kalipso/infrastructure
1
1
Fork 1
Code Issues 42 Pull Requests 2 Actions Projects 2 Releases Wiki Activity

Compare commits

base: kalipso:8a998e7068c276afd7f1e42b2fe1638ba923bdd6
Branches Tags
kalipso:master kalipso:nextcloud_deck_derivation kalipso:vaultwarden kalipso:staging kalipso:script kalipso:zineshop kalipso:nextcloud_upgrade_31 kalipso:printer-module kalipso:microvm-dirs kalipso:sanoid kalipso:issue77 kalipso:reproducible-deployments kalipso:reproducible-deployments-filestructure kalipso:issue31 kalipso:microvm-module kalipso:issue47 kalipso:hostbuilder kalipso:better-workflows kalipso:issue51 kalipso:local-testing-v2 kalipso:gitea kalipso:fileserver
..
compare: kalipso:issue47
Branches Tags
kalipso:nextcloud_deck_derivation kalipso:vaultwarden kalipso:master kalipso:staging kalipso:script kalipso:zineshop kalipso:nextcloud_upgrade_31 kalipso:printer-module kalipso:microvm-dirs kalipso:sanoid kalipso:issue77 kalipso:reproducible-deployments kalipso:reproducible-deployments-filestructure kalipso:issue31 kalipso:microvm-module kalipso:issue47 kalipso:hostbuilder kalipso:better-workflows kalipso:issue51 kalipso:local-testing-v2 kalipso:gitea kalipso:fileserver

19 Commits
8a998e7068 ... issue47

Author SHA1 Message Date
ahtlon
a07bec0472 [scripts] only need to unlock once
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m18s
Details
2025-01-24 18:42:31 +01:00
ahtlon
4a67683462 [disko] Bit of a hack but the storage partition now gets mounted after zroot using a file on the disk.
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m17s
Details
2025-01-24 18:30:51 +01:00
ahtlon
fb222bc1a4 [disko] rm btrfs-laptop.nix 2025-01-24 15:08:24 +01:00
kalipso
5c17164fd8 [testvm] integrate into hosts.nix
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m24s
Details
2025-01-23 21:20:37 +01:00
kalipso
a8bf6539e6 [run-vm] optional forward ports
Some checks failed
Check flake syntax / flake-check (push) Failing after 1m5s
Details 
currently only allows forwarding to port 80, i was to lazy to handle two
arguments in bash
 2025-01-23 21:12:53 +01:00
kalipso
a4063bf02b [testvm] add to nixosConfigurations again 2025-01-23 21:11:31 +01:00
kalipso
74ebf042e7 [run-vm] mv to /scripts
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m11s
Details
2025-01-23 21:00:30 +01:00
kalipso
a7ae07eba3 [nix] rm machines/configuration.nix 2025-01-23 21:00:30 +01:00
kalipso
baf77a1abd [nix] mv buildVM to host_builder 2025-01-23 21:00:30 +01:00
kalipso
fa5c68b2a3 [vmBuilder] add writable store flag 2025-01-23 21:00:30 +01:00
kalipso
2fb89082dd [nix] fix imports 2025-01-23 21:00:30 +01:00
kalipso
0f3591d111 [nix] mv vm overwrites to host_builder 2025-01-23 21:00:30 +01:00
kalipso
4eea2de7ec [nix] mv host_builer.nix host_builder.nix 2025-01-23 21:00:30 +01:00
kalipso
03f9e9b9a2 [nix] create nixosConfigurations using malobeo.hosts 2025-01-23 21:00:30 +01:00
kalipso
b349391de6 [nix] mv host declarations to hosts.nix, add util to host_builer.nix 2025-01-23 21:00:30 +01:00
kalipso
a02b2c2bc4 [nix] generate hosts 2025-01-23 21:00:30 +01:00
kalipso
dcc81ec929 [nix] init host_builder.nix 2025-01-23 21:00:30 +01:00
kalipso
de774ac9b4 [fanny] nat microvm traffic
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m22s
Details
2025-01-23 19:03:46 +01:00
kalipso
c8f7358ac2 [nextcloud] add deck and polls
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m22s
Details
2025-01-23 17:31:38 +01:00
10 changed files with 97 additions and 138 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -6,4 +6,3 @@ result
.direnv/ .direnv/
book/ book/
fanny-efi-vars.fd fanny-efi-vars.fd
nix-store-overlay.img

