[nextcloud] use fix body size in external code

[nextcloud] set max_body_size in nginx proxy chain
[nextcloud] enable postgresql backup
2025-12-10 12:07:15 +01:00 · 2025-12-10 10:55:38 +01:00 · 2025-12-10 10:38:27 +01:00 · 2025-11-15 18:02:20 +01:00 · 2025-11-15 17:21:45 +01:00 · 2025-11-15 17:17:40 +01:00
5 changed files with 44 additions and 20 deletions
--- a/machines/durruti/host_config.nix
+++ b/machines/durruti/host_config.nix
@@ -49,6 +49,7 @@ in
      locations."/" = {
        proxyPass = "http://10.0.0.10";
        extraConfig = ''
          client_max_body_size 10G;
        '';
      };
    };
--- a/machines/fanny/configuration.nix
+++ b/machines/fanny/configuration.nix
@@ -86,10 +86,15 @@ in
    enable = true;
    authorizedKeys = sshKeys.admins;
    ethernetDrivers = ["r8169"];
    zfsExtraPools = [ "storage" ];
  };
  boot.initrd = {
    availableKernelModules = [ "wireguard" ];
    # postMountCommands = ''
    #   ip address flush dev wg-initrd
    #   ip link set dev wg-initrd down
    # '';
    systemd = {
      enable = true;
      network = {
@@ -101,15 +106,15 @@ in
          };
          wireguardConfig = { PrivateKeyFile = "/etc/secrets/30-wg-initrd.key"; };
          wireguardPeers = [{
-            AllowedIPs = peers.fanny-initrd.allowedIPs;
+            AllowedIPs = peers.vpn.allowedIPs;
-            PublicKey = peers.fanny-initrd.publicKey;
+            PublicKey = peers.vpn.publicKey;
            Endpoint = "${peers.vpn.publicIp}:${builtins.toString(peers.vpn.listenPort)}";
            PersistentKeepalive = 25;
          }];
        };
        networks."30-wg-initrd" = {
          name = "wg-initrd";
-          addresses = [{ Address = peers.fanny-initrd.address; }];
+          addresses = [{ Address = "${peers.fanny-initrd.address}/24"; }];
        };
      };
    };
@@ -160,7 +165,7 @@ in
        proxyPass = "http://10.0.0.13";
        extraConfig = ''
          proxy_set_header Host $host;
-          client_max_body_size 10G;
+          client_max_body_size ${inputs.self.nixosConfigurations.nextcloud.config.services.nextcloud.maxUploadSize};
        '';
      };
    };
--- a/machines/modules/malobeo/initssh.nix
+++ b/machines/modules/malobeo/initssh.nix
@@ -22,6 +22,11 @@ in
      description = "Ethernet drivers to load: run `lspci -k | grep -iA4 ethernet`";
      example = "r8169";
    };
    zfsExtraPools = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      default = [ ];
      description = "Name or GUID of extra ZFS pools that you wish to import during boot.";
    };
  };
  config = lib.mkIf (cfg.enable && config.malobeo.disks.encryption) {
@@ -32,33 +37,41 @@ in
      zfs = {
        forceImportAll = true;
        requestEncryptionCredentials = true;
-        
+        extraPools = cfg.zfsExtraPools;
      };
      initrd = {
        availableKernelModules = cfg.ethernetDrivers;
        systemd = {
          initrdBin = [ pkgs.busybox pkgs.wireguard-tools pkgs.iproute2 ]; 
          enable = true;
          network.enable = true;
          services."stopInitVpn" = {
            description = "stop init vpn";
            wantedBy = [
              "initrd.target"
            ];
            after = [
              "zfs.target"
            ];
            serviceConfig.StandardOutput = "journal+console";
            script = ''
              networkctl down wg-initrd
            '';
            serviceConfig.Type = "oneshot";
      };
        };
-        network.ssh = {
+        network = {
-          enable = true;
+          flushBeforeStage2 = true;
-          port = 222;
+          ssh = {
-          authorizedKeys = cfg.authorizedKeys;
+            enable = true;
-          hostKeys = [ "/etc/ssh/initrd" ];
+            port = 222;
            authorizedKeys = cfg.authorizedKeys;
            hostKeys = [ "/etc/ssh/initrd" ];
          };
        };
        secrets = {
          "/etc/ssh/initrd" = "/etc/ssh/initrd";
        };
        systemd.services.zfs-remote-unlock = {
