kalipso/infrastructure
1
1
Fork 1
Code Issues 42 Pull Requests 2 Actions Projects 2 Releases Wiki Activity

Compare commits

base: kalipso:issue31
Branches Tags
kalipso:master kalipso:nextcloud_deck_derivation kalipso:vaultwarden kalipso:staging kalipso:script kalipso:zineshop kalipso:nextcloud_upgrade_31 kalipso:printer-module kalipso:microvm-dirs kalipso:sanoid kalipso:issue77 kalipso:reproducible-deployments kalipso:reproducible-deployments-filestructure kalipso:issue31 kalipso:microvm-module kalipso:issue47 kalipso:hostbuilder kalipso:better-workflows kalipso:issue51 kalipso:local-testing-v2 kalipso:gitea kalipso:fileserver
..
compare: kalipso:e94410ca54281a41b0d48cd82634d9560917cf03
Branches Tags
kalipso:nextcloud_deck_derivation kalipso:vaultwarden kalipso:master kalipso:staging kalipso:script kalipso:zineshop kalipso:nextcloud_upgrade_31 kalipso:printer-module kalipso:microvm-dirs kalipso:sanoid kalipso:issue77 kalipso:reproducible-deployments kalipso:reproducible-deployments-filestructure kalipso:issue31 kalipso:microvm-module kalipso:issue47 kalipso:hostbuilder kalipso:better-workflows kalipso:issue51 kalipso:local-testing-v2 kalipso:gitea kalipso:fileserver

2 Commits
issue31 ... e94410ca54

Author SHA1 Message Date
ahtlon
e94410ca54 Fix #67
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m21s
Details
2025-01-28 12:19:53 +01:00
ahtlon
f7943d981b [nextcloud] add some attributes 2025-01-25 01:21:05 +01:00
6 changed files with 190 additions and 214 deletions
Expand all files Collapse all files

5
machines/bakunin/configuration.nix
View File

@@ -26,7 +26,6 @@ in
malobeo.disks = {
enable = true;
legacy = true;
hostId = "a3c3102f";
root = {
disk0 = "disk/by-id/ata-HITACHI_HTS725016A9A364_110308PCKB04VNHX9XTJ";
@@ -34,7 +33,9 @@ in
};
malobeo.initssh = {
enable = false;
enable = true;
authorizedKeys = sshKeys.admins;
ethernetDrivers = ["r8169"];
};
hardware.sane.enable = true; #scanner support

1
machines/fanny/configuration.nix
View File

@@ -51,7 +51,6 @@ in
disk0 = "disk/by-id/ata-SAMSUNG_MZ7LN256HCHP-000L7_S20HNAAH200381";
};
storage = {
enable = true;
disks = ["disk/by-id/wwn-0x50014ee265b53b60" "disk/by-id/wwn-0x50014ee2bb0a194a"];
mirror = true;
};

37
machines/modules/disko/default.nix
View File

@@ -20,11 +20,6 @@ in
default = true;
description = "Allows encryption to be disabled for testing";
};
legacy = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable legacy boot (bios)";
};
devNodes = lib.mkOption {
type = lib.types.str;
default = "/dev/disk/by-id/";
@@ -86,25 +81,7 @@ in
};
};
config = lib.mkMerge [
(lib.mkIf (cfg.enable && !cfg.legacy) {
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
supportedFilesystems = [ "vfat" "zfs" ];
};
fileSystems."/boot".neededForBoot = true;
})
(lib.mkIf (cfg.enable && cfg.legacy) {
boot.loader.grub = {
enable = lib.mkForce true;
device = "/dev/${cfg.root.disk0}-part1";
efiSupport = false;
enableCryptodisk = cfg.encryption;
zfsSupport = true;
};
})
(lib.mkIf cfg.enable {
config = lib.mkIf cfg.enable {
networking.hostId = cfg.hostId;
disko.devices = {
disk = lib.mkMerge [
@@ -115,7 +92,7 @@ in
content = {
type = "gpt";
partitions = {
ESP = lib.mkIf (!cfg.legacy) {
ESP = {
size = "1024M";
type = "EF00";
content = {
@@ -125,10 +102,6 @@ in
mountOptions = [ "umask=0077" ];
};
};
boot = lib.mkIf cfg.legacy {
size = "1024M";
type = "EF02";
};
encryptedSwap = {
size = cfg.root.swap;
content = {
@@ -214,6 +187,7 @@ in
postCreateHook = lib.mkIf cfg.encryption ''
zfs set keylocation="prompt" zroot/encrypted;
'';
};
"encrypted/root" = {
type = "zfs_fs";
@@ -294,12 +268,11 @@ in
boot.zfs.devNodes = lib.mkDefault cfg.devNodes;
boot.zfs.extraPools = lib.mkIf cfg.storage.enable [ "storage" ];
fileSystems."/".neededForBoot = true;
fileSystems."/etc".neededForBoot = true;
fileSystems."/boot".neededForBoot = true;
fileSystems."/var".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/nix".neededForBoot = true;
})
];
};
}

3
machines/modules/malobeo/initssh.nix
View File

@@ -26,6 +26,9 @@ in
config = lib.mkIf (cfg.enable && config.malobeo.disks.encryption) {
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
supportedFilesystems = [ "vfat" "zfs" ];
zfs = {
requestEncryptionCredentials = true;
};

7
machines/modules/malobeo/peers.nix
View File

@@ -30,13 +30,6 @@
publicKey = "TrJ4UAF//zXdaLwZudI78L+rTC36zEDodTDOWNS4Y1Y=";
};
"hetzner" = {
role = "client";
address = [ "10.100.0.6/24" ];
allowedIPs = [ "10.100.0.6/32" ];
publicKey = "csRzgwtnzmSLeLkSwTwEOrdKq55UOxZacR5D3GopCTQ=";
};
"fanny" = {
role = "client";
address = [ "10.100.0.101/24" ];

7
machines/nextcloud/configuration.nix
View File

@@ -37,6 +37,7 @@ with lib;
hostName = "cloud.malobeo.org";
config.adminpassFile = config.sops.secrets.nextcloudAdminPass.path;
#https = true; #disable for testing
datadir = "/data/services/nextcloud/";
database.createLocally = true;
config.dbtype = "pgsql";
configureRedis = true;
@@ -55,6 +56,12 @@ with lib;
};
settings = {
trusted_domains = ["10.0.0.13"];
"maintenance_window_start" = "1";
"default_phone_region" = "DE";
};
phpOptions = {
"realpath_cache_size" = "0";
"opcache.interned_strings_buffer" = "23";
};
};