From d26489f3d686d92beefd4d267a67861556d428de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Gro=C3=9Fmann?= Date: Sun, 17 Dec 2023 16:34:05 +0100 Subject: [PATCH] feat: nextcloud up and running --- hosts/testienix/default.nix | 7 ++++++- hosts/testienix/net.nix | 13 ++++++++++--- lib/containers.nix | 1 + modules/config/net.nix | 1 + modules/services/ddclient.nix | 1 + modules/services/nextcloud.nix | 10 +++++++--- 6 files changed, 26 insertions(+), 7 deletions(-) diff --git a/hosts/testienix/default.nix b/hosts/testienix/default.nix index 0411a83..ffc10d8 100644 --- a/hosts/testienix/default.nix +++ b/hosts/testienix/default.nix @@ -1,4 +1,8 @@ -{inputs, ...}: { +{ + inputs, + lib, + ... +}: { imports = [ inputs.nixos-hardware.nixosModules.common-pc inputs.nixos-hardware.nixosModules.common-pc-ssd @@ -20,4 +24,5 @@ layout = "de"; xkbVariant = "bone"; }; + services.thermald.enable = lib.mkForce false; } diff --git a/hosts/testienix/net.nix b/hosts/testienix/net.nix index ee8a153..fe100d3 100644 --- a/hosts/testienix/net.nix +++ b/hosts/testienix/net.nix @@ -3,10 +3,11 @@ inherit (config.secrets.secrets.local.networking) hostId; }; systemd.network.networks = { - "01-lan1" = { + "lan01" = { address = ["192.168.178.32/24"]; gateway = ["192.168.178.1"]; - matchConfig.MACAddress = config.secrets.secrets.local.networking.interfaces.lan01.mac; + #matchConfig.MACAddress = config.secrets.secrets.local.networking.interfaces.lan01.mac; + matchConfig.Name = "mv-lan01"; dns = ["192.168.178.2"]; networkConfig = { IPv6PrivacyExtensions = "yes"; @@ -14,9 +15,15 @@ }; }; }; + # To be able to ping containers from the host, it is necessary + # to create a macvlan on the host on the VLAN 1 network. + networking.macvlans.mv-lan01 = { + interface = "lan01"; + mode = "bridge"; + }; boot.initrd.systemd.network = { enable = true; - networks = {inherit (config.systemd.network.networks) "01-lan1";}; + networks = {inherit (config.systemd.network.networks) "lan01";}; }; } diff --git a/lib/containers.nix b/lib/containers.nix index c0046a3..e1b12e8 100644 --- a/lib/containers.nix +++ b/lib/containers.nix @@ -15,6 +15,7 @@ inputs: _self: super: { ]; }; + ephemeral = true; bindMounts = { "state" = { mountPoint = "/state"; diff --git a/modules/config/net.nix b/modules/config/net.nix index 4760ef7..5139f44 100644 --- a/modules/config/net.nix +++ b/modules/config/net.nix @@ -6,6 +6,7 @@ networking = { useNetworkd = true; dhcpcd.enable = false; + useDHCP = false; firewall.enable = true; # allow mdns port firewall.allowedUDPPorts = [5353]; diff --git a/modules/services/ddclient.nix b/modules/services/ddclient.nix index f704d91..4480011 100644 --- a/modules/services/ddclient.nix +++ b/modules/services/ddclient.nix @@ -8,6 +8,7 @@ zone = config.secrets.secrets.global.domains.mail; protocol = "Cloudflare"; username = "token"; + use = "web, web='https://cloudflare.com/cdn-cgi/trace', web-skip='ip='"; passwordFile = config.age.secrets.cloudflare_token_dns.path; domains = [config.secrets.secrets.global.domains.mail]; }; diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix index db4a784..1226443 100644 --- a/modules/services/nextcloud.nix +++ b/modules/services/nextcloud.nix @@ -29,7 +29,7 @@ in { pool = "panzer"; }; macvlans = [ - "lan01" + "lan01:lan01-nextcloud" ]; config = { config, @@ -40,7 +40,7 @@ in { "lan01" = { address = ["192.168.178.33/24"]; gateway = ["192.168.178.1"]; - matchConfig.Name = "mv-lan01*"; + matchConfig.Name = "lan01*"; dns = ["192.168.178.2"]; networkConfig = { IPv6PrivacyExtensions = "yes"; @@ -55,8 +55,9 @@ in { configureRedis = true; config.adminpassFile = "${pkgs.writeText "adminpass" "test123"}"; # DON'T DO THIS IN PRODUCTION - the password file will be world-readable in the Nix Store! extraApps = with config.services.nextcloud.package.packages.apps; { - inherit contacts calendar tasks; + inherit contacts calendar tasks notes unsplash maps; }; + maxUploadSize = "2G"; extraAppsEnable = true; extraOptions.enabledPreviewProviders = [ "OC\\Preview\\BMP" @@ -71,6 +72,9 @@ in { "OC\\Preview\\XBitmap" "OC\\Preview\\HEIC" ]; + config = { + defaultPhoneRegion = "DE"; + }; }; system.stateVersion = stateVersion;