VSinerva/nixos-conf
1
0
Fork 0
Code Activity Actions

Migrate nextcloud and idacloud to disko+impermanence

Browse source
This commit is contained in:
Vili Sinervä 2025-07-03 02:01:52 +03:00
parent ee255d2518
commit 9fcd72a304
Signed by: Vili Sinervä
SSH key fingerprint: SHA256:FladqYjaE4scJY3Hi+gnShZ6ygnTJgixy0I6BAoHyos
8 changed files with 63 additions and 92 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.sops.yaml
View file

@ -7,7 +7,7 @@ keys:
- &ci age1w2e493eat3l42wj3hqg25ncrqttg52rdqc9y0z49sx86f4tqa3vsmg9zm6
- &forgejo age1sy2jzr85s4h0ncfucfl7hrczymmf8wng4m3g6jeduqx5g893jc9qzfznr8
- &idacloud age1actwp5rqczazhgl94npwc0phxuxzjgrk9v82e32sahanw8cyuc7stxkls2
- &nextcloud age1rf6h87qp9ckpmf7yrvkmq3faqn5fnqx4lyg83zf5v09wnew7muzsmmnx9x
- &nextcloud age1mxenttus0r7uva77t36hrn02vysmde5h4lspcytcma6cjkmqlvnqsk3lj0
- &vaultwarden age1d3dnansjhwtzj7pylk0nadg5jkqvzfe7zqs9rhx3yeerzwxyp4esxxsy7y
- &wg-rpi age139sl09xkjm4hd0q5e09e0w4ppu8yd65uhu7upjx5v8jn8ef62vfqg309x6
creation_rules:

11
hosts/idacloud/configuration.nix
View file

@ -1,19 +1,16 @@
{ config, ... }:
{
swapDevices = [
{
device = "/var/lib/swapfile";
size = 2 * 1024;
}
];
custom.nextcloud_domain = "idacloud.sinerva.eu";
services.nextcloud.settings.trusted_domains = [ "idacloud.vsinerva.fi" ];
custom.collabora_domain = "idacollab.sinerva.eu";
imports = [
../../shared/base.nix
../../shared/disko/zfs-impermanence.nix
../../shared/hardware/impermanence.nix
../../shared/hardware/vm.nix
../../servers/nextcloud.nix
];

22
hosts/idacloud/state.nix
View file

@ -1,23 +1,5 @@
{ ... }:
{
system.stateVersion = "24.11";
fileSystems."/" = {
device = "/dev/disk/by-uuid/aaebdb14-a988-4cf8-bb33-f22419d55fbe";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/E1C0-7A9E";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
fileSystems."/var/lib/nextcloud" = {
device = "/dev/disk/by-uuid/634b600c-8d3e-4021-906a-f00b7750e61e";
fsType = "ext4";
};
networking.hostId = "43ce8e3f";
system.stateVersion = "25.05";
}

11
hosts/nextcloud/configuration.nix
View file

@ -1,17 +1,14 @@
{ ... }:
{
swapDevices = [
{
device = "/var/lib/swapfile";
size = 2 * 1024;
}
];
custom.nextcloud_domain = "nextcloud.vsinerva.fi";
imports = [
../../shared/base.nix
../../shared/disko/zfs-impermanence.nix
../../shared/hardware/impermanence.nix
../../shared/hardware/vm.nix
../../servers/nextcloud.nix
];
}

17
hosts/nextcloud/state.nix
View file

@ -1,18 +1,5 @@
{ ... }:
{
system.stateVersion = "23.05";
fileSystems."/" = {
device = "/dev/disk/by-uuid/428cdba7-04a8-4e69-992a-96aa197cd6c7";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/08B5-BFD8";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
networking.hostId = "ba0aeb92";
system.stateVersion = "25.05";
}

