kalipso/infrastructure
1
1
Fork 1
Code Issues 42 Pull Requests 2 Actions Projects 2 Releases Wiki Activity

Compare commits

base: kalipso:91d86c49a1cf3c4da950561c55c4b32987aa2a76
Branches Tags
kalipso:master kalipso:nextcloud_deck_derivation kalipso:vaultwarden kalipso:staging kalipso:script kalipso:zineshop kalipso:nextcloud_upgrade_31 kalipso:printer-module kalipso:microvm-dirs kalipso:sanoid kalipso:issue77 kalipso:reproducible-deployments kalipso:reproducible-deployments-filestructure kalipso:issue31 kalipso:microvm-module kalipso:issue47 kalipso:hostbuilder kalipso:better-workflows kalipso:issue51 kalipso:local-testing-v2 kalipso:gitea kalipso:fileserver
...
compare: kalipso:nextcloud_upgrade_31
Branches Tags
kalipso:nextcloud_deck_derivation kalipso:vaultwarden kalipso:master kalipso:staging kalipso:script kalipso:zineshop kalipso:nextcloud_upgrade_31 kalipso:printer-module kalipso:microvm-dirs kalipso:sanoid kalipso:issue77 kalipso:reproducible-deployments kalipso:reproducible-deployments-filestructure kalipso:issue31 kalipso:microvm-module kalipso:issue47 kalipso:hostbuilder kalipso:better-workflows kalipso:issue51 kalipso:local-testing-v2 kalipso:gitea kalipso:fileserver

