode 100644 machines/discourse/secrets.yaml delete mode 100644 machines/modules/try/discourse.nix diff --git a/machines/.sops.yaml b/machines/.sops.yaml index 704e5fe..5ef9757 100644 --- a/machines/.sops.yaml +++ b/machines/.sops.yaml @@ -73,3 +73,12 @@ creation_rules: - *admin_kalipso_dsktp age: - *admin_atlan + + - path_regex: discourse/secrets.yaml$ + key_groups: + - pgp: + - *admin_kalipso + - *admin_kalipso_dsktp + - *machine_durruti + age: + - *admin_atlan \ No newline at end of file diff --git a/machines/configuration.nix b/machines/configuration.nix index d176016..6530015 100644 --- a/machines/configuration.nix +++ b/machines/configuration.nix @@ -176,4 +176,12 @@ in specialArgs.self = self; modules = defaultModules ++ [ ./testvm ]; }; + discourse = nixosSystem { + system = "x86_64-linux"; + specialArgs.inputs = inputs; + specialArgs.self = self; + modules = makeMicroVM "durruti" "10.0.0.7" [ + ./discourse/configuration.nix + ]; + }; } diff --git a/machines/discourse/configuration.nix b/machines/discourse/configuration.nix new file mode 100644 index 0000000..4208aff --- /dev/null +++ b/machines/discourse/configuration.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + sops.defaultSopsFile = ./secrets.yaml; + + networking = { + hostName = mkDefault "discourse"; + useDHCP = false; + nameservers = [ "1.1.1.1" ]; + }; + + imports = [ + ../modules/malobeo_user.nix + ../modules/sshd.nix + ../modules/minimal_tools.nix + ../modules/autoupdate.nix + ]; + + services.discourse = { + enable = true; + hostname = "forum.malobeol.org"; + admin = { + email = "admin@example.org"; + username = "admin"; + fullName = "Admin"; + passwordFile = config.sops.secrets.discourseAdminPasswordFile.path; + }; + secretKeyBaseFile = config.sops.secrets.discourseSecretKeyBaseFile.path; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + system.stateVersion = "22.11"; # Did you read the comment? +} + diff --git a/machines/discourse/secrets.yaml b/machines/discourse/secrets.yaml new file mode 100644 index 0000000..6008e86 --- /dev/null +++ b/machines/discourse/secrets.yaml @@ -0,0 +1,81 @@ +discourseSecretKeyBaseFile: ENC[AES256_GCM,data:XKjcm+sOt4HazADjcJ6MilYNZMbO5IVMGnfdUXyx+9OjmEfk/zb0dhIjpZ2t6P1UfQUFI7NT2BMKgEjb2EG+5Kjxsq4mN+zoBxZAZI0WM6/WoF3ydwuqVamr1rIXfGN/W58UAink8K4SW7B6sbb76yQOWoP/GRHEaIxNvdnsGyE=,iv:LaoFS0O1qIpL/w1Gp98Em14hRohNR/FNqir38hBbCac=,tag:2zV5XRSkL6zYxylJoJ/OLQ==,type:str] +#ENC[AES256_GCM,data:sCvaoU2W7sc=,iv:iZdeM7YEkyOhkQUrHoRFJEnWw47OmBvi5AJ3ZEXck8k=,tag:wnh19onScSBPkyZw8PLQiA==,type:comment] +discourseAdminPasswordFile: ENC[AES256_GCM,data:01pJVQ==,iv:FjU8sM0n1YDhywUoaWHnvBcsNMFeqqxp+eYyAKByT1E=,tag:LR70T8ywo80PQHNHj6aJEA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyVG1UYmZyWk8vZXJPdFBm + bHlwMUJ0ZjJQS3A0ZytLbXRCbGxyREZKajJjClI3NEt3c0RyOVZrZzh4ZGFsQ1Ft + NFdJd3hhRTNaV0ZGRHdBdEVOdm4wR0EKLS0tIDlvcFB0Z1VtRUVQVFBKRVRuN3Jn + RmI4OWI3YU5PUkFpeUROMEJHbXU1MjAKOOt7LCeH4mJtm+ngT9A2Ubzdje435RK+ + PomvgpBQ3t3ry+mBMz25DdgIYgBsnDS2ji5mavd3Zx2dbah0q4Cdrw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-26T17:23:55Z" + mac: ENC[AES256_GCM,data:axeHNSEsXZu4LCaQoy8FzDd7yBjy5nrjDmEF5pEwxmCw4bp1Gssdy2CVs0oDqU0UbOQ8D5Q8tevhdhxSTx19JF9HnaD4b3NL6+bmObx+d67zVqtyv1E0hHDgfsQBuoMQOou2ht6hhkz/VRUmbBICOZERc7o87uzXNXG2pP34vNY=,iv:jaBiGbxC62rnhotquYZ6id0f94+crve7Cnn8dFnzdC4=,tag:7lCHK6HvqDmOEfCA+wHtIg==,type:str] + pgp: + - created_at: "2024-11-26T17:23:19Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQGMA5HdvEwzh/H7AQv9EDScYMdx0QPqz9ipgvsZTBOqsrLUvGOYcwod9412bMzO + Oic5VkkiCSDPARP2JRGlS1Qvr3Oecdvo/TBpThWrWgaxS6THHPUyiaZGQhQXUnHo + d6u+OPMH4eZ3Vmn5pzbRwTg1mpKKwtvtMo+xCEaygPFGoIMMlmDr/q3agsJ07YBI + Ip9764gqBS6N+J3KN6j3XM/LHEu3e/qwp049BCslfWqVKZB7lQ7NbVkyGCM37aL9 + /GQSUvD+MU6WeIGd4Hr73pbc+MrB/KbSbufuwOVIUdZU/n6znusa1LjMuFgg9iOU + jsUmsdt7EhVpz7aQ1obFIcDVa7HFNF+Lp+78QgAInMK9QNWzH4OJumhrqovtbajg + xGfe0AJnkctYMOA3a6SHT2YZv3/iLqMkz/ioEVInlB9BAfNFK9UZWadVLEYyzJQR + 1rs54kbtm71/eTi3eadS3yRfEHoSgHrrPuRN2tzSCi1w2QK0a724v5Jtr/epzycT + oA4ha42dC4z1n66b7NAb0lYBSqZhcVm6wStypBGtCd0B08bFDzXng3PtfeVrD1jg + b37smpXoQNe6vvG6M9yr2qg6V21SZWw3a4K93qDn+mihbOsnpZj24L0fJctIZSC3 + la3aPsVYQg== + =G43o + -----END PGP MESSAGE----- + fp: c4639370c41133a738f643a591ddbc4c3387f1fb + - created_at: "2024-11-26T17:23:19Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA98TrrsQEbXUARAAlFNovLVBXXDUSMxBYsZll4UZ7+sPAdLZ+kDu49JlX4rJ + zNo3NiNrVMfUUZpWx3q5mYGUR5Ys441kwhDlUhj5Jv7X7PkTl2KU+pZZBr5DBnD0 + 8Nzm8CeI+3gphujX7CGjUcRUKjOMSa8nhIvz919TW1KCmr1xLDQw8yZGWn+VVBe1 + g3ut0OEDFHBcU4T3DcFq7UMUCPpwo1Eas2tcLg4N18YCZanL34ziVlHlzocvE4Jz + 