52
secrets/cert.yaml
View file

@ -5,47 +5,47 @@ sops:
- recipient: age1pvkuvcc38pke3euzsjzpgp6s6v3jykug2e69rplytdy7gxntm5jsraxhvp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTM09sR3h5Q0ZpajdYMnRl
d0tQM09MYm1NcDdTajkzZFlNNTNnYlZuQlhVCjQzbHNHWWQ1azlVWXh5STNGRFo2
cFp2SStGMEJVazFkVkNiL1NoOVVyWk0KLS0tIC81aU5ybTgvN0pEUGZNVE8xdjkv
OVlKOXJmbCtWa0NpcmtLNE41b0YrZWcKIaGGlj8JRRHfpF6Vr1fbJA4VWZCUGt/T
ELrYGQoxCUrcZ5o9uvI0Ki+BGCOiOJ7qOsG0hkXQl46MI3OE+UgGnQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVYmtRNFp3d3MvT0RoRW1x
N1JRdVJ4SDNLcjhuKzczVG85SzhTVG41TW1FCjFBd09sNEphdzBLZ29WVlBCb3dq
U0kwaytHOEJlWE9nNHdiRGJ5M0hGaFEKLS0tIDdWSk5LM1hpdlVMdCtwazdLK1Jo
ZDJiSmQ0Y2ZUK0g3cnI5SGxta1ZvUXcK+hqBrkUIvbNDH+1NJMBp9VgRGl6+inh0
hoA12HXicnhoEeirx0NUBttfb6gvgUSFDLAMcVZggwTZPcFiuFUbug==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cws8uzhg9qyxpjnw9w0mvalvqu3ttnnrn5r3eeczk4wcj86vnqgslzmzjp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkYlJEWXl4Ym5hNDRyOW82
WmwvbXdrQTVUVElUTGFhTmw4bFg2NThLWGdvClFqR0orNE5QSWhtancwR2NTWElz
QUN3YmpwVnNUUnZtOHAvblRER3ZGNjgKLS0tIGNFU2F6a1dxbjdCYlpwWDlUOTdp
TjJEUEMxeU5kczZJdGtaVlU2cVY1WVUKkK55TM6wt8mjSPs9Et/8L0uqk584KN5b
IETi/iTeDlSPO06KM24eybiIrKBu+S0ZgqXgRCnOLHAz0LSdJVPHEw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHNDJ3ZXJUMTdjbmVaSk9y
ZjAvQXVEQTY1U3VidFgrejUvUE9uRjBscWlVClhtOG9Mc25mQzVxcGxKazJFTS9M
MkhkZzk4aGloTjZLS2taVzJxUFBMNUEKLS0tIGdTMHZJaVJkcTRCcmluWnlmdno5
NkZBMXRsUmxaOVNybGo3amI2V0NyUkkKPnLqP3PgVFeGdkOp+rom4oHbNuVPWj0J
NhKl4JEXyjPf91Y2s++ItjbppiRiCiq9/vZk7rHEJGsI7RZrH8HCrQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1actwp5rqczazhgl94npwc0phxuxzjgrk9v82e32sahanw8cyuc7stxkls2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkT1JaL05GK0psYjBsVHB0
YlRVY1lQR2Fyck1GN3FvOStxOVRmTXE3R0dzClBRNW9YNXJWeDEwTUhPakdvTGFM
Y0p2eXBLUU5MRHl5aklWWmpaUjZEb2sKLS0tIEJrdVV6SkFWZW1uZWFybENmak42
U2RYOUNnOHdWcG0zakkxZGVrdDVTVUEKZ8sOwUBgAWVBOrqxefxvyea8fXnLfbZZ
4KkxdodeA/g7ztu6zeqpTV6pM+ltILjsEw1woG18u8RHKDspw8LarQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRVzNEWmlTMWVTcGRIWVlw
MTJ1QzVoRDZkT0srMTM0U1JXL2poUldZSzJ3CmxEZmJuZi9SS1pOMG96OENkdG50
