malobeo/infrastructure
2
1
Fork 1
Code Issues 40 Pull Requests 4 Actions Projects 3 Releases Wiki Activity

Compare commits

base: malobeo:0347fa68c7c8aca254fe18b902f608e54a54a502
Branches Tags
malobeo:master malobeo:nixpkgs_bump_20260430 malobeo:nixpkgs_bump_20260423 malobeo:nixpkgs_bump_20260416 malobeo:nixpkgs_bump_20260409 malobeo:nixpkgs_bump_20260305 malobeo:debug_mode malobeo:dns malobeo:vaultwarden malobeo:nextcloud_deck_derivation malobeo:staging malobeo:script malobeo:zineshop malobeo:nextcloud_upgrade_31 malobeo:printer-module malobeo:microvm-dirs malobeo:sanoid malobeo:issue77 malobeo:reproducible-deployments malobeo:reproducible-deployments-filestructure malobeo:issue31 malobeo:microvm-module malobeo:issue47 malobeo:hostbuilder malobeo:better-workflows malobeo:issue51 malobeo:local-testing-v2 malobeo:gitea malobeo:fileserver
..
compare: malobeo:nextcloud_deck_derivation
Branches Tags
malobeo:nixpkgs_bump_20260430 malobeo:master malobeo:nixpkgs_bump_20260423 malobeo:nixpkgs_bump_20260416 malobeo:nixpkgs_bump_20260409 malobeo:nixpkgs_bump_20260305 malobeo:debug_mode malobeo:dns malobeo:vaultwarden malobeo:nextcloud_deck_derivation malobeo:staging malobeo:script malobeo:zineshop malobeo:nextcloud_upgrade_31 malobeo:printer-module malobeo:microvm-dirs malobeo:sanoid malobeo:issue77 malobeo:reproducible-deployments malobeo:reproducible-deployments-filestructure malobeo:issue31 malobeo:microvm-module malobeo:issue47 malobeo:hostbuilder malobeo:better-workflows malobeo:issue51 malobeo:local-testing-v2 malobeo:gitea malobeo:fileserver

6 Commits
0347fa68c7 ... nextcloud_

Author SHA1 Message Date
kalipso
669b355d99 WIP
All checks were successful
Check flake syntax / flake-check (push) Successful in 12m34s
Details
2026-01-12 14:02:14 +01:00
kalipso
03846d5e7f [zineshop] re-enable
All checks were successful
Check flake syntax / flake-check (push) Successful in 6m9s
Details
2025-12-05 14:46:18 +01:00
ahtlon
add299c242 Fix nix check; Also i disabled the zineshop temporairly
All checks were successful
Check flake syntax / flake-check (push) Successful in 13m44s
Details
2025-12-03 16:38:31 +01:00
kalipso
e8f929a35a [nixpkgs] 25.05 -> 25.11
Some checks failed
Check flake syntax / flake-check (push) Failing after 4m31s
Details
2025-12-01 19:14:06 +01:00
kalipso
42f2c91b8e Merge branch 'master' into staging 2025-12-01 19:08:53 +01:00
kalipso
7bee418e79 [nixpkgs] update
All checks were successful
Check flake syntax / flake-check (push) Successful in 7m9s
Details
2025-08-14 14:08:54 +02:00
12 changed files with 160 additions and 274 deletions
Expand all files Collapse all files

39
flake.lock generated
View File

@@ -21,27 +21,6 @@
"type": "github"
}
},
"dns": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1768143854,
"narHash": "sha256-E5/kyPz4zAZn/lZdvqlF83jMgCWNxmqYjjWuadngCbk=",
"owner": "kirelagin",
"repo": "dns.nix",
"rev": "a97cf4156e9f044fe4bed5be531061000dfabb07",
"type": "github"
},
"original": {
"owner": "kirelagin",
"repo": "dns.nix",
"type": "github"
}
},
"ep3-bs": {
"inputs": {
"nixpkgs": [
@@ -64,21 +43,6 @@
}
},
"flake-utils": {
"locked": {
"lastModified": 1614513358,
"narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5466c5bbece17adaab2d82fae80b46e807611bf3",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
@@ -138,7 +102,7 @@
},
"microvm": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
@@ -261,7 +225,6 @@
"root": {
"inputs": {
"disko": "disko",
"dns": "dns",
"ep3-bs": "ep3-bs",
"home-manager": "home-manager",
"mfsync": "mfsync",