1Y/tWvYj/OytktRDITi9/OIdS4hmSSPe8Qzb5abSCz20CzojVaDwEFGgwv9IRkBQ + C7RmPyd3u8Y/13tMORKz65LExmolhQyW4GVozDdEFQckwBYxMmaY9q7JVgKi5WD+ + 8s3r4vcIdISKlWH0E3qmJhkHxpoDmAS7NLXb8ROpCjKZKTK+XE0AEK8S3CFNgbvA + yKAnr7MVMJJBjbgxKJaoIjwNwkXQWCvm1f2s+xJTGQGHG+2hMgVoYb6dlpir08jR + yDHYxtpz/tRSXkjM7C6+r3SzZub/xowtWNUeZJqhsBhpP7cVT/dkd9cKvL+LTYM5 + nQpczoNfBSn/wt87rCV6lFRyUsqhqUfMIR4T8mpa+2weneqX8olb8CT4312E9eEw + mqVX+fGETWpUN/cEpnFFcXS/MPAJCHyedov5MgdmBL/XEVKbWAPk22CGgFv8GHTS + VgEKUaeKWKThwCYl8ylTpgO7eZ+retflRpoVUddWyAiTe/rTvrBfR9hayZPYp2Lf + vmQLDfcHAH/DmazB7CAlomaLS/1ab1zHltvSw4HFKFy9lxl692Fk + =BnOX + -----END PGP MESSAGE----- + fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4 + - created_at: "2024-11-26T17:23:19Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1kR3vWkIYVnARAAm1JETHrYuQ282GaaCLC9ZRjtskt3Tt9sAveKoltS6PgG + zDE1L5XFgWMg+IrxISqw4a6dIoJcJVlSIaojPkAENqjeHWEFdI6QoQ2P3yNgU8Fd + MzTukSmPZwP/XMLE73SIWU7+23qlnnCQrHzqNHZh6vijz6fIjQ4xfvGnV2n0MD/V + BVjPZJv3BbV+Xaf43hwEsFfn90h8wyd1Ls3Q7PlQA9lL952B9IAm3koN/LWAbYqo + oxSXb13kQuvtL6TwsHc1QGlHWaEdJRgTLnYxroqgOC6PXKqoTSmX4adeExWCMg7E + HGe/S/PG6xBJlWhZcDS2ldZjFCHojy43NsJj/0ir4onBqehvb/Bw2RiVrRW9ZCNx + Ydk1UXdk/2bFeHSTaSNEgXEsU6GQNFRKS+PkxLst5xT2GLnPAQu1vCxVsYOze8BX + AwySIEEZikqb9ycP0eJGOYRPW1Vw43xUaexClLa6zFi+o45jxbzCOChpAobjIQ4t + kOdtEnKYTg9jWuK57zCD8/EmY98kfSSRas119fJ/8eeFib2I4WT9WwAbD4+8Ld4c + GzUg00mim2Xz6LPJkqX3SNL9/ZHqlirJMoMcltIro14dT+BsgBL/8OnHXQ0SMRhg + wz+Dx7fUcP+rkN8tSG/wXQ3CAMv8lfOw1XqKzx4mMqjaVoqbhKNPUtYRUAWWPx/S + VgEmV0aoiD0ar/QxZRUZwWawTPsJOCxZptvvsW22jWq/G7VyX6OR56XmI+jPUCFm + 1WN8TkplHFtFqUTyQL8lI66iQiaYMmpjjVU6TKqNGShHSj65cB/n + =38qM + -----END PGP MESSAGE----- + fp: 4095412245b6efc14cf92ca25911def5a4218567 + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/machines/durruti/configuration.nix b/machines/durruti/configuration.nix index a17f53a..0285dce 100644 --- a/machines/durruti/configuration.nix +++ b/machines/durruti/configuration.nix @@ -28,7 +28,6 @@ with lib; ../modules/malobeo_user.nix ../modules/sshd.nix ../modules/minimal_tools.nix - ../modules/try/discourse.nix #also wiki.js nextcloud+collective ]; services.malobeo-tasklist.enable = true; diff --git a/machines/modules/try/discourse.nix b/machines/modules/try/discourse.nix deleted file mode 100644 index a5c8ac6..0000000 --- a/machines/modules/try/discourse.nix +++ /dev/null @@ -1,13 +0,0 @@ -{}:{ - services.discourse = { - enable = true; - hostname = "forum.malobeol.org"; - admin = { - email = "admin@"; - username = "admin"; - fullName = "Admin"; - passwordFile = ""; #sops? - }; - secretKeyBaseFile = "/run/keys/secret_key_base"; - }; -} \ No newline at end of file From 0239733e627f52366d19dccdca726009f4ad4b66 Mon Sep 17 00:00:00 2001 From: ahtlon Date: Tue, 26 Nov 2024 18:45:31 +0100 Subject: [PATCH 05/17] sops.... --- machines/discourse/configuration.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/machines/discourse/configuration.nix b/machines/discourse/configuration.nix index 4208aff..e7be585 100644 --- a/machines/discourse/configuration.nix +++ b/machines/discourse/configuration.nix @@ -4,6 +4,10 @@ with lib; { sops.defaultSopsFile = ./secrets.yaml; + sops.secrets = { + discourseAdminPasswordFile = {}; + discourseSecretKeyBaseFile = {}; + }; networking = { hostName = mkDefault "discourse"; @@ -28,6 +32,12 @@ with lib; passwordFile = config.sops.secrets.discourseAdminPasswordFile.path; }; secretKeyBaseFile = config.sops.secrets.discourseSecretKeyBaseFile.path; + database.createLocally = true; + enableACME = false; + }; + services.postgresql = { + enable = true; + package = pkgs.postgresql_13; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; From 9afa8987e7985f6bbab15603ab678645fff248df Mon Sep 17 00:00:00 2001 From: ahtlon Date: Tue, 26 Nov 2024 21:00:54 +0100 Subject: [PATCH 06/17] nextcloud minimal --- machines/.sops.yaml | 9 ++++ machines/configuration.nix | 11 +++- machines/nextcloud/configuration.nix | 35 ++++++++++++ machines/nextcloud/secrets.yaml | 79 ++++++++++++++++++++++++++++ 4 files changed, 133 insertions(+), 1 deletion(-) create mode 100644 machines/nextcloud/configuration.nix create mode 100644 machines/nextcloud/secrets.yaml diff --git a/machines/.sops.yaml b/machines/.sops.yaml index 5ef9757..3eda966 100644 --- a/machines/.sops.yaml +++ b/machines/.sops.yaml @@ -75,6 +75,15 @@ creation_rules: - *admin_atlan - path_regex: discourse/secrets.yaml$ + key_groups: + - pgp: + - *admin_kalipso + - *admin_kalipso_dsktp + - *machine_durruti + age: + - *admin_atlan + + - path_regex: nextcloud/secrets.yaml$ key_groups: - pgp: - *admin_kalipso diff --git