          description = "Prepare for ZFS remote unlock";
          wantedBy = ["initrd.target"];
          after = ["systemd-networkd.service"];
          path = with pkgs; [ zfs ];
          serviceConfig.Type = "oneshot";
          script = ''
            echo "zfs load-key -a; killall zfs; systemctl default" >> /var/empty/.profile
          '';
        };
      };
      kernelParams = [ "ip=::::${hostName}-initrd::dhcp" ];
    };
--- a/machines/nextcloud/configuration.nix
+++ b/machines/nextcloud/configuration.nix
@@ -31,6 +31,10 @@ with lib;
    lokiHost = "10.0.0.14";
  };
  services.postgresqlBackup = {
    enable = true;
  };
  services.nextcloud = {
    enable = true;
    package = pkgs.nextcloud31;
--- a/machines/vpn/configuration.nix
+++ b/machines/vpn/configuration.nix
@@ -45,6 +45,7 @@ with lib;
        proxyPass = "http://10.100.0.101";
        extraConfig = ''
          proxy_set_header Host $host;
          client_max_body_size ${inputs.self.nixosConfigurations.nextcloud.config.services.nextcloud.maxUploadSize};
        '';
      };
    };
Author	SHA1	Message	Date
kalipso	b3e93349d1	[nextcloud] use fix body size in external code All checks were successful Check flake syntax / flake-check (push) Successful in 5m53s Details	2025-12-10 12:07:15 +01:00
kalipso	f7d00246e8	[nextcloud] set max_body_size in nginx proxy chain All checks were successful Check flake syntax / flake-check (push) Successful in 12m0s Details	2025-12-10 10:55:38 +01:00
kalipso	a79afe7dea	[nextcloud] enable postgresql backup All checks were successful Check flake syntax / flake-check (push) Successful in 8m7s Details if we need to restore from backup this is necessary since db state from zfs snapshots might be corrupted	2025-12-10 10:38:27 +01:00
ahtlon	b94574c640	[fanny] fix flushing init vpn All checks were successful Check flake syntax / flake-check (push) Successful in 4m46s Details	2025-11-15 18:02:20 +01:00
kalipso	a97de389e5	[fanny] fix typo Some checks failed Check flake syntax / flake-check (push) Failing after 2m48s Details	2025-11-15 17:21:45 +01:00
kalipso	845379ac86	[fanny] flush wg-initd Some checks failed Check flake syntax / flake-check (push) Failing after 2m52s Details	2025-11-15 17:17:40 +01:00
kalipso	e91481c405	[initssh] network.flushBeforeStage2 All checks were successful Check flake syntax / flake-check (push) Successful in 10m17s Details	2025-11-15 16:50:07 +01:00
kalipso	d3312c870a	[fanny] remove zfs-remote-unlock All checks were successful Check flake syntax / flake-check (push) Successful in 5m19s Details	2025-11-15 16:37:11 +01:00
kalipso	eee561b650	[fanny] set /24 for wg ip All checks were successful Check flake syntax / flake-check (push) Successful in 4m51s Details	2025-11-15 16:22:03 +01:00
ahtlon	a612221e2a	change script to first import storage before unlocking root All checks were successful Check flake syntax / flake-check (push) Successful in 4m49s Details	2025-11-15 16:12:32 +01:00
kalipso	73c482ece0	[fanny] set vpn pubkey All checks were successful Check flake syntax / flake-check (push) Successful in 4m53s Details	2025-11-15 16:07:17 +01:00
kalipso	4d4e9d980b	[initssh] add iproute2 All checks were successful Check flake syntax / flake-check (push) Successful in 4m55s Details	2025-11-15 15:48:40 +01:00
kalipso	beb3839a6b	[initssh] add wireguard-tools	2025-11-15 15:47:38 +01:00
kalipso	0df32bf47c	[initssh] fix busybox	2025-11-15 15:47:02 +01:00
kalipso	f6bbbdec3e	[initssh] add pkgs.busybox to initrd All checks were successful Check flake syntax / flake-check (push) Successful in 4m47s Details	2025-11-15 15:11:47 +01:00
kalipso	2a5539c204	[fanny] import storage in systemd script All checks were successful Check flake syntax / flake-check (push) Successful in 8m51s Details	2025-11-15 14:51:51 +01:00
kalipso	9588103e67	[fanny] import storage on boot All checks were successful Check flake syntax / flake-check (push) Successful in 4m52s Details	2025-11-15 14:30:57 +01:00