5
flake.nix
View File

@@ -13,11 +13,6 @@
disko.url = "github:nix-community/disko/latest";
disko.inputs.nixpkgs.follows = "nixpkgs";
dns = {
url = "github:kirelagin/dns.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
utils = {
url = "github:numtide/flake-utils";
};

4
machines/durruti/host_config.nix
View File

@@ -49,10 +49,6 @@ in
locations."/" = {
proxyPass = "http://10.0.0.10";
extraConfig = ''
client_max_body_size 10G;
client_body_timeout 3600s;
send_timeout 3600s;
fastcgi_buffers 64 4K;
'';
};
};

5
machines/fanny/configuration.nix
View File

@@ -165,10 +165,7 @@ in
proxyPass = "http://10.0.0.13";
extraConfig = ''
proxy_set_header Host $host;
client_max_body_size ${inputs.self.nixosConfigurations.nextcloud.config.services.nextcloud.maxUploadSize};
client_body_timeout 3600s;
send_timeout 3600s;
fastcgi_buffers 64 4K;
client_max_body_size 10G;
'';
};
};

100
machines/hosts.nix
View File

@@ -1,102 +1,82 @@
{ ... }:
let
createMaloNet = hostId: mac: {
local = true;
hostId = hostId;
address = "192.168.1.${hostId}";
gateway = "192.168.1.1";
nameservers = [ "192.168.1.17" "1.1.1.1" ]; #setting ns1 as nameserver
mac = mac;
};
createOffsiteNet = hostId: mac: {
local = false;
hostId = hostId;
address = "10.0.0.${hostId}";
gateway = "10.0.0.1";
nameservers = [ "1.1.1.1" ];
mac = mac;
};
in
{
#TODO: fix local 192.168.1.0/24 addresses they are just palceholders!
malobeo = {
hosts = {
louise = {
type = "host";
network = {
local = true;
hostId = "11";
address = "192.168.1.11";
};
};
bakunin = {
type = "host";
network = {
local = true;
hostId = "12";
address = "192.168.1.12";
};
};
fanny = {
type = "host";
network = {
local = true;
hostId = "13";
address = "192.168.1.13";
};
};
lucia = {
type = "rpi";
network = {
local = true;
hostId = "15";
address = "192.168.1.15";
};
};
durruti = {
type = "microvm";
network = createMaloNet "5" "52:DA:0D:F9:EF:F9";
network = {
address = "10.0.0.5";
mac = "52:DA:0D:F9:EF:F9";
};
};
vpn = {
type = "microvm";
network = createOffsiteNet "10" "52:DA:0D:F9:EF:E6";
network = {
address = "10.0.0.10";
mac = "D0:E5:CA:F0:D7:E6";
};
};
infradocs = {
type = "microvm";
network = createMaloNet "11" "52:DA:0D:F9:EF:E7";
network = {
address = "10.0.0.11";
mac = "D0:E5:CA:F0:D7:E7";
};
};
uptimekuma = {
type = "microvm";
network = createOffsiteNet "12" "52:DA:0D:F9:EF:E8";
network = {
address = "10.0.0.12";
mac = "D0:E5:CA:F0:D7:E8";
};
};
nextcloud = {
type = "microvm";
network = createMaloNet "13" "52:DA:0D:F9:EF:E9";
network = {
address = "10.0.0.13";
mac = "D0:E5:CA:F0:D7:E9";
};
};
overwatch = {
type = "microvm";
network = createMaloNet "14" "52:DA:0D:F9:EF:E0";
network = {
address = "10.0.0.14";
mac = "D0:E5:CA:F0:D7:E0";
};
};
zineshop = {
type = "microvm";
network = createMaloNet "15" "52:DA:0D:F9:EF:F1";
network = {
address = "10.0.0.15";
mac = "D0:E5:CA:F0:D7:F1";
};
};
ns1 = {
type = "microvm";
network = createMaloNet "17" "52:DA:0D:F9:EF:F3";
testvm = {
type = "host";
};
};
};