a/machines/configuration.nix b/machines/configuration.nix index 6530015..51bc0bc 100644 --- a/machines/configuration.nix +++ b/machines/configuration.nix @@ -180,8 +180,17 @@ in system = "x86_64-linux"; specialArgs.inputs = inputs; specialArgs.self = self; - modules = makeMicroVM "durruti" "10.0.0.7" [ + modules = makeMicroVM "discourse" "10.0.0.7" [ ./discourse/configuration.nix ]; }; + + nextcloud = nixosSystem { + system = "x86_64-linux"; + specialArgs.inputs = inputs; + specialArgs.self = self; + modules = makeMicroVM "nextcloud" "10.0.0.11" [ + ./nextcloud/configuration.nix + ]; + }; } diff --git a/machines/nextcloud/configuration.nix b/machines/nextcloud/configuration.nix new file mode 100644 index 0000000..09ae050 --- /dev/null +++ b/machines/nextcloud/configuration.nix @@ -0,0 +1,35 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + sops.defaultSopsFile = ./secrets.yaml; + sops.secrets = { + nextcloudAdminPass = {}; + }; + + networking = { + hostName = mkDefault "discourse"; + useDHCP = false; + nameservers = [ "1.1.1.1" ]; + }; + + imports = [ + ../modules/malobeo_user.nix + ../modules/sshd.nix + ../modules/minimal_tools.nix + ../modules/autoupdate.nix + ]; + + services.nextcloud = { + enable = true; + package = pkgs.nextcloud30; + hostName = "10.0.0.11"; + config.adminpassFile = config.sops.secrets.nextcloudAdminPass.path; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + system.stateVersion = "22.11"; # Did you read the comment? +} + diff --git a/machines/nextcloud/secrets.yaml b/machines/nextcloud/secrets.yaml new file mode 100644 index 0000000..84f38cf --- /dev/null +++ b/machines/nextcloud/secrets.yaml @@ -0,0 +1,79 @@ +nextcloudAdminPass: ENC[AES256_GCM,data:es9hhtCcqBqPbV2L,iv:Kyq5kqao0uaMPs0GeRkJT9OWYSZfImBXngg51k0uQ0M=,tag:zN/u90/j4rmdo0HtY+cF9w==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmVGxsNmZ3Z0RIYmMyL0Mr + UUpaMEZLTCtQaGFrL1YwOVBicEtNRTVaVGhRCmhDSUgxYXpRcldaMngvOWJDdnNo + b2ZFbUdmcE9EV2E3SkMvZ1RpKzZmeU0KLS0tIE5hNmVFTXpBZFZ3bHYwQlJQaUtw + UFJmTVFaOTJXN09QLzY4emh5Z3hqRjAKXk1PSwR2x0H2cMN06fyigiusz8v2IRIg + S4ZTq/JX39U4QQHgWA1dFPfC636LNBo+QKdl/2mjwnXW7duqDJ+5kA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-26T20:00:50Z" + mac: ENC[AES256_GCM,data:qoY9SfpoU+8HfvD5v/1S6BOkbnZUmHIbtwr0tTSuPETjnFNgr1VVw9mnRatJKPYYFb9/rMZQWIqTY+iUIEkcTVyVXhd6ki5CHW+uxCeBIyMzq33rtEa/btkEUoii4iPieamBCIY21W0znE+edxfR04yRJtLxMICEbuW4Hjf6bwk=,iv:nG42fRgjpuIjPMYnn/6egEdzYolcUBsspaZ8zMv4888=,tag:C6apGoAvVLsWdLWSCwrx6w==,type:str] + pgp: + - created_at: "2024-11-26T19:59:36Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQGMA5HdvEwzh/H7AQv+KkX46UGQzLvhrk/VUCnnMdLEcNbYfk4h+sZJzs1riOGA + LAKYNeaeN6iLLeZX+T2/s5OT4WkIEKGg8/gziurdx01BR70M96Faubp6EVtdK44+ + 6F5BLLrDhlEKDNOx48qPwJdFjbYW4wZLWmv5nzwPmmRCKO7MoI9UHKq69msCor1i + ralbjlVHyKSuRfvflKAlxFoEqeB6H+ryc54g3stk1j2eFiMNuF/oKDJZT+XI5LHZ + Ai80DAWoUBYgpP4aWiNC075GPutdPlZ3mrGf5+7QnNm7GmNUdJN5VAWmI2NUGr1J + BLopnPFo4juWNsZkLMj2aAuKvGTkhz2PuFKfLj6Erpu82RAjadpFWx239n+i4Ryq + wSquYshpuiecLEejntTBKLEacwp+aPx8IHKnOOKBTdJj+YYaISiznQAlkF7WS+lg + MTZR85BvCxiPogujL7uhYSx1wM5FVkuAIPf1JOJCRvQt30eRRrR0VMrmqQ1Kl5OT + VMzZRIGIoC5vrKGeIIjJ0lgBWQ3bYFh/LGrwKetku6TRAH29mp/XwQqBC97RsUYb + EOxft5sUWaYrXK+z2yzCxOQBWKJISPgcyhdoKfYGnRkHXHi2Uay84oQP4co72eVF + cAhEJOxMw36e + =bSaN + -----END PGP MESSAGE----- + fp: c4639370c41133a738f643a591ddbc4c3387f1fb + - created_at: "2024-11-26T19:59:36Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA98TrrsQEbXUARAAmG88ZDt43zj6dCJkYYVj7MGIhIviJzilTvX4+EfNobtA + tll60GYfRotKnwbuqzSVaaIcV+6cDQ5I1hG5WNFJSXm7DpJ0W1Ir1x2hpxektXFa + fQ+9HiCOfEqUu5PEynCAD1jN6CQLdl87hLQx9TqbZnHuUYPSH1o9Y6kbA/Vp3bpy + evJc8qa66WHYH1kjdEw+qneD5HzZQOLOtXZ7xkxjGbyMcYex9JfyGHohO5dpLg6B + 3XrLlIWWERVz04MlnzlaMKfzhoMCU9ByqJSQ3VBm9kblQqu54fOZD2sN8j9ACEfL + YNC7Jm2rasVSqv09G1kso9/VNDw3kNCLvjnpE5rJRP7Ckfj+4FxQN/zPVUwQ1e1k + upoQ8MHyf1bJr8vspm/prm9zp+PRRTUwY1Yyts/ffj+CF5ec9M3jr/RSeEAdswsL + 6dLKBL1LuLAjKXOuVnQ7E6gN940Y994sDFkbqEmzzCUHGcfxSF3IDn/qpkQlqerU + B/D43Yef+rtsUDyTA5RUpxKleGORcS4sV0BhQrNXeFclaMTyMr+AbOei4Y77qlD1 + x/fHB3IT4Intvp9k4m6jJ86RtLpVhEoA4cHEdCCiXHzUpA6aVtNHVAOqT/aBykrf + uSm1wu/nl6yKbIwTJueli1OfQYKEYcUdjOrEOwXb+UDQKSohWZrMg0sj7/S6Pl/S + WAG1BZ20HXD2ZrVqESV87Pl04nKMqswrio+BINfAT9X3ya7L3DF69MR18bDt+ZIB + 0F3+9WUREGI5in4S3hXNxrgfLNFl1YLklfWLYcx0HXJN3z6F2eJOUvM= + =aT3U + -----END PGP MESSAGE----- + fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4 + - created_at: "2024-11-26T19:59:36Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA1kR3vWkIYVnARAAqFyuCtvu6AidWg/9+btEcjWv0sBZaIRpYfX3p2QECwCu + UYAtssvSHgHdBEQzU27MA/5CGmEreB3NhWrjGquv88RojLO1JuhNHGYPZKeIcBKr + I2oS79RKuYs+d2Qu0KUYDaVoY9M5YJsfkju2FOXqMNYlbqX+lDuWnisigj3n2N4e + OEBnVIpfPBQE6c1Z9DaQJE7MyBbKfg5YeWjlwwh+fCf1dV/nGp+QdD88F3dzWMoK + xNGt69TwZ8JUVmElAIJqLJTpyDI5xHQUw2A6ddPSTk/u363eHhOnZZUNAAm3FdO5 + 0x+4QhcBaH59S8WDZhw4MVmZN7v4+3l3mf7Rx/TXSz4oJg+U7RMgvc291/gowNVm + /cVhBlMYz4Ogx/OYR/t+nzq35r+eBungTB+dRXw7qTTfkCtNgp34JMCkGAq5WWnY + 57H2HtssGiMF0qN4SfWxw7317oUmqHI2XvG0yWt42G++jNgIGbDOtuc/7wATEbhK + SBX2aLqDIB1OUwLHQeawyKkB0qGmRSVPkPg8JLwRp43ICETH1WPkY5m/a2slVlDj + qgdw00clTI5Fgu/5G5QBD4Ds9f9ZwjrMD4v+NYfGxa0ajisXl1X6CL1+YvQ6Uicf + QmIRJYxyVd0VoXScZnsk0T/XTKjJB/fRLRalA2PmlZ1v+gisCUz2dhM+OHtSjGTS + WAG5znRbP8UMVt02O0PgbzHYtIUAtQLCuBnzfEKJn721rqCXf7DXU3jrR73Ys6ce + VJzkVBMnBszF71GN56t0PaUYIDOnaGvgjMtHHtOCLQHSK7asnm/Bc+E= + =Znii + -----END PGP MESSAGE----- + fp: 4095412245b6efc14cf92ca25911def5a4218567 + unencrypted_suffix: _unencrypted + version: 3.8.1 From 66392ca2c2684a5053c870b2d20d58e090163487 Mon Sep 17 00:00:00 2001 From: ahtlon Date: Tue, 26 Nov 2024 21:18:35 +0100 Subject: [PATCH 07/17] login geht --- machines/nextcloud/configuration.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/machines/nextcloud/configuration.nix b/machines/nextcloud/configuration.nix index 09ae050..0804760 100644 --- a/machines/nextcloud/configuration.nix +++ b/machines/nextcloud/configuration.nix @@ -21,11 +21,13 @@ with lib; ../modules/autoupdate.nix ]; + environment.etc."nextcloud-admin-pass".text = "hXz5vspPsFPY"; services.nextcloud = { enable = true; package = pkgs.nextcloud30; hostName = "10.0.0.11"; - config.adminpassFile = config.sops.secrets.nextcloudAdminPass.path; + #config.adminpassFile = config.sops.secrets.nextcloudAdminPass.path; + config.adminpassFile = "/etc/nextcloud-admin-pass"; #user=root }; networking.firewall.allowedTCPPorts = [ 80 443 ]; From ef25c686b4fffcf2540668379c9ee65e71510773 Mon Sep 17 00:00:00 2001 From: ahtlon Date: Tue, 26 Nov 2024 21:36:53 +0100 Subject: [PATCH 08/17] add nextcloud collectives --- machines/nextcloud/configuration.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/machines/nextcloud/configuration.nix b/machines/nextcloud/configuration.nix index 0804760..f33340f 100644 --- a/machines/nextcloud/configuration.nix +++ b/machines/nextcloud/configuration.nix @@ -28,6 +28,15 @@ with lib; hostName = "10.0.0.11"; #config.adminpassFile = config.sops.secrets.nextcloudAdminPass.path; config.adminpassFile = "/etc/nextcloud-admin-pass"; #user=root + extraAppsEnable = true; + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) contacts calendar; + collectives = pkgs.fetchNextcloudApp { + sha256 = "sha256-ErCWmQCI+ym9Pvsf84Z9yq4CyYJ1uVhyhhlS2bVSJ54="; + url = "https://github.com/nextcloud/collectives/releases/download/v2.15.1/collectives-2.15.1.tar.gz"; + license = "agpl3Plus"; + }; + }; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; From cbd041f563adc22b5c73a97a694d95e69b9e6076 Mon Sep 17 00:00:00 2001 From: kalipso Date: Tue, 10 Dec 2024 12:22:09 +0100 Subject: [PATCH 09/17] [nextcloud] fix hostname --- machines/nextcloud/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/nextcloud/configuration.nix b/machines/nextcloud/configuration.nix index f33340f..104b283 100644 --- a/machines/nextcloud/configuration.nix +++ b/machines/nextcloud/configuration.nix @@ -9,7 +9,7 @@ with lib; }; networking = { - hostName = mkDefault "discourse"; + hostName = mkDefault "nextcloud"; useDHCP = false; nameservers = [ "1.1.1.1" ]; }; From fab1b182636a4d2377b104267ab8242005357290 Mon Sep 17 00:00:00 2001 From: ahtlon Date: Sat, 18 Jan 2025 18:11:13 +0100 Subject: [PATCH 10/17] [nextcloud] rm discourse --- machines/.sops.yaml | 9 ---- machines/configuration.nix | 25 ++++----- machines/discourse/configuration.nix | 47 ---------------- machines/discourse/secrets.yaml | 81 ---------------------------- 4 files changed, 9 insertions(+), 153 deletions(-) delete mode 100644 machines/discourse/configuration.nix delete mode 100644 machines/discourse/secrets.yaml diff --git a/machines/.sops.yaml b/machines/.sops.yaml index 3eda966..ece6ddf 100644 --- a/machines/.sops.yaml +++ b/machines/.sops.yaml @@ -74,15 +74,6 @@ creation_rules: age: - *admin_atlan - - path_regex: discourse/secrets.yaml$ - key_groups: - - pgp: - - *admin_kalipso - - *admin_kalipso_dsktp - - *machine_durruti - age: - - *admin_atlan - - path_regex: nextcloud/secrets.yaml$ key_groups: - pgp: diff --git a/machines/configuration.nix b/machines/configuration.nix index 51bc0bc..3fb5a04 100644 --- a/machines/configuration.nix +++ b/machines/configuration.nix @@ -170,27 +170,20 @@ in ]; }; + nextcloud = nixosSystem { + system = "x86_64-linux"; + specialArgs.inputs = inputs; + specialArgs.self = self; + modules = makeMicroVM "nextcloud" "10.0.0.13" "D0:E5:CA:F0:D7:E9" [ + ./nextcloud/configuration.nix + ]; + }; + testvm = nixosSystem { system = "x86_64-linux"; specialArgs.inputs = inputs; specialArgs.self = self; modules = defaultModules ++ [ ./testvm ]; }; - discourse = nixosSystem { - system = "x86_64-linux"; - specialArgs.inputs = inputs; - specialArgs.self = self; - modules = makeMicroVM "discourse" "10.0.0.7" [ - ./discourse/configuration.nix - ]; - }; - nextcloud = nixosSystem { - system = "x86_64-linux"; - specialArgs.inputs = inputs; - specialArgs.self = self; - modules = makeMicroVM "nextcloud" "10.0.0.11" [ - ./nextcloud/configuration.nix - ]; - }; } diff --git a/machines/discourse/configuration.nix b/machines/discourse/configuration.nix deleted file mode 100644 index e7be585..0000000 --- a/machines/discourse/configuration.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -{ - sops.defaultSopsFile = ./secrets.yaml; - sops.secrets = { - discourseAdminPasswordFile = {}; - discourseSecretKeyBaseFile = {}; - }; - - networking = { - hostName = mkDefault "discourse"; - useDHCP = false; - nameservers = [ "1.1.1.1" ]; - }; - - imports = [ - ../modules/malobeo_user.nix - ../modules/sshd.nix - ../modules/minimal_tools.nix - ../modules/autoupdate.nix - ]; - - services.discourse = { - enable = true; - hostname = "forum.malobeol.org"; - admin = { - email = "admin@example.org"; - username = "admin"; - fullName = "Admin"; - passwordFile = config.sops.secrets.discourseAdminPasswordFile.path; - }; - secretKeyBaseFile = config.sops.secrets.discourseSecretKeyBaseFile.path; - database.createLocally = true; - enableACME = false; - }; - services.postgresql = { - enable = true; - package = pkgs.postgresql_13; - }; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - system.stateVersion = "22.11"; # Did you read the comment? -} - diff --git a/machines/discourse/secrets.yaml b/machines/discourse/secrets.yaml deleted file mode 100644 index 6008e86..0000000 --- a/machines/discourse/secrets.yaml +++ /dev/null @@ -1,81 +0,0 @@ -discourseSecretKeyBaseFile: ENC[AES256_GCM,data:XKjcm+sOt4HazADjcJ6MilYNZMbO5IVMGnfdUXyx+9OjmEfk/zb0dhIjpZ2t6P1UfQUFI7NT2BMKgEjb2EG+5Kjxsq4mN+zoBxZAZI0WM6/WoF3ydwuqVamr1rIXfGN/W58UAink8K4SW7B6sbb76yQOWoP/GRHEaIxNvdnsGyE=,iv:LaoFS0O1qIpL/w1Gp98Em14hRohNR/FNqir38hBbCac=,tag:2zV5XRSkL6zYxylJoJ/OLQ==,type:str] -#ENC[AES256_GCM,data:sCvaoU2W7sc=,iv:iZdeM7YEkyOhkQUrHoRFJEnWw47OmBvi5AJ3ZEXck8k=,tag:wnh19onScSBPkyZw8PLQiA==,type:comment] -discourseAdminPasswordFile: ENC[AES256_GCM,data:01pJVQ==,iv:FjU8sM0n1YDhywUoaWHnvBcsNMFeqqxp+eYyAKByT1E=,tag:LR70T8ywo80PQHNHj6aJEA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyVG1UYmZyWk8vZXJPdFBm - bHlwMUJ0ZjJQS3A0ZytLbXRCbGxyREZKajJjClI3NEt3c0RyOVZrZzh4ZGFsQ1Ft - NFdJd3hhRTNaV0ZGRHdBdEVOdm4wR0EKLS0tIDlvcFB0Z1VtRUVQVFBKRVRuN3Jn - RmI4OWI3YU5PUkFpeUROMEJHbXU1MjAKOOt7LCeH4mJtm+ngT9A2Ubzdje435RK+ - PomvgpBQ3t3ry+mBMz25DdgIYgBsnDS2ji5mavd3Zx2dbah0q4Cdrw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-26T17:23:55Z" - mac: ENC[AES256_GCM,data:axeHNSEsXZu4LCaQoy8FzDd7yBjy5nrjDmEF5pEwxmCw4bp1Gssdy2CVs0oDqU0UbOQ8D5Q8tevhdhxSTx19JF9HnaD4b3NL6+bmObx+d67zVqtyv1E0hHDgfsQBuoMQOou2ht6hhkz/VRUmbBICOZERc7o87uzXNXG2pP34vNY=,iv:jaBiGbxC62rnhotquYZ6id0f94+crve7Cnn8dFnzdC4=,tag:7lCHK6HvqDmOEfCA+wHtIg==,type:str] - pgp: - - created_at: "2024-11-26T17:23:19Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQGMA5HdvEwzh/H7AQv9EDScYMdx0QPqz9ipgvsZTBOqsrLUvGOYcwod9412bMzO - Oic5VkkiCSDPARP2JRGlS1Qvr3Oecdvo/TBpThWrWgaxS6THHPUyiaZGQhQXUnHo - d6u+OPMH4eZ3Vmn5pzbRwTg1mpKKwtvtMo+xCEaygPFGoIMMlmDr/q3agsJ07YBI - Ip9764gqBS6N+J3KN6j3XM/LHEu3e/qwp049BCslfWqVKZB7lQ7NbVkyGCM37aL9 - /GQSUvD+MU6WeIGd4Hr73pbc+MrB/KbSbufuwOVIUdZU/n6znusa1LjMuFgg9iOU - jsUmsdt7EhVpz7aQ1obFIcDVa7HFNF+Lp+78QgAInMK9QNWzH4OJumhrqovtbajg - xGfe0AJnkctYMOA3a6SHT2YZv3/iLqMkz/ioEVInlB9BAfNFK9UZWadVLEYyzJQR - 1rs54kbtm71/eTi3eadS3yRfEHoSgHrrPuRN2tzSCi1w2QK0a724v5Jtr/epzycT - oA4ha42dC4z1n66b7NAb0lYBSqZhcVm6wStypBGtCd0B08bFDzXng3PtfeVrD1jg - b37smpXoQNe6vvG6M9yr2qg6V21SZWw3a4K93qDn+mihbOsnpZj24L0fJctIZSC3 - la3aPsVYQg== - =G43o - -----END PGP MESSAGE----- - fp: c4639370c41133a738f643a591ddbc4c3387f1fb - - created_at: "2024-11-26T17:23:19Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMA98TrrsQEbXUARAAlFNovLVBXXDUSMxBYsZll4UZ7+sPAdLZ+kDu49JlX4rJ - zNo3NiNrVMfUUZpWx3q5mYGUR5Ys441kwhDlUhj5Jv7X7PkTl2KU+pZZBr5DBnD0 - 8Nzm8CeI+3gphujX7CGjUcRUKjOMSa8nhIvz919TW1KCmr1xLDQw8yZGWn+VVBe1 - g3ut0OEDFHBcU4T3DcFq7UMUCPpwo1Eas2tcLg4N18YCZanL34ziVlHlzocvE4Jz - 1Y/tWvYj/OytktRDITi9/OIdS4hmSSPe8Qzb5abSCz20CzojVaDwEFGgwv9IRkBQ - C7RmPyd3u8Y/13tMORKz65LExmolhQyW4GVozDdEFQckwBYxMmaY9q7JVgKi5WD+ - 8s3r4vcIdISKlWH0E3qmJhkHxpoDmAS7NLXb8ROpCjKZKTK+XE0AEK8S3CFNgbvA - yKAnr7MVMJJBjbgxKJaoIjwNwkXQWCvm1f2s+xJTGQGHG+2hMgVoYb6dlpir08jR - yDHYxtpz/tRSXkjM7C6+r3SzZub/xowtWNUeZJqhsBhpP7cVT/dkd9cKvL+LTYM5 - nQpczoNfBSn/wt87rCV6lFRyUsqhqUfMIR4T8mpa+2weneqX8olb8CT4312E9eEw - mqVX+fGETWpUN/cEpnFFcXS/MPAJCHyedov5MgdmBL/XEVKbWAPk22CGgFv8GHTS - VgEKUaeKWKThwCYl8ylTpgO7eZ+retflRpoVUddWyAiTe/rTvrBfR9hayZPYp2Lf - vmQLDfcHAH/DmazB7CAlomaLS/1ab1zHltvSw4HFKFy9lxl692Fk - =BnOX - -----END PGP MESSAGE----- - fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4 - - created_at: "2024-11-26T17:23:19Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMA1kR3vWkIYVnARAAm1JETHrYuQ282GaaCLC9ZRjtskt3Tt9sAveKoltS6PgG - zDE1L5XFgWMg+IrxISqw4a6dIoJcJVlSIaojPkAENqjeHWEFdI6QoQ2P3yNgU8Fd - MzTukSmPZwP/XMLE73SIWU7+23qlnnCQrHzqNHZh6vijz6fIjQ4xfvGnV2n0MD/V - BVjPZJv3BbV+Xaf43hwEsFfn90h8wyd1Ls3Q7PlQA9lL952B9IAm3koN/LWAbYqo - oxSXb13kQuvtL6TwsHc1QGlHWaEdJRgTLnYxroqgOC6PXKqoTSmX4adeExWCMg7E - HGe/S/PG6xBJlWhZcDS2ldZjFCHojy43NsJj/0ir4onBqehvb/Bw2RiVrRW9ZCNx - Ydk1UXdk/2bFeHSTaSNEgXEsU6GQNFRKS+PkxLst5xT2GLnPAQu1vCxVsYOze8BX - AwySIEEZikqb9ycP0eJGOYRPW1Vw43xUaexClLa6zFi+o45jxbzCOChpAobjIQ4t - kOdtEnKYTg9jWuK57zCD8/EmY98kfSSRas119fJ/8eeFib2I4WT9WwAbD4+8Ld4c - GzUg00mim2Xz6LPJkqX3SNL9/ZHqlirJMoMcltIro14dT+BsgBL/8OnHXQ0SMRhg - wz+Dx7fUcP+rkN8tSG/wXQ3CAMv8lfOw1XqKzx4mMqjaVoqbhKNPUtYRUAWWPx/S - VgEmV0aoiD0ar/QxZRUZwWawTPsJOCxZptvvsW22jWq/G7VyX6OR56XmI+jPUCFm - 1WN8TkplHFtFqUTyQL8lI66iQiaYMmpjjVU6TKqNGShHSj65cB/n - =38qM - -----END PGP MESSAGE----- - fp: 4095412245b6efc14cf92ca25911def5a4218567 - unencrypted_suffix: _unencrypted - version: 3.8.1 From 9b4cd02e531af4db90f25f5575eca2419734bbca Mon Sep 17 00:00:00 2001 From: ahtlon Date: Sat, 18 Jan 2025 18:43:30 +0100 Subject: [PATCH 11/17] [nextcloud] enable postgress, redis, change domain --- machines/nextcloud/configuration.nix | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/machines/nextcloud/configuration.nix b/machines/nextcloud/configuration.nix index 104b283..28ce90e 100644 --- a/machines/nextcloud/configuration.nix +++ b/machines/nextcloud/configuration.nix @@ -21,13 +21,19 @@ with lib; ../modules/autoupdate.nix ]; - environment.etc."nextcloud-admin-pass".text = "hXz5vspPsFPY"; services.nextcloud = { enable = true; package = pkgs.nextcloud30; - hostName = "10.0.0.11"; - #config.adminpassFile = config.sops.secrets.nextcloudAdminPass.path; - config.adminpassFile = "/etc/nextcloud-admin-pass"; #user=root + hostName = "cloud.malobeo.org"; + config.adminpassFile = config.sops.secrets.nextcloudAdminPass.path; + #https = true; #disable for testing + database.createLocally = true; + config.dbtype = pgsql; + configureRedis = true; + caching = { + redis = true; + apcu = true; + }; extraAppsEnable = true; extraApps = { inherit (config.services.nextcloud.package.packages.apps) contacts calendar; @@ -37,6 +43,9 @@ with lib; license = "agpl3Plus"; }; }; + settings = { + trusted_domains = ["10.0.0.13"]; + }; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; From 617c1778923123acd8777f230e2f55d153674117 Mon Sep 17 00:00:00 2001 From: ahtlon Date: Sat, 18 Jan 2025 19:27:42 +0100 Subject: [PATCH 12/17] [nextcloud] flake update because for some reason the sha changed --- flake.lock | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index 2204f3f..5e4e10d 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1730135292, - "narHash": "sha256-CI27qHAbc3/tIe8sb37kiHNaeCqGxNimckCMj0lW5kg=", + "lastModified": 1736864502, + "narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=", "owner": "nix-community", "repo": "disko", - "rev": "ab58501b2341bc5e0fc88f2f5983a679b075ddf5", + "rev": "0141aabed359f063de7413f80d906e1d98c0c123", "type": "github" }, "original": { @@ -67,11 +67,11 @@ ] }, "locked": { - "lastModified": 1733951536, - "narHash": "sha256-Zb5ZCa7Xj+0gy5XVXINTSr71fCfAv+IKtmIXNrykT54=", + "lastModified": 1736373539, + "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", "owner": "nix-community", "repo": "home-manager", - "rev": "1318c3f3b068cdcea922fa7c1a0a1f0c96c22f5f", + "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", "type": "github" }, "original": { @@ -109,11 +109,11 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1734041466, - "narHash": "sha256-51bhaMe8BZuNAStUHvo07nDO72wmw8PAqkSYH4U31Yo=", + "lastModified": 1736905611, + "narHash": "sha256-eW6SfZRaOnOybBzhvEzu3iRL8IhwE0ETxUpnkErlqkE=", "owner": "astro", "repo": "microvm.nix", - "rev": "3910e65c3d92c82ea41ab295c66df4c0b4f9e7b3", + "rev": "a18d7ba1bb7fd4841191044ca7a7f895ef2adf3b", "type": "github" }, "original": { @@ -124,11 +124,11 @@ }, "nixlib": { "locked": { - "lastModified": 1733620091, - "narHash": "sha256-5WoMeCkaXqTZwwCNLRzyLxEJn8ISwjx4cNqLgqKwg9s=", + "lastModified": 1736643958, + "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "f4dc9a6c02e5e14d91d158522f69f6ab4194eb5b", + "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", "type": "github" }, "original": { @@ -145,11 +145,11 @@ ] }, "locked": { - "lastModified": 1733965598, - "narHash": "sha256-0tlZU8xfQGPcBOdXZee7P3vJLyPjTrXw7WbIgXD34gM=", + "lastModified": 1737057290, + "narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "d162ffdf0a30f3d19e67df5091d6744ab8b9229f", + "rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453", "type": "github" }, "original": { @@ -160,11 +160,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1733861262, - "narHash": "sha256-+jjPup/ByS0LEVIrBbt7FnGugJgLeG9oc+ivFASYn2U=", + "lastModified": 1736978406, + "narHash": "sha256-oMr3PVIQ8XPDI8/x6BHxsWEPBRU98Pam6KGVwUh8MPk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cf737e2eba82b603f54f71b10cb8fd09d22ce3f5", + "rev": "b678606690027913f3434dea3864e712b862dde5", "type": "github" }, "original": { @@ -192,11 +192,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1733759999, - "narHash": "sha256-463SNPWmz46iLzJKRzO3Q2b0Aurff3U1n0nYItxq7jU=", + "lastModified": 1737062831, + "narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a73246e2eef4c6ed172979932bc80e1404ba2d56", + "rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c", "type": "github" }, "original": { @@ -208,11 +208,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1733808091, - "narHash": "sha256-KWwINTQelKOoQgrXftxoqxmKFZb9pLVfnRvK270nkVk=", + "lastModified": 1736916166, + "narHash": "sha256-puPDoVKxkuNmYIGMpMQiK8bEjaACcCksolsG36gdaNQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a0f3e10d94359665dba45b71b4227b0aeb851f8e", + "rev": "e24b4c09e963677b1beea49d411cd315a024ad3a", "type": "github" }, "original": { @@ -245,11 +245,11 @@ ] }, "locked": { - "lastModified": 1733965552, - "narHash": "sha256-GZ4YtqkfyTjJFVCub5yAFWsHknG1nS/zfk7MuHht4Fs=", + "lastModified": 1737107480, + "narHash": "sha256-GXUE9+FgxoZU8v0p6ilBJ8NH7k8nKmZjp/7dmMrCv3o=", "owner": "Mic92", "repo": "sops-nix", - "rev": "2d73fc6ac4eba4b9a83d3cb8275096fbb7ab4004", + "rev": "4c4fb93f18b9072c6fa1986221f9a3d7bf1fe4b6", "type": "github" }, "original": { From fabf48a5c0edc8c1d966cc12ec1bf8c8124df6de Mon Sep 17 00:00:00 2001 From: ahtlon Date: Sat, 18 Jan 2025 19:28:23 +0100 Subject: [PATCH 13/17] [nextcloud] nextcloud works now --- machines/nextcloud/configuration.nix | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/machines/nextcloud/configuration.nix b/machines/nextcloud/configuration.nix index 28ce90e..e65df4c 100644 --- a/machines/nextcloud/configuration.nix +++ b/machines/nextcloud/configuration.nix @@ -5,7 +5,10 @@ with lib; { sops.defaultSopsFile = ./secrets.yaml; sops.secrets = { - nextcloudAdminPass = {}; + nextcloudAdminPass = { + owner = "nextcloud"; + group = "nextcloud"; + }; }; networking = { @@ -28,7 +31,7 @@ with lib; config.adminpassFile = config.sops.secrets.nextcloudAdminPass.path; #https = true; #disable for testing database.createLocally = true; - config.dbtype = pgsql; + config.dbtype = "pgsql"; configureRedis = true; caching = { redis = true; @@ -38,8 +41,8 @@ with lib; extraApps = { inherit (config.services.nextcloud.package.packages.apps) contacts calendar; collectives = pkgs.fetchNextcloudApp { - sha256 = "sha256-ErCWmQCI+ym9Pvsf84Z9yq4CyYJ1uVhyhhlS2bVSJ54="; - url = "https://github.com/nextcloud/collectives/releases/download/v2.15.1/collectives-2.15.1.tar.gz"; + sha256 = "sha256-cj/8FhzxOACJaUEu0eG9r7iAQmnOG62yFHeyUICalFY="; + url = "https://github.com/nextcloud/collectives/releases/download/v2.15.2/collectives-2.15.2.tar.gz"; license = "agpl3Plus"; }; }; From 5352c1fa4d7b85d1a88c880ddae390c9e9b09f1e Mon Sep 17 00:00:00 2001 From: kalipso Date: Fri, 17 Jan 2025 14:30:49 +0100 Subject: [PATCH 14/17] [docs] make readme the index still most of it is quite out of date... --- doc/src/Index.md | 83 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 82 insertions(+), 1 deletion(-) diff --git a/doc/src/Index.md b/doc/src/Index.md index 8b013d6..104fd5b 100644 --- a/doc/src/Index.md +++ b/doc/src/Index.md @@ -1 +1,82 @@ -# Index +# malobeo infrastructure + +this repository nxios configurations of the digital malobeo infrastructure. it should be used to setup, test, build and deploy different hosts in a reproducible manner. + +the file structure is based on this [blog post](https://samleathers.com/posts/2022-02-03-my-new-network-and-deploy-rs.html) + +### deploying configuration +#### local deployment +``` shell +nixos-rebuild switch --use-remote-sudo +``` + +#### remote deployment +you need the hostname and ip address of the host: +``` shell + nixos-rebuild switch --flake .