30
flake.lock generated
View File

@@ -109,11 +109,11 @@
"spectrum": "spectrum" "spectrum": "spectrum"
}, },
"locked": { "locked": {
"lastModified": 1739104176, "lastModified": 1736905611,
"narHash": "sha256-bNvtud2PUcbYM0i5Uq1v01Dcgq7RuhVKfjaSKkW2KRI=", "narHash": "sha256-eW6SfZRaOnOybBzhvEzu3iRL8IhwE0ETxUpnkErlqkE=",
"owner": "astro", "owner": "astro",
"repo": "microvm.nix", "repo": "microvm.nix",
"rev": "d3a9b7504d420a1ffd7c83c1bb8fe57deaf939d2", "rev": "a18d7ba1bb7fd4841191044ca7a7f895ef2adf3b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -160,11 +160,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1738816619, "lastModified": 1736978406,
"narHash": "sha256-5yRlg48XmpcX5b5HesdGMOte+YuCy9rzQkJz+imcu6I=", "narHash": "sha256-oMr3PVIQ8XPDI8/x6BHxsWEPBRU98Pam6KGVwUh8MPk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "2eccff41bab80839b1d25b303b53d339fbb07087", "rev": "b678606690027913f3434dea3864e712b862dde5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -192,11 +192,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1739020877, "lastModified": 1737062831,
"narHash": "sha256-mIvECo/NNdJJ/bXjNqIh8yeoSjVLAuDuTUzAo7dzs8Y=", "narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a79cfe0ebd24952b580b1cf08cd906354996d547", "rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -208,11 +208,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1739206421, "lastModified": 1736916166,
"narHash": "sha256-PwQASeL2cGVmrtQYlrBur0U20Xy07uSWVnFup2PHnDs=", "narHash": "sha256-puPDoVKxkuNmYIGMpMQiK8bEjaACcCksolsG36gdaNQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "44534bc021b85c8d78e465021e21f33b856e2540", "rev": "e24b4c09e963677b1beea49d411cd315a024ad3a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -245,11 +245,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1739262228, "lastModified": 1737107480,
"narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=", "narHash": "sha256-GXUE9+FgxoZU8v0p6ilBJ8NH7k8nKmZjp/7dmMrCv3o=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975", "rev": "4c4fb93f18b9072c6fa1986221f9a3d7bf1fe4b6",
"type": "github" "type": "github"
}, },
"original": { "original": {

8
machines/.sops.yaml
View File

@@ -8,12 +8,10 @@ keys:
- &admin_atlan age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c - &admin_atlan age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c
- &machine_moderatio 3b7027ab1933c4c5e0eb935f8f9b3c058aa6d4c2 - &machine_moderatio 3b7027ab1933c4c5e0eb935f8f9b3c058aa6d4c2
- &machine_lucia 3474196f3adf27cfb70f8f56bcd52d1ed55033db - &machine_lucia 3474196f3adf27cfb70f8f56bcd52d1ed55033db
- &machine_durruti age1pd2kkscyh7fuvm49umz8lfhse4fpkmp5pa3gvnh4ranwxs4mz9nqdy7sda - &machine_durruti age1xu6kxpf8p0r8d6sgyl0m20p5hmw35nserl7rejuzm66eql0ur4mq03u0vp
- &machine_infradocs age1decc74l6tm5sjtnjyj8rkxysr9j49fxsc92r2dcfpmzdcjv5dews8f03se
- &machine_overwatch age1psj6aeu03s2k4zdfcte89nj4fw95xgk4e7yr3e6k6u2evq84ng3s57p6f0
- &machine_vpn age1v6uxwej4nlrpfanr9js7x6059mtvyg4fw50pzt0a2kt3ahk7edlslafeuh - &machine_vpn age1v6uxwej4nlrpfanr9js7x6059mtvyg4fw50pzt0a2kt3ahk7edlslafeuh
- &machine_fanny age1f53q3kkv0qsarlrkdaddjchdzckp5szkv4tu9kly7slkwd966sfs3vccce - &machine_fanny age14dpm6vaycd6u34dkndcktpamqgdyj4aqccjnl5533dsza05hxuds0tjfnf
- &machine_nextcloud age1z0cfz7l4vakjrte220h46fc05503506fjcz440na92pzgztlspmqc8vt6k - &machine_nextcloud age1w07s4y2uh0xd322ralyyh79545lvxzqncd0s65q9cx4ttlqv5u9s7y78gr
#this dummy key is used for testing. #this dummy key is used for testing.
- &machine_dummy age18jn5mrfs4gqrnv0e2sxsgh3kq4sgxx39hwr8z7mz9kt7wlgaasjqlr88ng - &machine_dummy age18jn5mrfs4gqrnv0e2sxsgh3kq4sgxx39hwr8z7mz9kt7wlgaasjqlr88ng
creation_rules: creation_rules:

13
machines/fanny/configuration.nix
View File

@@ -20,13 +20,6 @@ in
inputs.self.nixosModules.malobeo.metrics inputs.self.nixosModules.malobeo.metrics
]; ];
virtualisation.vmVariantWithDisko = {
virtualisation = {
memorySize = 4096;
cores = 3;
};
};
malobeo.metrics = { malobeo.metrics = {
enable = true; enable = true;
enablePromtail = true; enablePromtail = true;
@@ -58,17 +51,11 @@ in
disk0 = "disk/by-id/ata-SAMSUNG_MZ7LN256HCHP-000L7_S20HNAAH200381"; disk0 = "disk/by-id/ata-SAMSUNG_MZ7LN256HCHP-000L7_S20HNAAH200381";
}; };
storage = { storage = {
enable = true;
disks = ["disk/by-id/wwn-0x50014ee265b53b60" "disk/by-id/wwn-0x50014ee2bb0a194a"]; disks = ["disk/by-id/wwn-0x50014ee265b53b60" "disk/by-id/wwn-0x50014ee2bb0a194a"];
mirror = true; mirror = true;
}; };
}; };
systemd.tmpfiles.rules = [
"L /var/lib/microvms/data - - - - /data/microvms"
"d /data/microvms 0755 root root" #not needed for real host?
];
malobeo.initssh = { malobeo.initssh = {
enable = true; enable = true;
authorizedKeys = sshKeys.admins; authorizedKeys = sshKeys.admins;