25
machines/modules/host_builder.nix
View File

@@ -43,7 +43,7 @@ rec {
];
defaultModules = baseModules;
makeMicroVM = hostName: network: modules: [
makeMicroVM = hostName: ipv4Addr: macAddr: modules: [
{
microvm = {
hypervisor = "cloud-hypervisor";
@@ -83,7 +83,7 @@ rec {
{
type = "tap";
id = "vm-${hostName}";
mac = "${network.mac}";
mac = "${macAddr}";
}
];
};
@@ -93,9 +93,9 @@ rec {
systemd.network.networks."20-lan" = {
matchConfig.Type = "ether";
networkConfig = {
Address = [ "${network.address}/24" ];
Gateway = "${network.gateway}";
DNS = network.nameservers;
Address = [ "${ipv4Addr}/24" ];
Gateway = "10.0.0.1";
DNS = ["1.1.1.1"];
DHCP = "no";
};
};
@@ -165,16 +165,6 @@ rec {
});
};
systemd.network.networks."20-lan" = pkgs.lib.mkForce {
matchConfig.Type = "ether";
networkConfig = {
Address = [ "10.0.0.${hosts.malobeo.hosts.${hostname}.network.hostId}/24" ];
Gateway = "10.0.0.1";
DNS = [ "1.1.1.1" ];
DHCP = "no";
};
};
boot.isContainer = pkgs.lib.mkForce false;
services.timesyncd.enable = false;
users.users.root.password = "";
@@ -220,7 +210,8 @@ rec {
specialArgs.self = self;
config = {
imports = (makeMicroVM "${name}"
hosts.malobeo.hosts.${name}.network [
"${hosts.malobeo.hosts.${name}.network.address}"
"${hosts.malobeo.hosts.${name}.network.mac}" [
../${name}/configuration.nix
(vmMicroVMOverwrites name {
withNetworking = true;
@@ -259,7 +250,7 @@ rec {
modules = (if (settings.type != "microvm") then
defaultModules ++ [ ../${host}/configuration.nix ]
else
makeMicroVM "${host}" settings.network [
makeMicroVM "${host}" "${settings.network.address}" "${settings.network.mac}" [
inputs.microvm.nixosModules.microvm
../${host}/configuration.nix
]);

60
machines/modules/malobeo/microvm_host.nix
View File

@@ -14,26 +14,6 @@ in
description = lib.mdDoc "Setup bridge device for microvms.";
};
interface = mkOption {
default = "eno1";
type = types.str;
};
gateway = mkOption {
default = "10.0.0.1";
type = types.str;
};
address = mkOption {
default = "10.0.0.1/24";
type = types.str;
};
dns = mkOption {
default = [ "1.1.1.1" ];
type = types.listOf types.str;
};
enableHostBridgeUnstable = mkOption {
default = false;
type = types.bool;
@@ -67,29 +47,29 @@ in
systemd.network = mkIf (cfg.enableHostBridge || cfg.enableHostBridgeUnstable) {
enable = true;
networks."10-lan" = {
matchConfig.Name = [ "${cfg.interface}" "vm-*"];
networkConfig = {
Bridge = "malobeo0";
};
# create a bride device that all the microvms will be connected to
netdevs."10-microvm".netdevConfig = {
Kind = "bridge";
Name = "microvm";
};
netdevs."malobeo0" = {
netdevConfig = {
Name = "malobeo0";
Kind = "bridge";
};
};
networks."10-lan-bridge" = {
matchConfig.Name = "malobeo0";
networks."10-microvm" = {
matchConfig.Name = "microvm";
networkConfig = {
Address = [ "${cfg.address}" ];
Gateway = "${cfg.gateway}";
DNS = cfg.dns;
IPv6AcceptRA = true;
DHCPServer = true;
IPv6SendRA = true;
};
linkConfig.RequiredForOnline = "routable";
addresses = if cfg.enableHostBridgeUnstable then [
{ Address = "10.0.0.1/24"; }
] else [
{ Address = "10.0.0.1/24"; }
];
};
# connect the vms to the bridge
networks."11-microvm" = {
matchConfig.Name = "vm-*";
networkConfig.Bridge = "microvm";
};
};