WHBmTEpjNlE2dTZZMlpvbnJYRzNNdVEKLS0tIGlOSThQYmY2aE1JOHlITkV6WWlm
d2RiU2lXbjA2VU5IaHVHOTlFOHJHT28KGGo9EJPvGFijYn0ndFrJOAbnVSs42sgA
2AvsE5gp4Y0bLaDDI158DSqvm/r1YGRZRRiVFpU51JdlcpqE9WvYng==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rf6h87qp9ckpmf7yrvkmq3faqn5fnqx4lyg83zf5v09wnew7muzsmmnx9x
- recipient: age1mxenttus0r7uva77t36hrn02vysmde5h4lspcytcma6cjkmqlvnqsk3lj0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWdE1hbWhTMitzUW90NmxW
eFk2WlY0dlB4UjRQWkZzOE0zSHJLWi9NM2p3CklmV2dtZXNHWjcrTkpZZjRBRVBP
R3RUREdyTDJVVGxBbGx1eUgvcEJEL1EKLS0tIGJSbFdseUY4TWZHUGREcWtFc282
Y3F3a2pWQlRSa2NlZ2hVVXpVQkZIMzgKtTzX7BR9ajpVZ/liDgBNwfsxjTCVuycd
L0oLVvEyUlpWPAqVL8JgJuFLIlA5dwPzLkmxdbUlQOEdVkbc8OGJ/Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNb2ltQjlHMlpGV3c1ZjVB
ZHpRaXMyR1h2M1k5SkpOSFRaWWRGVWJTVG13CktoM2RoUDRmd3pLRzJXQUxwZWRt
bys0bmtDUzJtaXBGRHlwdXdOWjZLOFEKLS0tIEo0OUswSkhNMHp3ODBZRXdKLzhW
TTRpeTNOai84bWRQWGVid3NybklybWcKd5b8L8sInIxDgJ0LvxNdJJq9/HtLkdmd
z3D/E0jW0IsoxerNKKL34FaeBLt8q0qRVL+uZBGxtlbQG+HryQX1Pw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1d3dnansjhwtzj7pylk0nadg5jkqvzfe7zqs9rhx3yeerzwxyp4esxxsy7y
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBTW9JZnd2dHZWT05DbHUy
cnpKOU9nc0lxWVBEOFozT0xNV3J1Ukx5KzA0ClNhR3NQKzN1TlU4eDdacnBQcjJn
SWE4TWpUR1JrZ29SUjc1akRkS0lvYWsKLS0tIFhaNktXRUR0VUZSTTd4QytKT1Jx
NmFpWVNKRENSYkNWcVk2M3RIYmtpSmMKBfzyOjjoCRsvTUX34PiGEIJ0ETJjq5ZR
qsxGOTOrG9FMv9slfvWPOaMnDeJCQc2CZS0b0EqfNg/eFzFxG/jOuw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3ck1vNzRqYk9hdXhJS09a
SEdwdWF5UU9HZ2p4elZKUSthMDVOSEU1NUF3CnRjdm1pbElJcmY2UzNNKytKVWJz
NEtrRmlYcGduWnRVcjZoYVNpNlNrMUEKLS0tIGFqUmZtb3B6Q2huZXhGYVY0WEIv
TWRWdHNGVi9NV0lKMVY2RnFTYWFib2MKzMeQMFm1WwfURSEyVt2lkecm8UBExCuf
Q+cSd0ZuW1JRAfZ3VfqLr3o0yRS4ZsYwuazfpc/WE6yhctNohOX5fg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-02T21:11:59Z"
mac: ENC[AES256_GCM,data:an4y6gci+Cm6RpJuFV9OUcUmZrMXUMFUD91BzWMFKTEDSgvdmh7BjuVFITlF2hR2HCOmGGjmosglqsQwMt46SNfRlFW8bcQUSh+NUbxa0YRNd84nZAtW2u8G7D48mZ0ajrUmkFyCa1WcIcY8fmwx0hKl/WOHMjeNouZVu3RzDSk=,iv:idzW6mjP2iUKeIW9LHxgRgm2M7EtXR5SOjPgmrBYJjY=,tag:XctkRR27gX21U8ndnVxYGg==,type:str]

