From f6719d3218da2b0b1383847fedbe925c9de79758 Mon Sep 17 00:00:00 2001 From: ahtlon Date: Fri, 11 Apr 2025 20:15:52 +0200 Subject: [PATCH 1/6] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/bd65bc3cde04c16755955630b344bc9e35272c56?narHash=sha256-dinzAqCjenWDxuy%2BMqUQq0I4zUSfaCvN9rzuCmgMZJY%3D' (2025-01-08) → 'github:nix-community/home-manager/b4e98224ad1336751a2ac7493967a4c9f6d9cb3f?narHash=sha256-t7dFCDl4vIOOUMhEZnJF15aAzkpaup9x4ZRGToDFYWI%3D' (2025-04-08) • Updated input 'microvm': 'github:astro/microvm.nix/d3a9b7504d420a1ffd7c83c1bb8fe57deaf939d2?narHash=sha256-bNvtud2PUcbYM0i5Uq1v01Dcgq7RuhVKfjaSKkW2KRI%3D' (2025-02-09) → 'github:astro/microvm.nix/773d5a04e2e10ca7b412270dea11276a496e1b61?narHash=sha256-Fz7AiCJWtoWZ2guJwO3B1h3RuJxYWaCzFIqY0Kmkyrs%3D' (2025-03-27) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453?narHash=sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL%2BtIBm49vpepwL1MQ%3D' (2025-01-16) → 'github:nix-community/nixos-generators/42ee229088490e3777ed7d1162cb9e9d8c3dbb11?narHash=sha256-QaMEhcnscfF2MqB7flZr%2BsLJMMYZPnvqO4NYf9B4G38%3D' (2025-03-21) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/2eccff41bab80839b1d25b303b53d339fbb07087?narHash=sha256-5yRlg48XmpcX5b5HesdGMOte%2BYuCy9rzQkJz%2Bimcu6I%3D' (2025-02-06) → 'github:NixOS/nixos-hardware/1fe3cc2bc5d2dc9c81cb4e63d2f67c1543340df1?narHash=sha256-OuLhysErPHl53BBifhesrRumJNhrlSgQDfYOTXfgIMg%3D' (2025-04-11) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/44534bc021b85c8d78e465021e21f33b856e2540?narHash=sha256-PwQASeL2cGVmrtQYlrBur0U20Xy07uSWVnFup2PHnDs%3D' (2025-02-10) → 'github:NixOS/nixpkgs/f9ebe33a928b5d529c895202263a5ce46bdf12f7?narHash=sha256-QZnNHM823am8apCqKSPdtnzPGTy2ZB4zIXOVoBp5%2BW0%3D' (2025-04-10) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/a79cfe0ebd24952b580b1cf08cd906354996d547?narHash=sha256-mIvECo/NNdJJ/bXjNqIh8yeoSjVLAuDuTUzAo7dzs8Y%3D' (2025-02-08) → 'github:NixOS/nixpkgs/f675531bc7e6657c10a18b565cfebd8aa9e24c14?narHash=sha256-gbl9hE39nQRpZaLjhWKmEu5ejtQsgI5TWYrIVVJn30U%3D' (2025-04-09) • Updated input 'sops-nix': 'github:Mic92/sops-nix/07af005bb7d60c7f118d9d9f5530485da5d1e975?narHash=sha256-7JAGezJ0Dn5qIyA2%2BT4Dt/xQgAbhCglh6lzCekTVMeU%3D' (2025-02-11) → 'github:Mic92/sops-nix/69d5a5a4635c27dae5a742f36108beccc506c1ba?narHash=sha256-SR6%2BqjkPjGQG%2B8eM4dCcVtss8r9bre/LAxFMPJpaZeU%3D' (2025-04-08) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 98a258a..befe850 100644 --- a/flake.lock +++ b/flake.lock @@ -67,11 +67,11 @@ ] }, "locked": { - "lastModified": 1736373539, - "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", + "lastModified": 1744117652, + "narHash": "sha256-t7dFCDl4vIOOUMhEZnJF15aAzkpaup9x4ZRGToDFYWI=", "owner": "nix-community", "repo": "home-manager", - "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", + "rev": "b4e98224ad1336751a2ac7493967a4c9f6d9cb3f", "type": "github" }, "original": { @@ -109,11 +109,11 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1739104176, - "narHash": "sha256-bNvtud2PUcbYM0i5Uq1v01Dcgq7RuhVKfjaSKkW2KRI=", + "lastModified": 1743083165, + "narHash": "sha256-Fz7AiCJWtoWZ2guJwO3B1h3RuJxYWaCzFIqY0Kmkyrs=", "owner": "astro", "repo": "microvm.nix", - "rev": "d3a9b7504d420a1ffd7c83c1bb8fe57deaf939d2", + "rev": "773d5a04e2e10ca7b412270dea11276a496e1b61", "type": "github" }, "original": { @@ -145,11 +145,11 @@ ] }, "locked": { - "lastModified": 