feat: more nextcloud/container config
This commit is contained in:
parent
ea259bb80b
commit
f0b572c6ed
|
@ -124,8 +124,9 @@
|
|||
hosts
|
||||
nixosConfigurations
|
||||
minimalConfigurations
|
||||
guestConfigurations
|
||||
;
|
||||
nodes = self.nixosConfigurations;
|
||||
nodes = self.nixosConfigurations // self.guestConfigurations;
|
||||
|
||||
inherit
|
||||
(lib.foldl' lib.recursiveUpdate {}
|
||||
|
|
|
@ -50,4 +50,5 @@
|
|||
system.activationScripts.decryptKey.text = ''
|
||||
ln -f -s ${../../keys/PatC.key} /run/decrypt.key.pub
|
||||
'';
|
||||
boot.binfmt.emulatedSystems = ["aarch64-linux"];
|
||||
}
|
||||
|
|
Binary file not shown.
|
@ -2,19 +2,32 @@ inputs: _self: super: {
|
|||
lib =
|
||||
super.lib
|
||||
// {
|
||||
containers.mkConfig = name: config:
|
||||
containers.mkConfig = name: attrs: config:
|
||||
super.lib.mkMerge [
|
||||
{
|
||||
config = {
|
||||
imports = [
|
||||
../modules/config/impermanence
|
||||
../modules/config/net.nix
|
||||
../modules/services/nginx.nix
|
||||
../modules/config
|
||||
../modules/interface-naming.nix
|
||||
|
||||
inputs.impermanence.nixosModules.impermanence
|
||||
];
|
||||
node.name = name;
|
||||
node.secretsDir = "${attrs.config.node.secretsDir}/guests/${name}";
|
||||
nixpkgs = {
|
||||
hostPlatform = attrs.config.nixpkgs.hostPlatform;
|
||||
overlays = attrs.pkgs.overlays;
|
||||
config = attrs.pkgs.config;
|
||||
};
|
||||
boot.initrd.systemd.enable = super.lib.mkForce false;
|
||||
};
|
||||
specialArgs = {
|
||||
inherit (attrs) lib inputs minimal stateVersion;
|
||||
};
|
||||
|
||||
autoStart = true;
|
||||
macvlans = [
|
||||
"lan01:lan01-${name}"
|
||||
];
|
||||
ephemeral = true;
|
||||
bindMounts = {
|
||||
"state" = {
|
||||
|
@ -29,8 +42,6 @@ inputs: _self: super: {
|
|||
};
|
||||
};
|
||||
zfs.mountpoint = super.lib.mkDefault "/containers/${name}";
|
||||
#config = {...}: {
|
||||
#};
|
||||
}
|
||||
config
|
||||
];
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
pkgs,
|
||||
...
|
||||
}: {
|
||||
boot = {
|
||||
boot = lib.mkIf (!config.boot.isContainer) {
|
||||
initrd.systemd = {
|
||||
enable = true;
|
||||
emergencyAccess = config.secrets.secrets.global.users.root.passwordHash;
|
||||
|
|
|
@ -12,13 +12,16 @@ in {
|
|||
environment.persistence."/state" = {
|
||||
hideMounts = true;
|
||||
|
||||
files = onlyHost [
|
||||
"/etc/machine-id"
|
||||
files =
|
||||
[
|
||||
"/etc/ssh/ssh_host_ed25519_key"
|
||||
"/etc/ssh/ssh_host_ed25519_key.pub"
|
||||
];
|
||||
directories =
|
||||
]
|
||||
++ lib.lists.optionals (!config.boot.isContainer)
|
||||
[
|
||||
"/etc/machine-id"
|
||||
];
|
||||
directories = [
|
||||
"/var/log"
|
||||
"/var/lib/systemd"
|
||||
"/var/lib/nixos"
|
||||
|
@ -26,17 +29,6 @@ in {
|
|||
directory = "/var/tmp/agenix-rekey";
|
||||
mode = "0777";
|
||||
}
|
||||
]
|
||||
++ lib.lists.optionals config.security.acme.acceptTerms [
|
||||
{
|
||||
directory = "/var/lib/acme";
|
||||
user = "acme";
|
||||
group = "acme";
|
||||
mode = "0755";
|
||||
}
|
||||
]
|
||||
++ lib.lists.optionals config.hardware.bluetooth.enable [
|
||||
"/var/lib/bluetooth"
|
||||
];
|
||||
};
|
||||
environment.persistence."/persist" = {
|
||||
|
|
|
@ -60,8 +60,6 @@
|
|||
nvd
|
||||
];
|
||||
|
||||
boot.binfmt.emulatedSystems = ["aarch64-linux" "mips-linux"];
|
||||
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
|
||||
secrets.secretFiles = let
|
||||
|
|
|
@ -19,6 +19,8 @@
|
|||
fwupd-refresh = uidGid 210;
|
||||
podman = uidGid 211;
|
||||
acme = uidGid 212;
|
||||
nextcloud = uidGid 213;
|
||||
redis-nextcloud = uidGid 214;
|
||||
systemd-oom = uidGid 300;
