[nextcloud module] add wrapper example

machines/bakunin/configuration.nix

@@ -26,7 +26,6 @@ in
 
   malobeo.disks = {
     enable = true;
-    legacy = true;
     hostId = "a3c3102f";
     root = {
       disk0 = "disk/by-id/ata-HITACHI_HTS725016A9A364_110308PCKB04VNHX9XTJ";
@@ -34,7 +33,9 @@ in
   };
 
   malobeo.initssh = {
-    enable = false;
+    enable = true;
+    authorizedKeys = sshKeys.admins;
+    ethernetDrivers = ["r8169"];
   };
 
   hardware.sane.enable = true; #scanner support

machines/fanny/configuration.nix

@@ -51,7 +51,6 @@ in
       disk0 = "disk/by-id/ata-SAMSUNG_MZ7LN256HCHP-000L7_S20HNAAH200381";
     };
     storage = {
-      enable = true;
       disks = ["disk/by-id/wwn-0x50014ee265b53b60" "disk/by-id/wwn-0x50014ee2bb0a194a"];
       mirror = true;
     };
@@ -70,7 +69,8 @@ in
   };
 
   services.malobeo.microvm.enableHostBridge = true;
-  services.malobeo.microvm.deployHosts = [ "overwatch" "infradocs" "nextcloud" "durruti" ];
+  services.malobeo.microvm.deployHosts = [ "overwatch" "infradocs" "durruti" ];
+  services.malobeo.microvm.client.nextcloud.enable = true;
 
   networking = {
     nat = {

machines/modules/disko/default.nix

@@ -20,11 +20,6 @@ in
       default = true;
       description = "Allows encryption to be disabled for testing";
     };
-    legacy = lib.mkOption {
-      type = lib.types.bool;
-      default = false;
-      description = "Enable legacy boot (bios)";
-    };
     devNodes = lib.mkOption {
       type = lib.types.str;
       default = "/dev/disk/by-id/";
@@ -86,25 +81,7 @@ in
     };
   };
 
-  config = lib.mkMerge [
+  config = lib.mkIf cfg.enable {
-    (lib.mkIf (cfg.enable && !cfg.legacy) {
-      boot = {
-        loader.systemd-boot.enable = true;
-        loader.efi.canTouchEfiVariables = true;
-        supportedFilesystems = [ "vfat" "zfs" ];
-      };
-      fileSystems."/boot".neededForBoot = true;
-    })
-    (lib.mkIf (cfg.enable && cfg.legacy) {
-      boot.loader.grub = {
-        enable = lib.mkForce true;
-        device = "/dev/${cfg.root.disk0}-part1";
-        efiSupport = false;
-        enableCryptodisk = cfg.encryption;
-        zfsSupport = true;
-      };
-    })
-    (lib.mkIf cfg.enable {
     networking.hostId = cfg.hostId;
     disko.devices = {
       disk = lib.mkMerge [
@@ -115,7 +92,7 @@ in
             content = {
               type = "gpt";
               partitions = {
-                  ESP = lib.mkIf (!cfg.legacy) {
+                ESP = {
                   size = "1024M";
                   type = "EF00";
                   content = {
@@ -125,10 +102,6 @@ in
                     mountOptions = [ "umask=0077" ];
                   };
                 };
-                  boot = lib.mkIf cfg.legacy {
-                    size = "1024M";
-                    type = "EF02";
-                  };
                 encryptedSwap = {
                   size = cfg.root.swap;
                   content =  {
@@ -214,6 +187,7 @@ in
               postCreateHook = lib.mkIf cfg.encryption ''
                 zfs set keylocation="prompt" zroot/encrypted;
               '';
+
             };
             "encrypted/root" = {
               type = "zfs_fs";
@@ -294,12 +268,11 @@ in
 
     boot.zfs.devNodes = lib.mkDefault cfg.devNodes;
     boot.zfs.extraPools = lib.mkIf cfg.storage.enable [ "storage" ];
-
     fileSystems."/".neededForBoot = true;
     fileSystems."/etc".neededForBoot = true;
+    fileSystems."/boot".neededForBoot = true;
     fileSystems."/var".neededForBoot = true;
     fileSystems."/home".neededForBoot = true;
     fileSystems."/nix".neededForBoot = true;
-    })
+  };
-  ];
 }

machines/modules/malobeo/initssh.nix

@@ -26,6 +26,9 @@ in
   
   config = lib.mkIf (cfg.enable && config.malobeo.disks.encryption) {
     boot = {
+      loader.systemd-boot.enable = true;
+      loader.efi.canTouchEfiVariables = true;
+      supportedFilesystems = [ "vfat" "zfs" ];
       zfs = {
         requestEncryptionCredentials = true;
       };

machines/modules/malobeo/microvm_client.nix

@@ -0,0 +1,28 @@
+{config, lib, pkgs, ...}:
+let
+  cfg = config.services.malobeo.microvm.client;
+in
+{
+  options.services.malobeo.microvm.client = {
+    nextcloud = {
+      enable = lib.mkEnableOption "enable the nextcloud microvm wrapper";
+      datadir = lib.mkOption {
+        type = lib.types.string;
+        default = "/data/services/nextcloud/";
+        description = "set a custom datadir";
+      };
+    };
+  };
+
+  config = lib.mkMerge [
+    (lib.mkIf cfg.nextcloud.enable { #add check for run-vm?
+      services.malobeo.microvm.deployHosts = ["nextcloud"];
+      microvm.vms.nextcloud.config.microvm.shares = lib.mkAfter [{
+        source = cfg.datadir;
+        mountPoint = "/datadir";
+        tag = "nc-datadir";
+        proto = "virtiofs";
+      }];
+    })
+  ];
+}

machines/modules/malobeo/peers.nix

@@ -30,13 +30,6 @@
     publicKey = "TrJ4UAF//zXdaLwZudI78L+rTC36zEDodTDOWNS4Y1Y=";
   };
 
-  "hetzner" = {
-    role = "client";
-    address = [ "10.100.0.6/24" ];
-    allowedIPs = [ "10.100.0.6/32" ];
-    publicKey = "csRzgwtnzmSLeLkSwTwEOrdKq55UOxZacR5D3GopCTQ=";
-  };
-
   "fanny" = {
     role = "client";
     address = [ "10.100.0.101/24" ];

machines/nextcloud/configuration.nix

@@ -37,6 +37,7 @@ with lib;
     hostName = "cloud.malobeo.org";
     config.adminpassFile = config.sops.secrets.nextcloudAdminPass.path;
     #https = true; #disable for testing
+    datadir = "/datadir";
     database.createLocally = true;
     config.dbtype = "pgsql";
     configureRedis = true;
@@ -55,6 +56,12 @@ with lib;
     };
     settings = {
       trusted_domains = ["10.0.0.13"];
+      "maintenance_window_start" = "1";
+      "default_phone_region" = "DE";
+    };
+    phpOptions = {
+      "realpath_cache_size" = "0";
+      "opcache.interned_strings_buffer" = "23";
     };
   };
 

outputs.nix

@@ -108,7 +108,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
 
     nixosModules.malobeo = {
       host.imports = [ ./machines/durruti/host_config.nix ];
-      microvm.imports = [ ./machines/modules/malobeo/microvm_host.nix ];
+      microvm.imports = [ ./machines/modules/malobeo/microvm_host.nix ./machines/modules/malobeo/microvm_client.nix];
       vpn.imports = [ ./machines/modules/malobeo/wireguard.nix ];
       initssh.imports = [ ./machines/modules/malobeo/initssh.nix ];
       metrics.imports = [ ./machines/modules/malobeo/metrics.nix ];