32
secrets/nextcloud.yaml
View file

@ -4,29 +4,29 @@ sops:
- recipient: age1pvkuvcc38pke3euzsjzpgp6s6v3jykug2e69rplytdy7gxntm5jsraxhvp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnNW43cVMzdnI2L0NpRVZ1
VTBocVNRRTVoaVlsWFZ6RHZIQkp6MDF3ajMwCm5tQ1REYjkxcG1kdVRLWCtRalVz
cHdqanNuZkdMU1ZpZWdzUWxyOVJwbmsKLS0tIEx3T0drakJ3ZkRYZElEbEJvZEM2
dytuWSsrVW9iRGNqTjN0bmNQd3hkODAKFFY88Y3cn+OB4UnvtSZJDINMYwz47cJo
u/HMDjlcFsC7KWR5sXFjytG73MjrIBUMTBp9C6hjgfoUfzw+4AzCDg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1d1diTVhlR200c3NRb1dr
TGdmbGR0YXVVbDcxdkwxZkpQVE02VXpZSkZzCjNUYUxDN3JwRmZHL2hxQXVrQUx1
OHVwUlhBejJWQ3FqbWQ3dHJDMUltOGMKLS0tIFNKd0FwQnRBS29OVlJvQzFneUdq
UzFmZU10ZGhhR0ZmQmlvS3N4RkZTOVEKGDyugT6d61/0kZCL4Nm/+4oeSvSLxo0C
i9WEAf4Fm3m7nAgXlat1O4jyUdft7QNfRlzUb80CnYlXMeXKU7hNYA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1actwp5rqczazhgl94npwc0phxuxzjgrk9v82e32sahanw8cyuc7stxkls2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBRDNjNFVob0huQ0RKaFcz
R05SVlBvUloyL1VVUlVHeHoycXI3K0NJeEVVCmFWZ1dwMysrTlVZZFRhN05LRDVC
Q2x5ek1paUp2cGJmMDZEZmp6RkU1eFkKLS0tIDRBK2FSUkU3TS9Rb0VjTGFhV1pE
K25UQ3FKQzYzdUYyUjF2VkVGYytybncK4LKit4bQQ4ldhGYGQK5RWHIaQhDef8Fk
NTQkrdl+i6lR8DemERL055WUxWeyVUtgkevK5ihVd0tfPZwasRrhVQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNVlNNeEl5VFpEWG5LcFdZ
ZENiWXMya242ZERPT2R1Vjl3YW9wL3R5Qmx3CmhQOWZEUm5sMi8yQWRSTnIvQmVo
cTZqc2hTN29rQ2pQV2lNR1F3V3N2bmMKLS0tIGc2eFRKNVVnRm4zc0ZhSVVPUTRL
VGo2RVR3a3hmb1IyWHF1SUFmTElRWWsK7AU+HRz07KKuufRmO06w/venstuhCVD0
JJTx3ElL8Bbeo0zxFRJXd51h9XZRNLiDRRJa+ptac++PmpR0O3mKyQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rf6h87qp9ckpmf7yrvkmq3faqn5fnqx4lyg83zf5v09wnew7muzsmmnx9x
- recipient: age1mxenttus0r7uva77t36hrn02vysmde5h4lspcytcma6cjkmqlvnqsk3lj0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUVTBSeC9KK2hXZEtVUzhC
S2c1YWNiUDVFZlBkQWZpN3V6eTBWWTFCMnpBCnZIN3dabXowSGgrb045T2tpUlZY
cDBiSmNFZVdMY0pncnFiNzVQbVRkSmsKLS0tIDNDYTBzTm9WVzFmZjNMT0h0SWxm
MVA2V2Rnb0l2emU0YjI1dDVETStwbGMKjFdGEZwe3eqZjkIjHNNb3La2BaEAvZGB
Drs8PPefAWzLHVAiI1nctyniBgNtP7JE/HO0fLkATqJHOGgwnjncYA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSSjl2UWR4cktHKzNpdEhG
K1FpTWtud2Z4RzBqZjVEbC9XN3J1SEgrd1MwCmxpMGZadkl1cUovQmJzUmxDM3Yx
akMxdzFIQW5USTFIUFBPak5hK04rbmcKLS0tIDNxTTVVR1o5SHNpb3VxOHAwNmwx
ME81TWR4UUxBRVdERFdFcm1HM3hPdXcKLyTrHJj/ZzRyIeBtN0yHBQZ3FKxNDPaW
xju0sPU9EPz7JR9crC8GXBk0qxScyqUD6NZoGSNXfmYaiuaXGD6LGw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-06-21T13:24:40Z"
mac: ENC[AES256_GCM,data:mrXZkOlLJBrTcBzetxOdshkIwoYUdO2bzRtOk+DRO8iuc75QpzZqze/1rGiumq4Y5rWxGOj4Z7vZjol5CqpiTq9wo2+2A8IoTkta+5B2FzlkjUzJiVi12szyOgMhcvPDYBtQ+BVUo6PqF3TOT1Vt8KBgga9t4jthVoWDdXe5uUU=,iv:VqImyU5562FPF6/SrzjLz2Mmsp0wzvdralmEZagVW7Q=,tag:SQ+pdA2TOyP0x5sT1au27w==,type:str]

8
servers/nextcloud.nix
View file

@ -25,6 +25,14 @@
config = lib.mkMerge [
{
environment.persistence."/persist".directories = [
{
directory = config.services.nextcloud.home;
user = "nextcloud";
group = "nextcloud";
mode = "u=rwx,g=rx,o=";
}
];
sops.secrets.admin-pass.sopsFile = ../secrets/nextcloud.yaml;
services = {