41
machines/modules/malobeo/zones.nix
View File

@@ -1,41 +0,0 @@
{ inputs }:
let
vpnNS = "vpn";
localNS = "hq";
peers = import ./peers.nix;
hosts = ((import ../../hosts.nix ) {}).malobeo.hosts;
in
{
SOA = {
nameServer = "ns1";
adminEmail = "admin@malobeo.org";
serial = 2019030801;
};
useOrigin = false;
NS = [
"ns1.malobeo.org."
];
subdomains = {
ns1 = {
A = [ hosts.ns1.network.address ];
};
${localNS} = {
A = [ hosts.fanny.network.address ];
subdomains = builtins.mapAttrs (name: value: if value.network.local == true then {
A = [ value.network.address ];
} else {}) hosts;
};
${vpnNS} = {
A = [ peers.vpn.address ];
subdomains = builtins.mapAttrs (name: value: if value.role != "server" then {
A = [ value.address ];
} else {}) peers;
};
};
}

42
machines/nextcloud/configuration.nix
View File

@@ -31,10 +31,6 @@ with lib;
lokiHost = "10.0.0.14";
};
services.postgresqlBackup = {
enable = true;
};
services.nextcloud = {
enable = true;
package = pkgs.nextcloud32;
@@ -52,11 +48,39 @@ with lib;
extraAppsEnable = true;
extraApps = {
inherit (config.services.nextcloud.package.packages.apps) contacts calendar polls registration collectives forms;
deck = pkgs.fetchNextcloudApp {
sha256 = "sha256-epjwIANb6vTNx9KqaG6jZc14YPoFMBTCj+/c9JHcWkA=";
url = "https://link.storjshare.io/raw/jvrl62dakd6htpyxohjkiiqiw5ma/mal/deck32.tar.gz";
license = "agpl3Plus";
};
deckWithDrag = pkgs.php.buildComposerProject (finalAttrs: {
pname = "deck";
version = "1.0.0";
src = pkgs.fetchzip {
url = "https://github.com/nextcloud/deck/archive/refs/heads/stable32.zip";
hash = "sha256-eMHjfki+axEtlhV6518mlAzPhZxAZqEX7HiRsJf1vxo=";
};
composerNoDev = true;
vendorHash = pkgs.lib.fakeHash;
postInstall = ''
cp -r $out/share/php/deck/* $out/
rm -r $out/share
'';
});
#deckWithDrag = pkgs.fetchNextcloudApp {
# appName = "deck";
# appVersion = "1.16.2";
# license = "agpl3Plus";
# teams = [ pkgs.lib.teams.nextcloud ];
# url = "https://github.com/nextcloud-releases/deck/releases/download/v1.16.2/deck-v1.16.2.tar.gz";
# hash = "sha256-rFymTIr7pOuMES3DMIOS7cvq+CEIekLZYLqz58TOP04=";
# description = "";
# homepage = "https://github.com/nextcloud/deck";
# unpack = true;
# patches = [
# (pkgs.fetchpatch {
# url = "https://git.dynamicdiscord.de/ahtlon/deck/commit/77cbcf42ca80dd32e450839f02faca2e5fed3761.patch";
# sha256 = "sha256-agwFMwXO8WLL0+pdeKF/pA59V9ah9t590sCl1msQonA=";
# })
# ];
#};
};
settings = {
trusted_domains = ["10.0.0.13"];

52
machines/ns1/configuration.nix
View File

@@ -1,52 +0,0 @@
{ config, self, lib, inputs, pkgs, ... }:
with lib;
with inputs;
let
dns = inputs.dns;
in
{
networking = {
hostName = mkDefault "ns1";
useDHCP = false;
};
imports = [
../modules/malobeo_user.nix
../modules/sshd.nix
../modules/minimal_tools.nix
../modules/autoupdate.nix
];
networking.firewall = {
enable = true;
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 ];
};
services.bind = {
enable = true;
forwarders = [
"1.1.1.1"
"1.0.0.1"
];
cacheNetworks = [
"127.0.0.0/24"
"10.0.0.0/24"
"192.168.1.0/24"
"10.100.0.0/24"
];
zones = {
"malobeo.org" = {
master = true;
file = pkgs.writeText "zone-malobeo.org" (dns.lib.toString "malobeo.org" (import ../modules/malobeo/zones.nix { inherit inputs; }));
};
};
};
system.stateVersion = "22.11"; # Did you read the comment?
}

4
machines/vpn/configuration.nix
View File

@@ -45,10 +45,6 @@ with lib;
proxyPass = "http://10.100.0.101";
extraConfig = ''
proxy_set_header Host $host;
client_max_body_size ${inputs.self.nixosConfigurations.nextcloud.config.services.nextcloud.maxUploadSize};
client_body_timeout 3600s;
send_timeout 3600s;
fastcgi_buffers 64 4K;
'';
};
};

57
outputs.nix
View File

@@ -74,6 +74,63 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
'';
};
#deckWithDrag = pkgs.buildNpmPackage {
# name = "deckWithDrag";
# version = "1.16.2";
# src = pkgs.fetchFromGitHub {
# owner = "nextcloud";
# repo = "deck";
# rev = "v1.16.2";
# hash = "sha256-NBkCdMjIY2r+AgCLBt4YnD4sUW7GTKxT5vHAmpk4wno=";
# leaveDotGit = true;
# };
# makeCacheWritable = true;
# npmDepsHash = "sha256-VaKfpYFtrTUvGbKORPvex1FvLz4vR7zfHAf+fdf/6OE=";
# buildInputs = with pkgs; [
# gnumake krankerl php84Packages.composer php nodejs_24
# ];
# patches = [
# (pkgs.fetchpatch {
# url = "https://git.dynamicdiscord.de/ahtlon/deck/commit/77cbcf42ca80dd32e450839f02faca2e5fed3761.patch";
# sha256 = "sha256-agwFMwXO8WLL0+pdeKF/pA59V9ah9t590sCl1msQonA=";
# })
# ];
# buildPhase = ''
# ${pkgs.krankerl}/bin/krankerl package
# '';
#};
deckWithDrag = pkgs.stdenv.mkDerivation {
name = "deckWithDrag";
src = pkgs.fetchFromGitHub {
owner = "nextcloud";
repo = "deck";
rev = "v1.16.2";
hash = "sha256-NBkCdMjIY2r+AgCLBt4YnD4sUW7GTKxT5vHAmpk4wno=";
leaveDotGit = true;
};
buildInputs = with pkgs; [
gnumake krankerl php84Packages.composer php nodejs_24
];
patches = [
(pkgs.fetchpatch {
url = "https://git.dynamicdiscord.de/ahtlon/deck/commit/77cbcf42ca80dd32e450839f02faca2e5fed3761.patch";
sha256 = "sha256-agwFMwXO8WLL0+pdeKF/pA59V9ah9t590sCl1msQonA=";
})
];
buildPhase = ''
make release
#${pkgs.krankerl}/bin/krankerl package
'';
};
run-vm = pkgs.writeShellScriptBin "run-vm" (builtins.readFile ./scripts/run-vm.sh);
};