summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
authorlassulus <git@lassul.us>2023-01-26 16:15:35 +0100
committerlassulus <git@lassul.us>2023-01-26 16:15:35 +0100
commitab06eab6af32e794882687a25746a35a66ef481d (patch)
treea9bfa91b7ee54da6832c49cd396cee310c71c77f /lass
parent2b01c332826d2d59b7fdbf4a7924e827338920f9 (diff)
l ubik.r: init on neoprism.r
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/neoprism/config.nix1
-rw-r--r--lass/1systems/ubik/config.nix33
-rw-r--r--lass/1systems/ubik/physical.nix7
-rw-r--r--lass/2configs/ubik-host.nix26
4 files changed, 67 insertions, 0 deletions
diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix
index 8e5a60c36..dc2702e6a 100644
--- a/lass/1systems/neoprism/config.nix
+++ b/lass/1systems/neoprism/config.nix
@@ -9,6 +9,7 @@
<stockholm/lass/2configs/consul.nix>
<stockholm/lass/2configs/yellow-host.nix>
<stockholm/lass/2configs/radio/container-host.nix>
+ <stockholm/lass/2configs/ubik-host.nix>
# other containers
<stockholm/lass/2configs/riot.nix>
diff --git a/lass/1systems/ubik/config.nix b/lass/1systems/ubik/config.nix
new file mode 100644
index 000000000..1d1d32f3f
--- /dev/null
+++ b/lass/1systems/ubik/config.nix
@@ -0,0 +1,33 @@
+with import <stockholm/lib>;
+{ config, lib, pkgs, ... }:
+{
+ imports = [
+ <stockholm/lass>
+ <stockholm/lass/2configs>
+ <stockholm/lass/2configs/retiolum.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.ubik;
+
+ lass.sync-containers3.inContainer = {
+ enable = true;
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPBFGMjH0+Dco6DVFZbByENMci8CFTLXCL7j53yctPnM";
+ };
+
+ networking.firewall.allowedTCPPorts = [ 80 ];
+ services.nextcloud = {
+ enable = true;
+ hostName = "c.apanowicz.de";
+ package = pkgs.nextcloud25;
+ config.adminpassFile = "/run/nextcloud.pw";
+ https = true;
+ };
+ systemd.services.nextcloud-setup.serviceConfig.ExecStartPre = [
+ "+${pkgs.writeDash "copy-pw" ''
+ ${pkgs.rsync}/bin/rsync \
+ --chown nextcloud:nextcloud \
+ --chmod 0700 \
+ /var/src/secrets/nextcloud.pw /run/nextcloud.pw
+ ''}"
+ ];
+}
diff --git a/lass/1systems/ubik/physical.nix b/lass/1systems/ubik/physical.nix
new file mode 100644
index 000000000..8577daf34
--- /dev/null
+++ b/lass/1systems/ubik/physical.nix
@@ -0,0 +1,7 @@
+{
+ imports = [
+ ./config.nix
+ ];
+ boot.isContainer = true;
+ networking.useDHCP = true;
+}
diff --git a/lass/2configs/ubik-host.nix b/lass/2configs/ubik-host.nix
new file mode 100644
index 000000000..874d4ecb8
--- /dev/null
+++ b/lass/2configs/ubik-host.nix
@@ -0,0 +1,26 @@
+{ config, pkgs, ... }:
+{
+ lass.sync-containers3.containers.ubik = {
+ sshKey = "${toString <secrets>}/ubik.sync.key";
+ };
+ containers.ubik.bindMounts."/var/lib" = {
+ hostPath = "/var/lib/sync-containers3/ubik/state";
+ isReadOnly = false;
+ };
+ containers.ubik.bindMounts."/var/lib/nextcloud/data" = {
+ hostPath = "/var/ubik";
+ isReadOnly = false;
+ };
+ services.nginx.virtualHosts."c.apanowicz.de" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = {
+ recommendedProxySettings = true;
+ proxyWebsockets = true;
+ proxyPass = "http://ubik.r";
+ extraConfig = ''
+ client_max_body_size 9001M;
+ '';
+ };
+ };
+}