# --target-host root@ --build-host localhost +``` + +in this case 'localhost' is used as buildhost which can be usefull if the target host is low systemresources + + +## development + +### requirements +we use flake based configurations for our hosts. if you want to build configurations on you own machine you have to enable flakes first by adding the following to your *configuration.nix* or *nix.conf* +``` nix +nix.extraOptions = '' + experimental-features = nix-command flakes +''; +``` + +More information about flakes can be found [here](https://nixos.wiki/wiki/Flakes) + +### dev shell +a development shell with the correct environment can be created by running ```nix develop ``` + +If you're using direnv you can add flake support by following those steps: [link](https://nixos.wiki/wiki/Flakes#Direnv_integration) + +### build a configuration + +to build a configuration run the following command (replace `````` with the actual hostname): + +``` shell +nix build .#nixosConfigurations..config.system.build.toplevel +``` + +### building raspberry image + +for the raspberry it is possible to build the whole configuration as an sd-card image which then can be flashed directly. more information about building arm on nixos can be found [here](https://nixos.wiki/wiki/NixOS_on_ARM). + +to be able to build the image you need to enable qemu emulation on the machine you are building with. therefore it is necessary to add the following to your configuration.nix: + +``` nix +boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; +``` + +then you can build the image with: + +``` shell +nix build .#nixosConfigurations.rpi1_base_image.config.system.build.sdImage +``` + +### run a configuration as vm + +to run a vm we have to build it first using the following command (replace `````` with the actual hostname): + +``` shell +nix build .#nixosConfigurations..config.system.build.vm +``` + +afterwards run the following command to start the vm: + +``` shell +./result/bin/run--vm +``` + +### documentation + +for documentation we currently just use README.md files. + +the devshell provides the python package ['grip'](https://github.com/joeyespo/grip) which can be used to preview different README.md files in the browser. +the usage is simple, just run ```grip``` in the same folder as the README.md you wanna preview. then open your browser at ```http://localhost:6419 ```. From 4462856fa0ca8bb9d02d61a960883dad7fc314d3 Mon Sep 17 00:00:00 2001 From: kalipso Date: Sun, 19 Jan 2025 14:52:20 +0100 Subject: [PATCH 15/17] [nextcloud] rm obsolete nameserver --- machines/nextcloud/configuration.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/machines/nextcloud/configuration.nix b/machines/nextcloud/configuration.nix index e65df4c..2c6c050 100644 --- a/machines/nextcloud/configuration.nix +++ b/machines/nextcloud/configuration.nix @@ -14,7 +14,6 @@ with lib; networking = { hostName = mkDefault "nextcloud"; useDHCP = false; - nameservers = [ "1.1.1.1" ]; }; imports = [ From affcc71eb1c29e96921f4311faf04c39de01675b Mon Sep 17 00:00:00 2001 From: kalipso Date: Sun, 19 Jan 2025 14:52:33 +0100 Subject: [PATCH 16/17] [fanny] deploy nextcloud --- machines/fanny/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix index 946d25e..53e28cb 100644 --- a/machines/fanny/configuration.nix +++ b/machines/fanny/configuration.nix @@ -53,7 +53,7 @@ in }; services.malobeo.microvm.enableHostBridge = true; - services.malobeo.microvm.deployHosts = [ "infradocs" ]; + services.malobeo.microvm.deployHosts = [ "infradocs" "nextcloud" ]; networking = { firewall = { From 68b3da7df87edece7f6795fd4981eb6834cd6e19 Mon Sep 17 00:00:00 2001 From: kalipso Date: Sun, 19 Jan 2025 14:53:39 +0100 Subject: [PATCH 17/17] [fanny] proxypass cloud.malobeo.org --- machines/fanny/configuration.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix index 53e28cb..2eb0c6b 100644 --- a/machines/fanny/configuration.nix +++ b/machines/fanny/configuration.nix @@ -70,6 +70,14 @@ in ''; }; }; + + virtualHosts."cloud.malobeo.org" = { + locations."/" = { + proxyPass = "http://10.0.0.13"; + extraConfig = '' + ''; + }; + }; }; services.tor = {