|
||||
systemd-coredump = uidGid 301;
|
||||
};
|
||||
|
|
|
@ -24,4 +24,7 @@
|
|||
'';
|
||||
extraModules = with pkgs; [pulseaudio-modules-bt];
|
||||
};
|
||||
environment.persistence."/state".directories = [
|
||||
"/var/lib/bluetooth"
|
||||
];
|
||||
}
|
||||
|
|
|
@ -26,4 +26,12 @@
|
|||
extraDomainNames = ["*.${value}"];
|
||||
});
|
||||
users.groups.acme.members = ["nginx"];
|
||||
environment.persistence."/state".directories = [
|
||||
{
|
||||
directory = "/var/lib/acme";
|
||||
user = "acme";
|
||||
group = "acme";
|
||||
mode = "0755";
|
||||
}
|
||||
];
|
||||
}
|
||||
|
|
|
@ -38,7 +38,7 @@ in {
|
|||
dataset = mkOption {
|
||||
type = types.str;
|
||||
default = "safe/containers/${name}";
|
||||
description = mdDoc "The host's dataset that should be used for this containers persistent data (will automatically be created, parent dataset must exist)";
|
||||
description = mdDoc "The host's dataset that should be used for this containers persistent data (will automatically be created)";
|
||||
};
|
||||
|
||||
mountpoint = mkOption {
|
||||
|
|
|
@ -2,8 +2,9 @@
|
|||
lib,
|
||||
stateVersion,
|
||||
config,
|
||||
pkgs, # not unused neede for the usage of attrs later to contains pkgs
|
||||
...
|
||||
}: let
|
||||
} @ attrs: let
|
||||
hostName = "nc.${config.secrets.secrets.global.domains.mail}";
|
||||
in {
|
||||
imports = [./containers.nix ./nginx.nix ./ddclient.nix ./acme.nix];
|
||||
|
@ -11,6 +12,7 @@ in {
|
|||
enable = true;
|
||||
upstreams.nextcloud = {
|
||||
servers."192.168.178.33:80" = {};
|
||||
|
||||
extraConfig = ''
|
||||
zone nextcloud 64k ;
|
||||
keepalive 5 ;
|
||||
|
@ -22,15 +24,11 @@ in {
|
|||
locations."/".proxyPass = "http://nextcloud";
|
||||
};
|
||||
};
|
||||
containers.nextcloud = lib.containers.mkConfig "nextcloud" {
|
||||
autoStart = true;
|
||||
containers.nextcloud = lib.containers.mkConfig "nextcloud" attrs {
|
||||
zfs = {
|
||||
enable = true;
|
||||
pool = "panzer";
|
||||
};
|
||||
macvlans = [
|
||||
"lan01:lan01-nextcloud"
|
||||
];
|
||||
config = {
|
||||
config,
|
||||
pkgs,
|
||||
|
@ -48,6 +46,14 @@ in {
|
|||
};
|
||||
};
|
||||
};
|
||||
environment.persistence."/persist".directories = [
|
||||
{
|
||||
directory = config.services.nextcloud.home;
|
||||
user = "nextcloud";
|
||||
group = "nextcloud";
|
||||
mode = "750";
|
||||
}
|
||||
];
|
||||
services.nextcloud = {
|
||||
inherit hostName;
|
||||
enable = true;
|
||||
|
@ -95,13 +101,8 @@ in {
|
|||
#wireguard
|
||||
#samba/printer finding
|
||||
#vaultwarden
|
||||
#nextcloud
|
||||
#acme
|
||||
#nginx
|
||||
#maddy
|
||||
#kanidm
|
||||
#xdg portals
|
||||
#zfs snapshots
|
||||
#remote backups
|
||||
#immich
|
||||
|
||||
|
|
|
@ -51,14 +51,15 @@ inputs: let
|
|||
# True NixOS nodes can define additional microvms (guest nodes) that are built
|
||||
# together with the true host. We collect all defined microvm nodes
|
||||
# from each node here to allow accessing any node via the unified attribute `nodes`.
|
||||
microvmConfigurations = flip concatMapAttrs self.nixosConfigurations (_: node:
|
||||
guestConfigurations = flip concatMapAttrs self.nixosConfigurations (_: node:
|
||||
mapAttrs'
|
||||
(vm: def: nameValuePair def.nodeName node.config.microvm.vms.${vm}.config)
|
||||
(node.config.meta.microvms.vms or {}));
|
||||
(vm: def: nameValuePair vm {config = node.config.containers.${vm}.config;})
|
||||
(node.config.containers or {}));
|
||||
in {
|
||||
inherit
|
||||
hosts
|
||||
nixosConfigurations
|
||||
minimalConfigurations
|
||||
guestConfigurations
|
||||
;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue