diff options
author | lassulus <git@lassul.us> | 2023-01-26 16:15:35 +0100 |
---|---|---|
committer | lassulus <git@lassul.us> | 2023-01-26 16:15:35 +0100 |
commit | ab06eab6af32e794882687a25746a35a66ef481d (patch) | |
tree | a9bfa91b7ee54da6832c49cd396cee310c71c77f /lass | |
parent | 2b01c332826d2d59b7fdbf4a7924e827338920f9 (diff) |
l ubik.r: init on neoprism.r
Diffstat (limited to 'lass')
-rw-r--r-- | lass/1systems/neoprism/config.nix | 1 | ||||
-rw-r--r-- | lass/1systems/ubik/config.nix | 33 | ||||
-rw-r--r-- | lass/1systems/ubik/physical.nix | 7 | ||||
-rw-r--r-- | lass/2configs/ubik-host.nix | 26 |
4 files changed, 67 insertions, 0 deletions
diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix index 8e5a60c36..dc2702e6a 100644 --- a/lass/1systems/neoprism/config.nix +++ b/lass/1systems/neoprism/config.nix @@ -9,6 +9,7 @@ <stockholm/lass/2configs/consul.nix> <stockholm/lass/2configs/yellow-host.nix> <stockholm/lass/2configs/radio/container-host.nix> + <stockholm/lass/2configs/ubik-host.nix> # other containers <stockholm/lass/2configs/riot.nix> diff --git a/lass/1systems/ubik/config.nix b/lass/1systems/ubik/config.nix new file mode 100644 index 000000000..1d1d32f3f --- /dev/null +++ b/lass/1systems/ubik/config.nix @@ -0,0 +1,33 @@ +with import <stockholm/lib>; +{ config, lib, pkgs, ... }: +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs> + <stockholm/lass/2configs/retiolum.nix> + ]; + + krebs.build.host = config.krebs.hosts.ubik; + + lass.sync-containers3.inContainer = { + enable = true; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPBFGMjH0+Dco6DVFZbByENMci8CFTLXCL7j53yctPnM"; + }; + + networking.firewall.allowedTCPPorts = [ 80 ]; + services.nextcloud = { + enable = true; + hostName = "c.apanowicz.de"; + package = pkgs.nextcloud25; + config.adminpassFile = "/run/nextcloud.pw"; + https = true; + }; + systemd.services.nextcloud-setup.serviceConfig.ExecStartPre = [ + "+${pkgs.writeDash "copy-pw" '' + ${pkgs.rsync}/bin/rsync \ + --chown nextcloud:nextcloud \ + --chmod 0700 \ + /var/src/secrets/nextcloud.pw /run/nextcloud.pw + ''}" + ]; +} diff --git a/lass/1systems/ubik/physical.nix b/lass/1systems/ubik/physical.nix new file mode 100644 index 000000000..8577daf34 --- /dev/null +++ b/lass/1systems/ubik/physical.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./config.nix + ]; + boot.isContainer = true; + networking.useDHCP = true; +} diff --git a/lass/2configs/ubik-host.nix b/lass/2configs/ubik-host.nix new file mode 100644 index 000000000..874d4ecb8 --- /dev/null +++ b/lass/2configs/ubik-host.nix @@ -0,0 +1,26 @@ +{ config, pkgs, ... }: +{ + lass.sync-containers3.containers.ubik = { + sshKey = "${toString <secrets>}/ubik.sync.key"; + }; + containers.ubik.bindMounts."/var/lib" = { + hostPath = "/var/lib/sync-containers3/ubik/state"; + isReadOnly = false; + }; + containers.ubik.bindMounts."/var/lib/nextcloud/data" = { + hostPath = "/var/ubik"; + isReadOnly = false; + }; + services.nginx.virtualHosts."c.apanowicz.de" = { + enableACME = true; + forceSSL = true; + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://ubik.r"; + extraConfig = '' + client_max_body_size 9001M; + ''; + }; + }; +} |