78
machines/fanny/secrets.yaml
View File

@@ -5,63 +5,63 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: age:
- recipient: age1f53q3kkv0qsarlrkdaddjchdzckp5szkv4tu9kly7slkwd966sfs3vccce - recipient: age14dpm6vaycd6u34dkndcktpamqgdyj4aqccjnl5533dsza05hxuds0tjfnf
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzTmFmVEd0cjY1QkJNRXRQ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCTmdrV1IyM2hldloxM3Zh
NytpanU0UzF5aXlhRklJbW5yOExrbVFoREFjClRlVGVhOHZ2OW56Z21NU1FjaVFh cGVIZmtCZ0FLTEQxcFBLaVh0VXUwNWVGR1hBCnJ6SHpzckh5VVduM0Z2dkh2WHdy
ZnJHZk5mV3ZKQm84M0Z6em14akc4Rk0KLS0tIHRMQTdOZTVvNUNoM29tZ2Nockp6 WGxRV0JFZTdqcWgzUFlSZkowZElJd2MKLS0tIGxYL0orSVdmZzJBSEIvRUNDUVlK
VUJFMEpxb0Y4WlJhZGZPTk54ZXhIMEkKPwkXj7gRlIZ9aYGNlX+PdZa9BcaHt1G6 RWFLOWp4TVJBM3llS0lmQlBUQ2ZQNkUKEz/dXR0tkVeyC9Oxai5gZEAhRImdL1FL
DVNxfuYvecprnQWQ+pjVGzm8j78p7HpAcmJ/Aue3FTYo6S/vyEmK6A== 2LdVRiCt3MqR9wtfw1/pR7166Bx8nLIN42uWh2YU5j0/0rXNq+I6Qg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c - recipient: age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxbzF1WW82MlB3N2tmVjVa YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoQW5OU2FiNStkazFRRHBK
UGlLaThRUFNQOVV0d1ZxK2hJTE1pSGVoV2hVCis0UW41cXRVaC8yWGdCUEVaZjFM U2kzNkpWRDVQTDBkTFFNWnREcjh6NlhmRnhZCkxMYlZhcUlGUnN3QWFzbVkyYlpX
MmViQXJrV3pTNzN4aDNpVCtYNmdXUjQKLS0tIGZsYTRwUDI2YWlMNjBJY2ZNREVu eWZaOUxsUCtZYmx0U29ZckFaMjNLTFEKLS0tIExxV0REL3MwUTZpMkgxYlZMc0JS
ZzI3MWRLZ3lseitrQ0YrZ1BuM3BacmsK1gbJH+Qs6sTLrSZSUJtnvUNmbLNnPWVT cTNEYTBGT3VRaDI1eUhucnd5d2JhTWMKNZlkUjxX2QTFoiCWPzz62jz4kK8d5rW/
WOs8Pxf6ROYmstcF8yEGHxbVesWn0jMbC4aIAZOIyglh+6glxsbnpw== MJ1w69Qve7lsUAg74YlFF7i/yYSZZkHoRMs92lRmq3lHlbK6aaUMTw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-14T12:41:07Z" lastmodified: "2025-01-14T12:41:07Z"
mac: ENC[AES256_GCM,data:RJ4Fa8MmX8u8S3zrD/SaywTC3d2IfHQPBDy3C9u4GuXJ/ruEChAB1kN8rqMPvkmET8UUgHIEp7RpbzMtg/FOmKYKYTTx5t//3/VozvAEZurhG/4mnN3r6uaZ0R9+wSjym8IyOKsJ7p4XrfE5tRdzNyU4EqfkEiyf+jO751uSnYI=,iv:eiTdmbcrpUvyDPFmGawxJs/ehmD7KqulaoB+nfpC6ko=,tag:+TKr53cFS3wbLXNgcbZfJQ==,type:str] mac: ENC[AES256_GCM,data:RJ4Fa8MmX8u8S3zrD/SaywTC3d2IfHQPBDy3C9u4GuXJ/ruEChAB1kN8rqMPvkmET8UUgHIEp7RpbzMtg/FOmKYKYTTx5t//3/VozvAEZurhG/4mnN3r6uaZ0R9+wSjym8IyOKsJ7p4XrfE5tRdzNyU4EqfkEiyf+jO751uSnYI=,iv:eiTdmbcrpUvyDPFmGawxJs/ehmD7KqulaoB+nfpC6ko=,tag:+TKr53cFS3wbLXNgcbZfJQ==,type:str]
pgp: pgp:
- created_at: "2025-02-05T15:31:49Z" - created_at: "2025-01-14T12:32:13Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQGMA5HdvEwzh/H7AQv9FdyMi1hVqhXAHEIjv5hiCw+l+OU+WomhmQTNue3pfgLi hQGMA5HdvEwzh/H7AQv/YM4JBfaFngZt0SmMP3fBCodQXWnWMjy5VYoTOKKaOfG8
eP15nIqjOg4H+akley0alE5ZL7AU/x5catwmd+JqG3p+j4v3z4GGgpgob6srxhRR 5GRTf+o1stsru3EKImh5PTqniRO6UH+/DOKBY8zHsy9lXojGka3uPJRKv7JUD5YO
jcSZZZpOi5kMdvayX90Mm1zbzTSdxgHcI7tOtnr00kuUfkvTNyYP8ofvb19OZ3sS 8NjlHwwg+jcQN/qtrWc+1D69zR1aO/6yxfgujL3r/fJ4reqtSNfkVYVy2lEcw2ZN
ednM9E6h+qfCI+R2iv0WcyF0UXS8vExCl5djL4kV/gzc8iQz5qm1f67xem7kiN8M zhlN+fBxZCyHyUTKLcXrG7Fg8BRudjwBnIsBTLAVFkWg0bnlq38vicGpF5CHsRjA
dJZMmAkGSbSzCx/czqZ7pIB5LCmnGmLeYNBoMXdnj970dJrJ6/1DZqQNq4mkE8PG cTPq2D9ev888WKHcjFcXYqxeKkXkqBuOOMlCHQyJCv8HHfA/GY+pBQfiVmvSt77O
odn7U4dq37pfpp8LJR9XZuCuQ2TbW8WqczQ3l2u4hqQNhHNRGDB/FGJrkn31BirN /MA8hVYl8G4tRFsbUdZzqtPbAsLy30w1e9dpsD2M6tD55V2RNUCrznB2lo0uXZ24
Mwbb7UJQYQR5OzGwHTigpXDJnrf9j1CyAxbx3TrSHBrh63eVgUs1+mD9SUj6vVN7 9MUnad+NQdntbe5B2OBUF/MNKZ9/tC+B9pBm7Tx3rxSELytGuQF11x4EyLwn+Ict
aBb8Y1M/cPiDyo2dpsa5lG6hzDQzlpBuJI4a8kN9JVTbcwYuWECx2kTGnZDBW+xf iBBV5P3RiulxLW6MbDs+7JPILfcMfg6e8q+GY1dnIPZrs8Qf5W60FxbOYYiMvJ9k
KPNPrNzZmhIyZXMjPuK/0lgBuskgYg3sLqGgwUMisKCV56yRJr0zCoje3XWY6X2y UtnZAixVdlpkAsQz/t630lgBX9DLYjEVgaxC+zqtRjfHkoyvGIac6cgHDX/fBs7p
J7F0+/R3ESt98Za/qs4PG+U5oOXsUVlDZK0D+zVvnunJLOP/fT2yu4YoCZxy9Y6I Woud0RbwffhOhaIF47Z2W4UPfn5Mtcu63fQpjCM9urk9asaRPeNDTeEYVjqSZD6N
HbJzEdNC98ow J+o9dahBHvIF
=nYXr =GKm4
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: c4639370c41133a738f643a591ddbc4c3387f1fb fp: c4639370c41133a738f643a591ddbc4c3387f1fb
- created_at: "2025-02-05T15:31:49Z" - created_at: "2025-01-14T12:32:13Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMA98TrrsQEbXUAQ//b/vbXzTW+NgmpAfTEkrha0OeU3w4UEwejZVYJeFcTHrS hQIMA98TrrsQEbXUARAAmD4PfLpRVUXTo5yyS9LSs5vmEvnCmNc0ad4Oiv7YAxhs
nOh1W/a4pMNJ0n/xabGkwJs1o1CPEcV8ctta6OgwiXLFmfuVDYiT4YZw2zUML8kd W7SCKHq2zOfGIeZZHP0wjRnJELwMCVLy4dVo/slDHCiy8T4MZXaYR04ZaJJ+OHrF
umCgGFcCq5xjxIVbY7GXz/Grv+cJa6JfdQirNRoaDFvhgZxinAcuOhlb01pmf4o2 e5xxAA6FjipufvxgRZvLhDj+g+RaX2TuxdL9gFSVS81rvEpSRDnydt2O/6G4SGBR
frGrbCvkbDU/OLjMkfakUT87tZh6wfhlT14FABpZNrDHl7mpEvNH/prUMzj87ZME GO5b176eMerrqOqRLL5Ou4b6oitagvRwZzOXQ+YonKZz3STlyXRMgWxeFTDK9T/q
g1OkwdjC7sBXngPQjstgMeZmLfsXVhDlhPIPi2kh6LUCdDFkadOZG9+dMf5HpTPW yYOwPVAOU1jhYzUjHNAYCp3CH4ERScrO7AwomAWH+Fe48WRbg2ebdqRnuv/Vl4PM
v69CKJyzK8WcH5RoksYgYuACIMRO1VXfIpm6sJqHn2gXc/6CsiST7ofvGtBUhaW+ wc5DQcCIIIIENMGIYOzUo1KrfQlevzXF/mbgAgo/uVuRl3Y3lCRAcZBQOtUCF5Ap
B342tjWJiRhcU96KCP91NAo4aiNeQ/UjW6EAbJ9BaPWwAod6f3nxBEVvg8pMlLOR FhsO87EMXlZWj3bv08f21t3hQztfuaHIqFpCbSIGgmiE9cAY0cOtCYpJfCYdV7iT
pdW6p/Bz4HmvNW+xXLyxUER+ynkOouCMVrb7/eSvzV1Lf2Yz6K8hVe2ehgyVz++v cOElJgYRbAsAbFC9wTQWEvwIxrgnCIrkCg1bzP5KNLG1K+ae5J7qN77qeTQw2/ul
sXl6KqMGu5FNJS9j07hXYgWzwk6M+IBBC/YcjQdZQys4IadS1QbtuQOuP3KJ3wwk QDDUUNnzjes562t+/xFLQa/bust1Y8pAYn1s1LEBol1hLX4Igonlkw303UPjZOI2
qa4wyHRxb7/3svBP+2vi7HvjizwiEdk7r4CRnrdUm0C7Qozy8UdFMFWMdPMIdL2L MyH5hOh0hNUReuOpHpre/pYquE8Dd27XKAHfJsSd3ZLJG5+1Msw23lIsptgovNrB
tI2n71HASMmc7ekU4J45/d9MHqLUahO0wuTd7L4IvAsepZqY+uWuYBVoZW/vHc7S 5VRvPj8WPojiDHqN27kt/IuayN3TeoJFjmAjkoFjlyKTcs+b6cDkxUw3LcP+6NjS
WAGwfJ7/D8i3lbRP91TslhrCMdzrdzgAb/TLWAyKwSwPPzzf1dCLNp6yF4QRICwJ WAHQI0pWTa5zD8UPow4DHxteP4jW/6ddBfJ1Vz1scqKMXYvxFkRqZvn3uAJOtcuw
d/yxpSHBVgShCN3qIsiryx4FtUCPRwzgY96delesewJOIzxwjByIvTY= CgQ4CXE43n4G7g5gvWl6ZFW8tdXR7Sw+USnHR/9oS9fV0rHcxxDFEfE=
=vEEz =9FN4
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4 fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted

6
machines/modules/disko/default.nix
View File

@@ -102,7 +102,7 @@ in
mountOptions = [ "umask=0077" ]; mountOptions = [ "umask=0077" ];
}; };
}; };
encryptedSwap = lib.mkIf cfg.encryption { encryptedSwap = {
size = cfg.root.swap; size = cfg.root.swap;
content = { content = {
type = "swap"; type = "swap";
@@ -252,10 +252,6 @@ in
type = "zfs_fs"; type = "zfs_fs";
mountpoint = "/data"; mountpoint = "/data";
}; };
"encrypted/data/microvm" = {
type = "zfs_fs";
mountpoint = "/data/microvm";
};
reserved = { reserved = {
# for cow delete if pool is full # for cow delete if pool is full
options = { options = {

7
machines/modules/host_builder.nix
View File

@@ -70,13 +70,6 @@ rec {
proto = "virtiofs"; proto = "virtiofs";
socket = "var.socket"; socket = "var.socket";
} }
{
source = "/var/lib/microvms/data/${hostName}";
mountPoint = "/data";
tag = "data";
proto = "virtiofs";
socket = "microdata.socket";
}
]; ];
interfaces = [ interfaces = [

7
machines/modules/malobeo/peers.nix
View File

@@ -30,13 +30,6 @@
publicKey = "TrJ4UAF//zXdaLwZudI78L+rTC36zEDodTDOWNS4Y1Y="; publicKey = "TrJ4UAF//zXdaLwZudI78L+rTC36zEDodTDOWNS4Y1Y=";
}; };
"hetzner" = {
role = "client";
address = [ "10.100.0.6/24" ];
allowedIPs = [ "10.100.0.6/32" ];
publicKey = "csRzgwtnzmSLeLkSwTwEOrdKq55UOxZacR5D3GopCTQ=";
};
"fanny" = { "fanny" = {
role = "client"; role = "client";
address = [ "10.100.0.101/24" ]; address = [ "10.100.0.101/24" ];

7
machines/nextcloud/configuration.nix
View File

@@ -37,7 +37,6 @@ with lib;
hostName = "cloud.malobeo.org"; hostName = "cloud.malobeo.org";
config.adminpassFile = config.sops.secrets.nextcloudAdminPass.path; config.adminpassFile = config.sops.secrets.nextcloudAdminPass.path;
#https = true; #disable for testing #https = true; #disable for testing
datadir = "/data/services/nextcloud/";
database.createLocally = true; database.createLocally = true;
config.dbtype = "pgsql"; config.dbtype = "pgsql";
configureRedis = true; configureRedis = true;
@@ -56,12 +55,6 @@ with lib;
}; };
settings = { settings = {
trusted_domains = ["10.0.0.13"]; trusted_domains = ["10.0.0.13"];
"maintenance_window_start" = "1";
"default_phone_region" = "DE";
};
phpOptions = {
"realpath_cache_size" = "0";
"opcache.interned_strings_buffer" = "23";
}; };
}; };