25 Commits
91d86c49a1 ... nextcloud_

Author SHA1 Message Date
kalipso
e171178a93 [docs] updates fix linebreaks
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m26s
Details
2025-04-13 15:30:53 +02:00
kalipso
7732abfd68 [docs] update updates
Some checks failed
Check flake syntax / flake-check (push) Has been cancelled
Details
2025-04-13 15:29:28 +02:00
kalipso
da12a73334 [run-vim] allow setting data share
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m27s
Details
2025-04-13 15:24:06 +02:00
ahtlon
00f4b7c2b1 [docs] Add nextcloud upgrade docs
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m25s
Details
2025-04-11 21:16:49 +02:00
ahtlon
6b25292815 [nextcloud] update to 31, add forms, appointments app 2025-04-11 21:07:04 +02:00
ahtlon
f6719d3218 flake.lock: Update 
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/bd65bc3cde04c16755955630b344bc9e35272c56?narHash=sha256-dinzAqCjenWDxuy%2BMqUQq0I4zUSfaCvN9rzuCmgMZJY%3D' (2025-01-08)
  → 'github:nix-community/home-manager/b4e98224ad1336751a2ac7493967a4c9f6d9cb3f?narHash=sha256-t7dFCDl4vIOOUMhEZnJF15aAzkpaup9x4ZRGToDFYWI%3D' (2025-04-08)
• Updated input 'microvm':
    'github:astro/microvm.nix/d3a9b7504d420a1ffd7c83c1bb8fe57deaf939d2?narHash=sha256-bNvtud2PUcbYM0i5Uq1v01Dcgq7RuhVKfjaSKkW2KRI%3D' (2025-02-09)
  → 'github:astro/microvm.nix/773d5a04e2e10ca7b412270dea11276a496e1b61?narHash=sha256-Fz7AiCJWtoWZ2guJwO3B1h3RuJxYWaCzFIqY0Kmkyrs%3D' (2025-03-27)
• Updated input 'nixos-generators':
    'github:nix-community/nixos-generators/d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453?narHash=sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL%2BtIBm49vpepwL1MQ%3D' (2025-01-16)
  → 'github:nix-community/nixos-generators/42ee229088490e3777ed7d1162cb9e9d8c3dbb11?narHash=sha256-QaMEhcnscfF2MqB7flZr%2BsLJMMYZPnvqO4NYf9B4G38%3D' (2025-03-21)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/2eccff41bab80839b1d25b303b53d339fbb07087?narHash=sha256-5yRlg48XmpcX5b5HesdGMOte%2BYuCy9rzQkJz%2Bimcu6I%3D' (2025-02-06)
  → 'github:NixOS/nixos-hardware/1fe3cc2bc5d2dc9c81cb4e63d2f67c1543340df1?narHash=sha256-OuLhysErPHl53BBifhesrRumJNhrlSgQDfYOTXfgIMg%3D' (2025-04-11)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/44534bc021b85c8d78e465021e21f33b856e2540?narHash=sha256-PwQASeL2cGVmrtQYlrBur0U20Xy07uSWVnFup2PHnDs%3D' (2025-02-10)
  → 'github:NixOS/nixpkgs/f9ebe33a928b5d529c895202263a5ce46bdf12f7?narHash=sha256-QZnNHM823am8apCqKSPdtnzPGTy2ZB4zIXOVoBp5%2BW0%3D' (2025-04-10)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/a79cfe0ebd24952b580b1cf08cd906354996d547?narHash=sha256-mIvECo/NNdJJ/bXjNqIh8yeoSjVLAuDuTUzAo7dzs8Y%3D' (2025-02-08)
  → 'github:NixOS/nixpkgs/f675531bc7e6657c10a18b565cfebd8aa9e24c14?narHash=sha256-gbl9hE39nQRpZaLjhWKmEu5ejtQsgI5TWYrIVVJn30U%3D' (2025-04-09)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/07af005bb7d60c7f118d9d9f5530485da5d1e975?narHash=sha256-7JAGezJ0Dn5qIyA2%2BT4Dt/xQgAbhCglh6lzCekTVMeU%3D' (2025-02-11)
  → 'github:Mic92/sops-nix/69d5a5a4635c27dae5a742f36108beccc506c1ba?narHash=sha256-SR6%2BqjkPjGQG%2B8eM4dCcVtss8r9bre/LAxFMPJpaZeU%3D' (2025-04-08)
 2025-04-11 20:15:52 +02:00
kalipso
71eef69889 Merge pull request 'module for konica printer' (#102) from printer-module into master
All checks were successful
Check flake syntax / flake-check (push) Successful in 6m16s
Details 
Reviewed-on: #102
 2025-04-11 17:33:19 +02:00
kalipso
80fc4cc528 [louise] fix missing inputs
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m20s
Details
2025-04-11 17:24:31 +02:00
kalipso
8b37082844 [louise] enable printing module
Some checks failed
Check flake syntax / flake-check (push) Failing after 6m18s
Details
2025-04-11 17:07:49 +02:00
kalipso
6c3a7be483 [printing] init module 2025-04-11 17:03:10 +02:00
kalipso
568cce0d48 [louise] add c258 printer driver
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m43s
Details
2025-04-08 18:53:56 +02:00
kalipso
46e9bae193 [flake] update tasklist
All checks were successful
Check flake syntax / flake-check (push) Successful in 6m23s
Details
2025-04-01 00:10:18 +02:00
kalipso
4949719307 Merge pull request 'Initialize microvm directories' (#93) from microvm-dirs into master
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m34s
Details 
Reviewed-on: #93
 2025-03-20 20:05:42 +01:00
kalipso
e8c188debf [microvms] rm unused code
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m50s
Details
2025-03-20 19:55:51 +01:00
kalipso
1f559d93ba [microvms] initialize directories on microvm host
Some checks failed
Check flake syntax / flake-check (push) Has been cancelled
Details
2025-03-20 19:51:52 +01:00
kalipso
a03b7506c5 [run-vm] keep microvm.deployHosts on nestedMicrovms 2025-03-20 19:51:14 +01:00
kalipso
3b2a7cedc5 [backup] add 24 hourly backups
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m36s
Details
2025-03-17 18:34:03 +01:00
kalipso
a48e271853 [docs] rm outdated 2025-03-17 16:02:57 +01:00
ahtlon
d202a3d0cb [user module] I love symlinks
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m23s
Details
2025-03-16 14:16:52 +01:00
ahtlon
ef33833910 Add backup server to vpn
All checks were successful
Check flake syntax / flake-check (push) Successful in 6m18s
Details
2025-03-16 13:38:37 +01:00
kalipso
d73031e7f1 Merge pull request 'backup module' (#92) from sanoid into master
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m28s
Details 
Reviewed-on: #92
Reviewed-by: ahtlon <ahtlon@noreply.git.dynamicdiscord.de>
 2025-03-16 13:13:55 +01:00
kalipso
be0bb0b08b [backup] fix description
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m13s
Details
2025-03-16 12:53:43 +01:00
kalipso
026494c877 [backup] fix typo
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m12s
Details
2025-03-16 11:25:37 +01:00
kalipso
3021716640 [backup] update module descriptions
Some checks failed
Check flake syntax / flake-check (push) Failing after 2m16s
Details
2025-03-16 11:15:52 +01:00
kalipso
70ec63f213 [users] fix typo
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m13s
Details
2025-03-16 10:24:17 +01:00
14 changed files with 4943 additions and 57 deletions
Expand all files Collapse all files