1737057290, - "narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=", + "lastModified": 1742568034, + "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453", + "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11", "type": "github" }, "original": { @@ -160,11 +160,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1738816619, - "narHash": "sha256-5yRlg48XmpcX5b5HesdGMOte+YuCy9rzQkJz+imcu6I=", + "lastModified": 1744366945, + "narHash": "sha256-OuLhysErPHl53BBifhesrRumJNhrlSgQDfYOTXfgIMg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "2eccff41bab80839b1d25b303b53d339fbb07087", + "rev": "1fe3cc2bc5d2dc9c81cb4e63d2f67c1543340df1", "type": "github" }, "original": { @@ -192,11 +192,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1739020877, - "narHash": "sha256-mIvECo/NNdJJ/bXjNqIh8yeoSjVLAuDuTUzAo7dzs8Y=", + "lastModified": 1744232761, + "narHash": "sha256-gbl9hE39nQRpZaLjhWKmEu5ejtQsgI5TWYrIVVJn30U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a79cfe0ebd24952b580b1cf08cd906354996d547", + "rev": "f675531bc7e6657c10a18b565cfebd8aa9e24c14", "type": "github" }, "original": { @@ -208,11 +208,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1739206421, - "narHash": "sha256-PwQASeL2cGVmrtQYlrBur0U20Xy07uSWVnFup2PHnDs=", + "lastModified": 1744309437, + "narHash": "sha256-QZnNHM823am8apCqKSPdtnzPGTy2ZB4zIXOVoBp5+W0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "44534bc021b85c8d78e465021e21f33b856e2540", + "rev": "f9ebe33a928b5d529c895202263a5ce46bdf12f7", "type": "github" }, "original": { @@ -245,11 +245,11 @@ ] }, "locked": { - "lastModified": 1739262228, - "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=", + "lastModified": 1744103455, + "narHash": "sha256-SR6+qjkPjGQG+8eM4dCcVtss8r9bre/LAxFMPJpaZeU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975", + "rev": "69d5a5a4635c27dae5a742f36108beccc506c1ba", "type": "github" }, "original": { From 6b252928156e92a418f826f556134aeb974808ee Mon Sep 17 00:00:00 2001 From: ahtlon Date: Fri, 11 Apr 2025 20:36:27 +0200 Subject: [PATCH 2/6] [nextcloud] update to 31, add forms, appointments app --- machines/nextcloud/configuration.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/machines/nextcloud/configuration.nix b/machines/nextcloud/configuration.nix index ad68296..0c9210f 100644 --- a/machines/nextcloud/configuration.nix +++ b/machines/nextcloud/configuration.nix @@ -33,7 +33,7 @@ with lib; services.nextcloud = { enable = true; - package = pkgs.nextcloud30; + package = pkgs.nextcloud31; hostName = "cloud.malobeo.org"; config.adminpassFile = config.sops.secrets.nextcloudAdminPass.path; #https = true; #disable for testing @@ -47,10 +47,10 @@ with lib; }; extraAppsEnable = true; extraApps = { - inherit (config.services.nextcloud.package.packages.apps) contacts calendar deck polls registration; - collectives = pkgs.fetchNextcloudApp { - sha256 = "sha256-cj/8FhzxOACJaUEu0eG9r7iAQmnOG62yFHeyUICalFY="; - url = "https://github.com/nextcloud/collectives/releases/download/v2.15.2/collectives-2.15.2.tar.gz"; + inherit (config.services.nextcloud.package.packages.apps) contacts calendar deck polls registration collectives forms; + appointments = pkgs.fetchNextcloudApp { + sha256 = "sha256-ls1rLnsX7U9wo2WkEtzhrvliTcWUl6LWXolE/9etJ78="; + url = "https://github.com/SergeyMosin/Appointments/raw/refs/tags/v2.4.3/build/artifacts/appstore/appointments.tar.gz"; license = "agpl3Plus"; }; }; @@ -62,7 +62,7 @@ with lib; }; phpOptions = { "realpath_cache_size" = "0"; - "opcache.interned_strings_buffer" = "23"; + "opcache.interned_strings_buffer" = "32"; }; }; From 00f4b7c2b17f050ec757955020bd5bc68aa04322 Mon Sep 17 00:00:00 2001 From: ahtlon Date: Fri, 11 Apr 2025 21:16:49 +0200 Subject: [PATCH 3/6] [docs] Add nextcloud upgrade docs --- doc/src/anleitung/updates.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/doc/src/anleitung/updates.md b/doc/src/anleitung/updates.md index 35d0173..6860ef6 100644 --- a/doc/src/anleitung/updates.md +++ b/doc/src/anleitung/updates.md @@ -1 +1,8 @@ # Updates +## Nextcloud +Update nextcloud to a new major version: +- Update lock file `nix flake update --commit-lock-file` +- Change services.nextcloud.package to the next version (do not skip major version upgrades) +- change custom `extraApps` to the new version +- TEST! +`sudo run-vm nextcloud --dummy-secrets --networking` \ No newline at end of file From da12a733349087baae8b12dddeff5c012c95ee94 Mon Sep 17 00:00:00 2001 From: kalipso Date: Sun, 13 Apr 2025 15:24:06 +0200 Subject: [PATCH 4/6] [run-vim] allow setting data share --- machines/modules/host_builder.nix | 11 ++++++++++- scripts/run-vm.sh | 17 ++++++++++++++++- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/machines/modules/host_builder.nix b/machines/modules/host_builder.nix index 0fe7574..14fac78 100644 --- a/machines/modules/host_builder.nix +++ b/machines/modules/host_builder.nix @@ -133,6 +133,13 @@ rec { mountPoint = "/var"; tag = "var"; } + ] ++ pkgs.lib.optionals (options.dataPath != "") [ + { + source = "${options.dataPath}"; + securityModel = "mapped"; + mountPoint = "/data"; + tag = "data"; + } ]); interfaces = pkgs.lib.mkIf (!options.withNetworking) (pkgs.lib.mkForce [{ @@ -209,6 +216,7 @@ rec { (vmMicroVMOverwrites name { withNetworking = true; varPath = ""; + dataPath = ""; writableStore = false; }) (if sopsDummy then (vmSopsOverwrites name) else {}) ]); @@ -218,11 +226,12 @@ rec { builtins.listToAttrs (map mapperFunc self.nixosConfigurations.${host}.config.services.malobeo.microvm.deployHosts)); }; - buildVM = host: networking: sopsDummy: disableDisko: varPath: writableStore: fwdPort: (self.nixosConfigurations.${host}.extendModules { + buildVM = host: networking: sopsDummy: disableDisko: varPath: dataPath: writableStore: fwdPort: (self.nixosConfigurations.${host}.extendModules { modules = [ (vmMicroVMOverwrites host { withNetworking = networking; varPath = "${varPath}"; + dataPath = "${dataPath}"; writableStore = writableStore; fwdPort = fwdPort; }) (if sopsDummy then (vmSopsOverwrites host) else {}) diff --git a/scripts/run-vm.sh b/scripts/run-vm.sh index 3968cdd..8daa98c 100644 --- a/scripts/run-vm.sh +++ b/scripts/run-vm.sh @@ -6,6 +6,7 @@ usage() { echo "--no-disko disable disko and initrd secrets. needed for real hosts like fanny" echo "--writable-store enables writable store. necessary for host with nested imperative microvms like fanny" echo "--var path to directory that should be shared as /var. may require root otherwise some systemd units fail within vm. if dir is empty vm will populate" + echo "--data path to directory that should be shared as /data" echo "--fwd-port forwards the given port to port 80 on vm" exit 1 } @@ -23,6 +24,7 @@ DUMMY_SECRETS=false NO_DISKO=false RW_STORE=false VAR_PATH="" +DATA_PATH="" FWD_PORT=0 # check argws @@ -42,6 +44,15 @@ while [[ "$#" -gt 0 ]]; do usage fi ;; + --data) + if [[ -n "$2" && ! "$2" =~ ^- ]]; then + DATA_PATH="$2" + shift + else + echo "Error: --data requires a non-empty string argument." + usage + fi + ;; --fwd-port) if [[ -n "$2" && ! "$2" =~ ^- ]]; then FWD_PORT="$2" @@ -64,4 +75,8 @@ if [ -n "$VAR_PATH" ]; then echo "sharing var directory: $VAR_PATH" fi -nix run --show-trace --impure --expr "((builtins.getFlake \"$(pwd)\").vmBuilder.x86_64-linux \"$HOSTNAME\" $NETWORK $DUMMY_SECRETS $NO_DISKO \"$VAR_PATH\" $RW_STORE $FWD_PORT).config.microvm.declaredRunner" +if [ -n "$DATA_PATH" ]; then + echo "sharing data directory: $DATA_PATH" +fi + +nix run --show-trace --impure --expr "((builtins.getFlake \"$(pwd)\").vmBuilder.x86_64-linux \"$HOSTNAME\" $NETWORK $DUMMY_SECRETS $NO_DISKO \"$VAR_PATH\" \"$DATA_PATH\" $RW_STORE $FWD_PORT).config.microvm.declaredRunner" From 7732abfd680b6cd502e69fcf4b60ce512055f3d8 Mon Sep 17 00:00:00 2001 From: kalipso Date: Sun, 13 Apr 2025 15:29:28 +0200 Subject: [PATCH 5/6] [docs] update updates --- doc/src/anleitung/updates.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/doc/src/anleitung/updates.md b/doc/src/anleitung/updates.md index 6860ef6..d8b2ef2 100644 --- a/doc/src/anleitung/updates.md +++ b/doc/src/anleitung/updates.md @@ -1,8 +1,13 @@ # Updates ## Nextcloud Update nextcloud to a new major version: +- create state directories: `mkdir /tmp/var /tmp/data` +- run vm state dirs to initialize state `sudo run-vm nextcloud --dummy-secrets --networking --var /tmp/var --data + /tmp/data` - Update lock file `nix flake update --commit-lock-file` - Change services.nextcloud.package to the next version (do not skip major version upgrades) - change custom `extraApps` to the new version - TEST! -`sudo run-vm nextcloud --dummy-secrets --networking` \ No newline at end of file +- run vm again, it should successfully upgrade nextcloud from old to new version +- run vm state dirs to initialize state `sudo run-vm nextcloud --dummy-secrets --networking --var /tmp/var --data + /tmp/data` From e171178a938896e0b862cfb642117fa308562c44 Mon Sep 17 00:00:00 2001 From: kalipso Date: Sun, 13 Apr 2025 15:30:53 +0200 Subject: [PATCH 6/6] [docs] updates fix linebreaks --- doc/src/anleitung/updates.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/doc/src/anleitung/updates.md b/doc/src/anleitung/updates.md index d8b2ef2..10b32a8 100644 --- a/doc/src/anleitung/updates.md +++ b/doc/src/anleitung/updates.md @@ -2,12 +2,10 @@ ## Nextcloud Update nextcloud to a new major version: - create state directories: `mkdir /tmp/var /tmp/data` -- run vm state dirs to initialize state `sudo run-vm nextcloud --dummy-secrets --networking --var /tmp/var --data - /tmp/data` +- run vm state dirs to initialize state `sudo run-vm nextcloud --dummy-secrets --networking --var /tmp/var --data /tmp/data` - Update lock file `nix flake update --commit-lock-file` - Change services.nextcloud.package to the next version (do not skip major version upgrades) - change custom `extraApps` to the new version - TEST! - run vm again, it should successfully upgrade nextcloud from old to new version -- run vm state dirs to initialize state `sudo run-vm nextcloud --dummy-secrets --networking --var /tmp/var --data - /tmp/data` +- run vm state dirs to initialize state `sudo run-vm nextcloud --dummy-secrets --networking --var /tmp/var --data /tmp/data`