78
machines/nextcloud/secrets.yaml
View File

@@ -8,60 +8,60 @@ sops:
- recipient: age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c - recipient: age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4dCt1ZFR0QnRqVFdiL0Zi YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqSk9GWktrZ3FsRHpOcTJp
VTR6Zy9ZTy9YNDBZaDRTZzJnU2ZKcjJ0MG1vCldpRU5tTzc1YU5KbjlDbXlNRjBU Y3VWMytTRlhxVXJma1puT1lMRTN2NHBNV2xrCi8xYTFWeVN6RWl0Um9mZXpoKzFh
Sm8yc0oyNWU1WHJoYTRvK3o4aGtTY2MKLS0tIE9wY0R0V3Vkc3Y1T1YwTkFTY0J5 SjVFcGJRNlhkVUZQYXpEb0EwYzUvUjQKLS0tIGEvdGdMRGxvcndxMllZTWZqKzg1
ZCtzbVdtNlh0cXpra2RWbEwzUDM0UjgKY3zZn5PUWuLBQgYxm9BUpLYWw3CdXYA8 aWlJOTdYV1JMM0dIWEFDSHRuQWdlcVUKsdwGZ3SkJEf4ALDhHUlSQJNKrFyWd7fW
4U6OVdRF6foj4/GrKKyhVf8dMbLbkhPvxqZ5wg40o6bwHEw9QNM+5Q== WTGk66NJ2yD8ko/6OyB9J9U0WPbFLgr972H+klBq/IDmOx0hClbYNA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1z0cfz7l4vakjrte220h46fc05503506fjcz440na92pzgztlspmqc8vt6k - recipient: age1w07s4y2uh0xd322ralyyh79545lvxzqncd0s65q9cx4ttlqv5u9s7y78gr
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQbDZaYjRTTDc0SFU2U2xQ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoNzdib3Ztd0g0MlVqYVF6
cUhESStvKzM5Z0QyZlJldURtRUJZTHhvNEFrCmxReGJ6MU9qdkh6UFVPYmRuQThs cUtjZzEyY2FJYVRoT1p5RlJwYVQwUXVOUkNVCkp4V3hMYlJsaVN4RjlwQXNWS1Jt
VmVCMTQwc0xkR0gzemlSUVlnN0NCZE0KLS0tIDFtK041ZlF4VFBreHVacitSVEN5 aitzWVdOcUdrNHorenZGZU1iWFZzVjgKLS0tIGNGcTU5OUJLM3VzQk1uODFwS1hO
WXg4UkJtU2dTR3ZjeFYzR3lRODhLYzgKrO+NtT0Q3K8FgDwW0WiZJOUHwkEz+wp8 WG16Y25tMDkreGFnSFRKN1AybyttYWcKcLHJScp2Ozh0jIdi7Hb/tSjaCGorqXaC
lgBkXy2QJuuJ11f2e9ZJ3hx1xgOm6SMBmgl3zQVfVpq88yZE8uDe2Q== 9DIrQPHbPP1RIc6Ak8Kn30/BHEWV3VaiBCT3vfS9pNJQNjB4T+901g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-26T20:00:50Z" lastmodified: "2024-11-26T20:00:50Z"
mac: ENC[AES256_GCM,data:qoY9SfpoU+8HfvD5v/1S6BOkbnZUmHIbtwr0tTSuPETjnFNgr1VVw9mnRatJKPYYFb9/rMZQWIqTY+iUIEkcTVyVXhd6ki5CHW+uxCeBIyMzq33rtEa/btkEUoii4iPieamBCIY21W0znE+edxfR04yRJtLxMICEbuW4Hjf6bwk=,iv:nG42fRgjpuIjPMYnn/6egEdzYolcUBsspaZ8zMv4888=,tag:C6apGoAvVLsWdLWSCwrx6w==,type:str] mac: ENC[AES256_GCM,data:qoY9SfpoU+8HfvD5v/1S6BOkbnZUmHIbtwr0tTSuPETjnFNgr1VVw9mnRatJKPYYFb9/rMZQWIqTY+iUIEkcTVyVXhd6ki5CHW+uxCeBIyMzq33rtEa/btkEUoii4iPieamBCIY21W0znE+edxfR04yRJtLxMICEbuW4Hjf6bwk=,iv:nG42fRgjpuIjPMYnn/6egEdzYolcUBsspaZ8zMv4888=,tag:C6apGoAvVLsWdLWSCwrx6w==,type:str]
pgp: pgp:
- created_at: "2025-02-06T12:36:59Z" - created_at: "2025-01-21T21:04:08Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQGMA5HdvEwzh/H7AQv8DLbU8OaQmYtAjTPlqeg1nv+/z3gA16MTZjz8rRBqK695 hQGMA5HdvEwzh/H7AQv/ejIylIgs3yeVcZriQTA8d/xyXTdFw6On422lTCDk3d0W
JaEbWoCJ2Nv5Mnzj7owQSk/+f+Q/d00osr4KOhQWTNoq1442MyWgIXKGPDmHgXv8 GOdV44vAzUzNX5tziQtLjectLUrKh9Qb9WaP4VnTCGI0XJ/dEtYRCkYMx8MjjbLl
CxFT3hIKMEFFvFtkSdo+HlBSTQJZtHgDSGabd2xd4e45tLnHsPvWQ4ngGn+piUaw 8GqFi3Hw958Uykp9wt0iiP6BQ42Fo77EPxVcn21eHKZY0zg/vaeRXXeXSzkjzANs
qz5+YIpmFNlnL9ubsB8NivryXlIL6wBXL83FyfAPnY+qG0/7frVWwP1Cejg1CGYl NN/KFS06uFRJhmp+0z6hDRrHnpb0wd5JGjHOp96jK9LmpwfZZZlVpAHp04hOhlPV
bOYxgb1uPYIIqvvU9bZ4r46DfojFFGur9pwG/wKGOgIQ867vsXtRnNm6+SJIHeyt cMmdjg9IRSubvbraTbDrgwB0h3JKdqovFDnAP/KvT+rw5xnVUVMq/3tUNq4MbfZb
eNqil3tee++V4VVUrDTf+gWufx9YFS/afRgMKuf1pUvQGTBMbUJNhIp+PjpOSBCk CvQrXsjQJQbEhY+eAJZVRO07kX0+zMvIin4ss7Xt++qlo4/OvFvuGbnUhJE+hrBb
Kk6uyMWrBhiCpAVU9GKFW1AbDBCgUig2sLIUGOrfb+RkzDLX4pEoa9DVVDC2pRVy nkyGhbDrjpsfa3djCEZ0UxMAWtPeIQ7T8QMkGY+UKeJKxfOGSchARnfCtGD/rtsj
F2fjEEbPAZepsPFNbgDyaixv+FeA5oWWiBnA7qO/v8t142UOtqBcexUZjBYYgRmt wuhqGya7g7WP78WzwASzlPwB5jpdQ29/zLWXR60lNCYu0UYSVYmlspZnKEB0FkLO
c0S+lTk//xEip9wYvY6W0lgBOLqEUEiLg1tw0xvt9H4R9aGNLkCyvUediwuAbfw4 TNUrwXXMrM0XwMVaG/sF0lgBEPE6CTuE85evCHFyu6zhEAa7YimKAPIowcwYLSJ2
bGha9PTckYpnKN589xxsDMqbQ0Vn/rxeSzC7RT+qtjUg1gDbDJQTZdYr0+//e0YV 46KfttJAYnRnb68Kk9N5xcFyvhKyTx/6eMdxkgr2LMoSTBDUgZfG3rDQC+ZbFE3m
xRvlnfPW9voB bUOvx3Ho80EC
=xqAk =oQd6
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: c4639370c41133a738f643a591ddbc4c3387f1fb fp: c4639370c41133a738f643a591ddbc4c3387f1fb
- created_at: "2025-02-06T12:36:59Z" - created_at: "2025-01-21T21:04:08Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMA98TrrsQEbXUARAAqGyBZLrJ1UpiJKIbQSTQpKA7bRD7olMczjh0Bx1fTN0U hQIMA98TrrsQEbXUAQ//eu7YkPL7dU4AYWCZI7THsiJ51SOMahOXp/qC5yL18aZY
bctdfIGVvdp5pM1C6xbvubNqAMEisQ1tMVozDkXCnLARTwcaq6lyE9vl3gJ1iF1Z r4SpyNhFezGIJfMuhwBSZZBI/MNW6M+zMwIJ2wkioxUDnDvfVi10/cV6p85U75Jn
N8SbxVTYV1SXg3qokyBsZIggQ6gJqAr62Pyoansp4HfwwFwYohwR2zTfHJ8pFkkW 59e1afN+eekG2DCI6sWPmLy8jmYh4CQRdEurtfzquDOARZ4IHZjotP5AWI8OPHlM
R2FfEI2Gw5nN4GaauIxUGFDPuvvZapCWZ/ejt4s/ezT9cYrwYfu9XIlqsivsi3yp FdK2jGXFVevQY0m619CNm78D2NEdlGe1QtLVSazWQ8MsDLfMnHTYFUy3EoSihzat
I03ohKS/pKhxlE7RV2ufRboG+m6TUCnyj5U5AzQa09hkSHd94s9A6M8I6M6zWebv QkcR//8whzlLT/NcqKlnBDNBU7FvPov+ZdUmIw1mx2wp5f2sGp4m737Yhoey2aFL
pdX73sCjWZQdIZoeM5oXcyY/s/h4/w37loOUE/thh1+hIjybAG0CH31nJkjcdcLg qLXHDc91nVRcw95FBDNYlSH8a2AzT4sm4vFR5EkC6vrfz+v1pdg1Fc3dc++hPgE0
l/fqTLa89JVt37bU9c/hVsx2Bc1cTO7nqhG3kyahkMSLFrsb73yTNn4kOqSKZ7+z MYWn6f4v8lDhPhw2kpmAP4Oz4uPdmPgdfXKiIzr7qf3O5lIC6ZIIwoqhj2f0odj6
189oR0EjNySgRt+M20vjKzhPbjxxQTKlpTE0vho6fEHYRmzPQ3IQbVUbPEbZR64I 7anDUN5C3B5ruFU3UNJEBLrZelbmg4zf2hAtzfoi0L9paIZX5SCLP3PDbvdRbADc
S+Nk7m95ZV8djaUOwqqU9pwDTvuYIBwhGOY1kefDg1sCCTM8C9RI9sG02HeQpme3 oyC3Gw/DeddQ9ZeP+wYiwJ/614zRBmZRzQr9RFowf0gJBSS7TaWPCONfUJ/3eekX
bgkO+m4khXeiiIrTAODiyM+GCwx6UcwooUSpu8LZJmhiZtfgMsFdGF3P7ngtoOEQ or8JpLTD5PMQNoS0L4S41Cj+yOg/AlmHF/9yvj1GVTKT9rBj3Snki9NOmY2ZUQo3
4cxP231EI/zoMqRyXYrvAovxXndwghG0LGcCAZZL6mNN2xzE6z1gesVWRjXM8inS BDdnsftA3w4q4iu06ojQkrjn/FJjmNzb83XR2WxrHFUAaY//nISyY/9uTsEhwFbS
WAFB7DgLTlY43D4QbhkyZfo6XltYe1g1tcJJraG/HICa7hq5BZn48t/BcacCvsrJ WAFlKfmyVc7nLBI12i0yWLLy/tcVF3c8gtGfNmyoe/RIr+6EQmzUi0v+X49Tnzpj
lIkEgOT8gn1SlQbDL+T+3pRNOixGKPNU6Ategoy+Eq0Im3AhE0XO8Ns= 8JAnE+4Jzm2ijqF4Ats5KoXqFiLUenJZQHJ3IFoI36n+hM4P/ICeZ4k=
=Uvc2 =s9pl
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4 fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted