feat: nextcloud up and running

2023-12-17 16:34:05 +01:00 · 2023-12-17 16:34:05 +01:00 · d26489f3d6
parent 93268f03e0
commit d26489f3d6
6 changed files with 26 additions and 7 deletions
--- a/hosts/testienix/default.nix
+++ b/hosts/testienix/default.nix
@ -1,4 +1,8 @@
-{inputs, ...}: {
+{
+  inputs,
+  lib,
+  ...
+}: {
  imports = [
    inputs.nixos-hardware.nixosModules.common-pc
    inputs.nixos-hardware.nixosModules.common-pc-ssd
@ -20,4 +24,5 @@
    layout = "de";
    xkbVariant = "bone";
  };
+  services.thermald.enable = lib.mkForce false;
 }
--- a/hosts/testienix/net.nix
+++ b/hosts/testienix/net.nix
@ -3,10 +3,11 @@
    inherit (config.secrets.secrets.local.networking) hostId;
  };
  systemd.network.networks = {
-    "01-lan1" = {
+    "lan01" = {
      address = ["192.168.178.32/24"];
      gateway = ["192.168.178.1"];
-      matchConfig.MACAddress = config.secrets.secrets.local.networking.interfaces.lan01.mac;
+      #matchConfig.MACAddress = config.secrets.secrets.local.networking.interfaces.lan01.mac;
+      matchConfig.Name = "mv-lan01";
      dns = ["192.168.178.2"];
      networkConfig = {
        IPv6PrivacyExtensions = "yes";
@ -14,9 +15,15 @@
      };
    };
  };
+  # To be able to ping containers from the host, it is necessary
+  # to create a macvlan on the host on the VLAN 1 network.
+  networking.macvlans.mv-lan01 = {
+    interface = "lan01";
+    mode = "bridge";
+  };

  boot.initrd.systemd.network = {
    enable = true;
-    networks = {inherit (config.systemd.network.networks) "01-lan1";};
+    networks = {inherit (config.systemd.network.networks) "lan01";};
  };
 }
--- a/lib/containers.nix
+++ b/lib/containers.nix
@ -15,6 +15,7 @@ inputs: _self: super: {
              ];
            };

+            ephemeral = true;
            bindMounts = {
              "state" = {
                mountPoint = "/state";
--- a/modules/config/net.nix
+++ b/modules/config/net.nix
@ -6,6 +6,7 @@
  networking = {
    useNetworkd = true;
    dhcpcd.enable = false;
+    useDHCP = false;
    firewall.enable = true;
    # allow mdns port
    firewall.allowedUDPPorts = [5353];
--- a/modules/services/ddclient.nix
+++ b/modules/services/ddclient.nix
@ -8,6 +8,7 @@
    zone = config.secrets.secrets.global.domains.mail;
    protocol = "Cloudflare";
    username = "token";
+    use = "web, web='https://cloudflare.com/cdn-cgi/trace', web-skip='ip='";
    passwordFile = config.age.secrets.cloudflare_token_dns.path;
    domains = [config.secrets.secrets.global.domains.mail];
  };
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@ -29,7 +29,7 @@ in {
      pool = "panzer";
    };
    macvlans = [
-      "lan01"
+      "lan01:lan01-nextcloud"
    ];
    config = {
      config,
@ -40,7 +40,7 @@ in {
        "lan01" = {
          address = ["192.168.178.33/24"];
          gateway = ["192.168.178.1"];
-          matchConfig.Name = "mv-lan01*";
+          matchConfig.Name = "lan01*";
          dns = ["192.168.178.2"];
          networkConfig = {
            IPv6PrivacyExtensions = "yes";
@ -55,8 +55,9 @@ in {
        configureRedis = true;
        config.adminpassFile = "${pkgs.writeText "adminpass" "test123"}"; # DON'T DO THIS IN PRODUCTION - the password file will be world-readable in the Nix Store!
        extraApps = with config.services.nextcloud.package.packages.apps; {
-          inherit contacts calendar tasks;
+          inherit contacts calendar tasks notes unsplash maps;
        };
+        maxUploadSize = "2G";
        extraAppsEnable = true;
        extraOptions.enabledPreviewProviders = [
          "OC\\Preview\\BMP"
@ -71,6 +72,9 @@ in {
          "OC\\Preview\\XBitmap"
          "OC\\Preview\\HEIC"
        ];
+        config = {
+          defaultPhoneRegion = "DE";
+        };
      };

      system.stateVersion = stateVersion;