15
doc/src/anleitung/create.md
View File

@@ -21,18 +21,3 @@ Testing disko partitioning is working quite well. Just run the following and che
```bash ```bash
nix run -L .\#nixosConfigurations.fanny.config.system.build.vmWithDisko nix run -L .\#nixosConfigurations.fanny.config.system.build.vmWithDisko
``` ```
Only problem is that encryption is not working, so it needs to be commented out. For testing host fanny the following parts in ```./machines/modules/disko/fanny.nix``` need to be commented out(for both pools!):
```nix
datasets = {
encrypted = {
options = {
encryption = "aes-256-gcm"; #THIS ONE
keyformat = "passphrase"; #THIS ONE
keylocation = "file:///tmp/root.key"; #THIS ONE
};
# use this to read the key during boot
postCreateHook = '' #THIS ONE
zfs set keylocation="prompt" "zroot/$name"; #THIS ONE
''; #THIS ONE
```

10
doc/src/anleitung/updates.md
View File

@@ -1 +1,11 @@
# Updates # Updates
## Nextcloud
Update nextcloud to a new major version:
- create state directories: `mkdir /tmp/var /tmp/data`
- run vm state dirs to initialize state `sudo run-vm nextcloud --dummy-secrets --networking --var /tmp/var --data /tmp/data`
- Update lock file `nix flake update --commit-lock-file`
- Change services.nextcloud.package to the next version (do not skip major version upgrades)
- change custom `extraApps` to the new version
- TEST!
- run vm again, it should successfully upgrade nextcloud from old to new version
- run vm state dirs to initialize state `sudo run-vm nextcloud --dummy-secrets --networking --var /tmp/var --data /tmp/data`

