nixos-conf/hosts/idacloud/configuration.nix

{ config, ... }:
{
  custom.nextcloud_domain = "idacloud.sinerva.eu";
  services.nextcloud.settings.trusted_domains = [ "idacloud.vsinerva.fi" ];
  custom.collabora_domain = "idacollab.sinerva.eu";

  imports = [
    ../../shared/base.nix

    ../../shared/disko/zfs-impermanence.nix
    ../../shared/hardware/impermanence.nix
    ../../shared/hardware/vm.nix

    ../../servers/nextcloud.nix
  ];

  sops = {
    secrets = {
      priv-idacloud-wg = {
        sopsFile = ../../secrets/idacloud.yaml;
        restartUnits = [ "wg-quick-wg0.service" ];
      };
      psk-laptop-idacloud-wg = {
        sopsFile = ../../secrets/idacloud.yaml;
        restartUnits = [ "wg-quick-wg0.service" ];
      };
    };
  };

  # Networking conf including WireGuard
  networking = {
    firewall.allowedUDPPorts = [ 51822 ];

    wg-quick.interfaces = {
      wg0 = {
        address = [ "10.1.0.1/24" ];
        privateKeyFile = config.sops.secrets.priv-idacloud-wg.path;
        listenPort = 51822;

        peers = [
          # Laptop
          {
            publicKey = "qJl6XBAGlmGHLre+RoCLUsZUrOrDgGoinREHFiw29ys=";
            presharedKeyFile = config.sops.secrets.psk-laptop-idacloud-wg.path;
            allowedIPs = [ "10.1.0.2/32" ];
          }
          # Phone
          #          {
          #            publicKey = "TODO";
          #            presharedKeyFile = "/root/wireguard-keys/psk2";
          #            presharedKeyFile = config.sops.secrets.psk-phone-idacloud-wg.path;
          #            allowedIPs = [ "10.1.0.3/32" ];
          #          }
        ];
      };
    };
  };
}
Move nextcloud instances to sops-nix 2025-06-21 16:36:41 +03:00			`{ config, ... }:`
Add initial config for Idacloud 2025-04-07 01:16:03 +03:00			`{`
			`custom.nextcloud_domain = "idacloud.sinerva.eu";`
Add secondary trusted domain for managing Idacloud 2025-04-20 13:55:46 +03:00			`services.nextcloud.settings.trusted_domains = [ "idacloud.vsinerva.fi" ];`
Initial attempt at Collabora Online setup for Idacloud 2025-04-20 23:15:51 +03:00			`custom.collabora_domain = "idacollab.sinerva.eu";`
Add initial config for Idacloud 2025-04-07 01:16:03 +03:00
			`imports = [`
Reorganize configuration and prep for flakes 2025-06-01 14:15:50 +03:00			`../../shared/base.nix`
Migrate nextcloud and idacloud to disko+impermanence 2025-07-03 02:01:52 +03:00
			`../../shared/disko/zfs-impermanence.nix`
			`../../shared/hardware/impermanence.nix`
Migrate idacloud to flakes 2025-06-05 00:37:07 +03:00			`../../shared/hardware/vm.nix`
Migrate nextcloud and idacloud to disko+impermanence 2025-07-03 02:01:52 +03:00
Reorganize configuration and prep for flakes 2025-06-01 14:15:50 +03:00			`../../servers/nextcloud.nix`
Add initial config for Idacloud 2025-04-07 01:16:03 +03:00			`];`

Move nextcloud instances to sops-nix 2025-06-21 16:36:41 +03:00			`sops = {`
			`secrets = {`
			`priv-idacloud-wg = {`
			`sopsFile = ../../secrets/idacloud.yaml;`
			`restartUnits = [ "wg-quick-wg0.service" ];`
			`};`
			`psk-laptop-idacloud-wg = {`
			`sopsFile = ../../secrets/idacloud.yaml;`
			`restartUnits = [ "wg-quick-wg0.service" ];`
			`};`
			`};`
			`};`

Add skeleton for Idacloud VPN config 2025-04-20 12:54:09 +03:00			`# Networking conf including WireGuard`
			`networking = {`
			`firewall.allowedUDPPorts = [ 51822 ];`

			`wg-quick.interfaces = {`
			`wg0 = {`
			`address = [ "10.1.0.1/24" ];`
Move nextcloud instances to sops-nix 2025-06-21 16:36:41 +03:00			`privateKeyFile = config.sops.secrets.priv-idacloud-wg.path;`
Add skeleton for Idacloud VPN config 2025-04-20 12:54:09 +03:00			`listenPort = 51822;`

			`peers = [`
			`# Laptop`
Add laptop WG conf to Idacloud 2025-05-25 19:54:16 +03:00			`{`
			`publicKey = "qJl6XBAGlmGHLre+RoCLUsZUrOrDgGoinREHFiw29ys=";`
Move nextcloud instances to sops-nix 2025-06-21 16:36:41 +03:00			`presharedKeyFile = config.sops.secrets.psk-laptop-idacloud-wg.path;`
Add laptop WG conf to Idacloud 2025-05-25 19:54:16 +03:00			`allowedIPs = [ "10.1.0.2/32" ];`
			`}`
Add skeleton for Idacloud VPN config 2025-04-20 12:54:09 +03:00			`# Phone`
			`# {`
			`# publicKey = "TODO";`
			`# presharedKeyFile = "/root/wireguard-keys/psk2";`
Move nextcloud instances to sops-nix 2025-06-21 16:36:41 +03:00			`# presharedKeyFile = config.sops.secrets.psk-phone-idacloud-wg.path;`
Add skeleton for Idacloud VPN config 2025-04-20 12:54:09 +03:00			`# allowedIPs = [ "10.1.0.3/32" ];`
			`# }`
			`];`
			`};`
			`};`
			`};`
Add initial config for Idacloud 2025-04-07 01:16:03 +03:00			`}`