50
flake.lock generated
View File

@@ -67,11 +67,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1736373539, "lastModified": 1744117652,
"narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", "narHash": "sha256-t7dFCDl4vIOOUMhEZnJF15aAzkpaup9x4ZRGToDFYWI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "bd65bc3cde04c16755955630b344bc9e35272c56", "rev": "b4e98224ad1336751a2ac7493967a4c9f6d9cb3f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -109,11 +109,11 @@
"spectrum": "spectrum" "spectrum": "spectrum"
}, },
"locked": { "locked": {
"lastModified": 1739104176, "lastModified": 1743083165,
"narHash": "sha256-bNvtud2PUcbYM0i5Uq1v01Dcgq7RuhVKfjaSKkW2KRI=", "narHash": "sha256-Fz7AiCJWtoWZ2guJwO3B1h3RuJxYWaCzFIqY0Kmkyrs=",
"owner": "astro", "owner": "astro",
"repo": "microvm.nix", "repo": "microvm.nix",
"rev": "d3a9b7504d420a1ffd7c83c1bb8fe57deaf939d2", "rev": "773d5a04e2e10ca7b412270dea11276a496e1b61",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -145,11 +145,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1737057290, "lastModified": 1742568034,
"narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=", "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453", "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -160,11 +160,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1738816619, "lastModified": 1744366945,
"narHash": "sha256-5yRlg48XmpcX5b5HesdGMOte+YuCy9rzQkJz+imcu6I=", "narHash": "sha256-OuLhysErPHl53BBifhesrRumJNhrlSgQDfYOTXfgIMg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "2eccff41bab80839b1d25b303b53d339fbb07087", "rev": "1fe3cc2bc5d2dc9c81cb4e63d2f67c1543340df1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -192,11 +192,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1739020877, "lastModified": 1744232761,
"narHash": "sha256-mIvECo/NNdJJ/bXjNqIh8yeoSjVLAuDuTUzAo7dzs8Y=", "narHash": "sha256-gbl9hE39nQRpZaLjhWKmEu5ejtQsgI5TWYrIVVJn30U=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a79cfe0ebd24952b580b1cf08cd906354996d547", "rev": "f675531bc7e6657c10a18b565cfebd8aa9e24c14",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -208,11 +208,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1739206421, "lastModified": 1744309437,
"narHash": "sha256-PwQASeL2cGVmrtQYlrBur0U20Xy07uSWVnFup2PHnDs=", "narHash": "sha256-QZnNHM823am8apCqKSPdtnzPGTy2ZB4zIXOVoBp5+W0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "44534bc021b85c8d78e465021e21f33b856e2540", "rev": "f9ebe33a928b5d529c895202263a5ce46bdf12f7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -245,11 +245,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1739262228, "lastModified": 1744103455,
"narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=", "narHash": "sha256-SR6+qjkPjGQG+8eM4dCcVtss8r9bre/LAxFMPJpaZeU=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975", "rev": "69d5a5a4635c27dae5a742f36108beccc506c1ba",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -341,11 +341,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1737548421, "lastModified": 1743458889,
"narHash": "sha256-gmlqJdC+v86vXc2yMhiza1mvsqh3vMfrEsiw+tV5MXg=", "narHash": "sha256-eVTtsCPio3Wj/g/gvKTsyjh90vrNsmgjzXK9jMfcboM=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "c5fff78c83959841ac724980a13597dcfa6dc26d", "rev": "b61466549e2687628516aa1f9ba73f251935773a",
"revCount": 29, "revCount": 30,
"type": "git", "type": "git",
"url": "https://git.dynamicdiscord.de/kalipso/tasklist" "url": "https://git.dynamicdiscord.de/kalipso/tasklist"
}, },

5
machines/louise/configuration.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, ... }: { config, pkgs, inputs, ... }:
{ {
imports = imports =
@@ -9,6 +9,7 @@
../modules/sshd.nix ../modules/sshd.nix
../modules/minimal_tools.nix ../modules/minimal_tools.nix
../modules/autoupdate.nix ../modules/autoupdate.nix
inputs.self.nixosModules.malobeo.printing
]; ];
malobeo.autoUpdate = { malobeo.autoUpdate = {
@@ -50,6 +51,8 @@
}; };
services.printing.enable = true; services.printing.enable = true;
services.malobeo.printing.enable = true;
services.printing.drivers = [ services.printing.drivers = [
(pkgs.writeTextDir "share/cups/model/brother5350.ppd" (builtins.readFile ../modules/BR5350_2_GPL.ppd)) (pkgs.writeTextDir "share/cups/model/brother5350.ppd" (builtins.readFile ../modules/BR5350_2_GPL.ppd))
pkgs.gutenprint pkgs.gutenprint

4777
machines/modules/KOC658UX.ppd Normal file
View File

File diff suppressed because it is too large Load Diff

16
machines/modules/host_builder.nix
View File

@@ -133,6 +133,13 @@ rec {
mountPoint = "/var"; mountPoint = "/var";
tag = "var"; tag = "var";
} }
] ++ pkgs.lib.optionals (options.dataPath != "") [
{
source = "${options.dataPath}";
securityModel = "mapped";
mountPoint = "/data";
tag = "data";
}
]); ]);
interfaces = pkgs.lib.mkIf (!options.withNetworking) (pkgs.lib.mkForce [{ interfaces = pkgs.lib.mkIf (!options.withNetworking) (pkgs.lib.mkForce [{
@@ -195,8 +202,7 @@ rec {
vmNestedMicroVMOverwrites = host: sopsDummy: { vmNestedMicroVMOverwrites = host: sopsDummy: {
services.malobeo.microvm.deployHosts = pkgs.lib.mkForce []; microvm.vms = pkgs.lib.mkForce (
microvm.vms =
let let
# Map the values to each hostname to then generate an Attrset using listToAttrs # Map the values to each hostname to then generate an Attrset using listToAttrs
mapperFunc = name: { inherit name; value = { mapperFunc = name: { inherit name; value = {
@@ -210,20 +216,22 @@ rec {
(vmMicroVMOverwrites name { (vmMicroVMOverwrites name {
withNetworking = true; withNetworking = true;
varPath = ""; varPath = "";
dataPath = "";
writableStore = false; }) writableStore = false; })
(if sopsDummy then (vmSopsOverwrites name) else {}) (if sopsDummy then (vmSopsOverwrites name) else {})
]); ]);
}; };
}; }; }; };
in in
builtins.listToAttrs (map mapperFunc self.nixosConfigurations.${host}.config.services.malobeo.microvm.deployHosts); builtins.listToAttrs (map mapperFunc self.nixosConfigurations.${host}.config.services.malobeo.microvm.deployHosts));
}; };
buildVM = host: networking: sopsDummy: disableDisko: varPath: writableStore: fwdPort: (self.nixosConfigurations.${host}.extendModules { buildVM = host: networking: sopsDummy: disableDisko: varPath: dataPath: writableStore: fwdPort: (self.nixosConfigurations.${host}.extendModules {
modules = [ modules = [
(vmMicroVMOverwrites host { (vmMicroVMOverwrites host {
withNetworking = networking; withNetworking = networking;
varPath = "${varPath}"; varPath = "${varPath}";
dataPath = "${dataPath}";
writableStore = writableStore; writableStore = writableStore;
fwdPort = fwdPort; }) fwdPort = fwdPort; })
(if sopsDummy then (vmSopsOverwrites host) else {}) (if sopsDummy then (vmSopsOverwrites host) else {})

15
machines/modules/malobeo/backup.nix
View File

@@ -20,7 +20,7 @@ in
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = "Enable sharing metrics"; description = "Enable sanoid/syncoid based backup functionality";
}; };
snapshots = mkOption { snapshots = mkOption {
@@ -35,13 +35,22 @@ in
options = { options = {
sourceDataset = mkOption { sourceDataset = mkOption {
type = types.str; type = types.str;
description = "The source that needs to be backed up";
}; };
targetDataset = mkOption { targetDataset = mkOption {
type = types.str; type = types.str;
description = "The target dataset where the backup should be stored";
}; };
}; };
}))); })));
description = "Hostname with list of datasets to backup."; description = ''
Hostname with list of datasets to backup. This option should be defined on hosts that will store backups.
It is necessary to add the machines that get backed up to known hosts.
This can be done for example systemwide using
programs.ssh.knownHosts."10.100.0.101" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHqp2/YiiIhai7wyScGZJ20gtrzY+lp4N/8unyRs4qhc";
Or set it for the syncoid user directly.
'';
}; };
sshKey = mkOption { sshKey = mkOption {
@@ -56,7 +65,7 @@ in
enable = true; enable = true;
templates."default" = { templates."default" = {
hourly = 0; hourly = 24;
daily = 30; #keep 30 daily snapshots daily = 30; #keep 30 daily snapshots
monthly = 6; #keep 6 monthly backups monthly = 6; #keep 6 monthly backups
yearly = 0; yearly = 0;

16
machines/modules/malobeo/microvm_host.nix
View File

@@ -102,6 +102,22 @@ in
/run/current-system/sw/bin/microvm -Ru ${name} /run/current-system/sw/bin/microvm -Ru ${name}
''; '';
}; };
"microvm-init-dirs@${name}" = {
description = "Initialize microvm directories";
after = [ "zfs-mount.service" ];
wantedBy = [ "microvm@${name}.service" ];
unitConfig.ConditionPathExists = "!/var/lib/microvms/${name}/.is_initialized";
serviceConfig = {
Type = "oneshot";
};
script = ''
mkdir -p /var/lib/microvms/${name}/var
mkdir -p /var/lib/microvms/${name}/etc
mkdir -p /var/lib/microvms/data/${name}
touch /var/lib/microvms/${name}/.is_initialized
'';
};
}) {} (cfg.deployHosts); }) {} (cfg.deployHosts);
systemd.timers = builtins.foldl' (timers: name: timers // { systemd.timers = builtins.foldl' (timers: name: timers // {

7
machines/modules/malobeo/peers.nix
View File

@@ -43,4 +43,11 @@
allowedIPs = [ "10.100.0.101/32" ]; allowedIPs = [ "10.100.0.101/32" ];
publicKey = "3U59F6T1s/1LaZBIa6wB0qsVuO6pRR9jfYZJIH2piAU="; publicKey = "3U59F6T1s/1LaZBIa6wB0qsVuO6pRR9jfYZJIH2piAU=";
}; };
"backup0" = {
role = "client";
address = "10.100.0.20";
allowedIPs = [ "10.100.0.20/32" ];
publicKey = "Pp55Jg//jREzHdbbIqTXc9N7rnLZIFw904qh6NLrACE=";
};
} }

51
machines/modules/malobeo/printing.nix Normal file
View File

@@ -0,0 +1,51 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.malobeo.printing;
driverFile = pkgs.writeTextDir "share/cups/model/konicaminoltac258.ppd" (builtins.readFile ../KOC658UX.ppd);
defaultPpdOptions = {
PageSize = "A4";
SelectColor = "Grayscale";
Finisher = "FS534";
SaddleUnit = "SD511";
Model = "C258";
InputSlot = "Tray1";
};
in
{
options.services.malobeo.printing = {
enable = mkOption {
type = types.bool;
default = false;
description = "Setup malobeo printers";
};
};
config = mkIf (cfg.enable) {
services.printing.enable = true;
services.printing.drivers = [
driverFile
];
hardware.printers.ensurePrinters = [ {
name = "KonicaDefault";
model = "konicaminoltac258.ppd";
location = "Zine Workshop";
deviceUri = "ipp://192.168.1.42/ipp";
ppdOptions = defaultPpdOptions;
}
{
name = "KonicaBooklet";
model = "konicaminoltac258.ppd";
location = "Zine Workshop";
deviceUri = "ipp://192.168.1.42/ipp";
ppdOptions = defaultPpdOptions // {
Fold = "Stitch";
Staple = "None";
};
}
];
};
}

8
machines/modules/malobeo/users.nix
View File

@@ -68,7 +68,11 @@ in
users = [ "backup" ]; users = [ "backup" ];
commands = [ commands = [
{ {
command = "${pkgs.zfs-user}/bin/zfs"; command = "/run/current-system/sw/bin/zfs";
options = [ "NOPASSWD" ];
}
{
command = "/run/current-system/sw/bin/zpool";
options = [ "NOPASSWD" ]; options = [ "NOPASSWD" ];
} }
]; ];
@@ -94,4 +98,4 @@ in
]; ];
} }
]; ];
} }

12
machines/nextcloud/configuration.nix
View File

@@ -33,7 +33,7 @@ with lib;
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
package = pkgs.nextcloud30; package = pkgs.nextcloud31;
hostName = "cloud.malobeo.org"; hostName = "cloud.malobeo.org";
config.adminpassFile = config.sops.secrets.nextcloudAdminPass.path; config.adminpassFile = config.sops.secrets.nextcloudAdminPass.path;
#https = true; #disable for testing #https = true; #disable for testing
@@ -47,10 +47,10 @@ with lib;
}; };
extraAppsEnable = true; extraAppsEnable = true;
extraApps = { extraApps = {
inherit (config.services.nextcloud.package.packages.apps) contacts calendar deck polls registration; inherit (config.services.nextcloud.package.packages.apps) contacts calendar deck polls registration collectives forms;
collectives = pkgs.fetchNextcloudApp { appointments = pkgs.fetchNextcloudApp {
sha256 = "sha256-cj/8FhzxOACJaUEu0eG9r7iAQmnOG62yFHeyUICalFY="; sha256 = "sha256-ls1rLnsX7U9wo2WkEtzhrvliTcWUl6LWXolE/9etJ78=";
url = "https://github.com/nextcloud/collectives/releases/download/v2.15.2/collectives-2.15.2.tar.gz"; url = "https://github.com/SergeyMosin/Appointments/raw/refs/tags/v2.4.3/build/artifacts/appstore/appointments.tar.gz";
license = "agpl3Plus"; license = "agpl3Plus";
}; };
}; };
@@ -62,7 +62,7 @@ with lib;
}; };
phpOptions = { phpOptions = {
"realpath_cache_size" = "0"; "realpath_cache_size" = "0";
"opcache.interned_strings_buffer" = "23"; "opcache.interned_strings_buffer" = "32";
}; };
}; };

1
outputs.nix
View File

@@ -117,6 +117,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
disko.imports = [ ./machines/modules/disko ]; disko.imports = [ ./machines/modules/disko ];
users.imports = [ ./machines/modules/malobeo/users.nix ]; users.imports = [ ./machines/modules/malobeo/users.nix ];
backup.imports = [ ./machines/modules/malobeo/backup.nix ]; backup.imports = [ ./machines/modules/malobeo/backup.nix ];
printing.imports = [ ./machines/modules/malobeo/printing.nix ];
}; };
hydraJobs = nixpkgs.lib.mapAttrs (_: nixpkgs.lib.hydraJob) ( hydraJobs = nixpkgs.lib.mapAttrs (_: nixpkgs.lib.hydraJob) (

17
scripts/run-vm.sh
View File

@@ -6,6 +6,7 @@ usage() {
echo "--no-disko disable disko and initrd secrets. needed for real hosts like fanny" echo "--no-disko disable disko and initrd secrets. needed for real hosts like fanny"
echo "--writable-store enables writable store. necessary for host with nested imperative microvms like fanny" echo "--writable-store enables writable store. necessary for host with nested imperative microvms like fanny"
echo "--var path to directory that should be shared as /var. may require root otherwise some systemd units fail within vm. if dir is empty vm will populate" echo "--var path to directory that should be shared as /var. may require root otherwise some systemd units fail within vm. if dir is empty vm will populate"
echo "--data path to directory that should be shared as /data"
echo "--fwd-port forwards the given port to port 80 on vm" echo "--fwd-port forwards the given port to port 80 on vm"
exit 1 exit 1
} }
@@ -23,6 +24,7 @@ DUMMY_SECRETS=false
NO_DISKO=false NO_DISKO=false
RW_STORE=false RW_STORE=false
VAR_PATH="" VAR_PATH=""
DATA_PATH=""
FWD_PORT=0 FWD_PORT=0
# check argws # check argws
@@ -42,6 +44,15 @@ while [[ "$#" -gt 0 ]]; do
usage usage
fi fi
;; ;;
--data)
if [[ -n "$2" && ! "$2" =~ ^- ]]; then
DATA_PATH="$2"
shift
else
echo "Error: --data requires a non-empty string argument."
usage
fi
;;
--fwd-port) --fwd-port)
if [[ -n "$2" && ! "$2" =~ ^- ]]; then if [[ -n "$2" && ! "$2" =~ ^- ]]; then
FWD_PORT="$2" FWD_PORT="$2"
@@ -64,4 +75,8 @@ if [ -n "$VAR_PATH" ]; then
echo "sharing var directory: $VAR_PATH" echo "sharing var directory: $VAR_PATH"
fi fi
nix run --show-trace --impure --expr "((builtins.getFlake \"$(pwd)\").vmBuilder.x86_64-linux \"$HOSTNAME\" $NETWORK $DUMMY_SECRETS $NO_DISKO \"$VAR_PATH\" $RW_STORE $FWD_PORT).config.microvm.declaredRunner" if [ -n "$DATA_PATH" ]; then
echo "sharing data directory: $DATA_PATH"
fi
nix run --show-trace --impure --expr "((builtins.getFlake \"$(pwd)\").vmBuilder.x86_64-linux \"$HOSTNAME\" $NETWORK $DUMMY_SECRETS $NO_DISKO \"$VAR_PATH\" \"$DATA_PATH\" $RW_STORE $FWD_PORT).config.microvm.declaredRunner"