VSinerva/nixos-conf
1
0
Fork 0
Code Activity Actions

Migrate nextcloud and idacloud to disko+impermanence

Browse source
This commit is contained in:
Vili Sinervä 2025-07-03 02:01:52 +03:00
parent ee255d2518
commit 9fcd72a304
Signed by: Vili Sinervä
SSH key fingerprint: SHA256:FladqYjaE4scJY3Hi+gnShZ6ygnTJgixy0I6BAoHyos
8 changed files with 63 additions and 92 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.sops.yaml
View file

@ -7,7 +7,7 @@ keys:
- &ci age1w2e493eat3l42wj3hqg25ncrqttg52rdqc9y0z49sx86f4tqa3vsmg9zm6 - &ci age1w2e493eat3l42wj3hqg25ncrqttg52rdqc9y0z49sx86f4tqa3vsmg9zm6
- &forgejo age1sy2jzr85s4h0ncfucfl7hrczymmf8wng4m3g6jeduqx5g893jc9qzfznr8 - &forgejo age1sy2jzr85s4h0ncfucfl7hrczymmf8wng4m3g6jeduqx5g893jc9qzfznr8
- &idacloud age1actwp5rqczazhgl94npwc0phxuxzjgrk9v82e32sahanw8cyuc7stxkls2 - &idacloud age1actwp5rqczazhgl94npwc0phxuxzjgrk9v82e32sahanw8cyuc7stxkls2
- &nextcloud age1rf6h87qp9ckpmf7yrvkmq3faqn5fnqx4lyg83zf5v09wnew7muzsmmnx9x - &nextcloud age1mxenttus0r7uva77t36hrn02vysmde5h4lspcytcma6cjkmqlvnqsk3lj0
- &vaultwarden age1d3dnansjhwtzj7pylk0nadg5jkqvzfe7zqs9rhx3yeerzwxyp4esxxsy7y - &vaultwarden age1d3dnansjhwtzj7pylk0nadg5jkqvzfe7zqs9rhx3yeerzwxyp4esxxsy7y
- &wg-rpi age139sl09xkjm4hd0q5e09e0w4ppu8yd65uhu7upjx5v8jn8ef62vfqg309x6 - &wg-rpi age139sl09xkjm4hd0q5e09e0w4ppu8yd65uhu7upjx5v8jn8ef62vfqg309x6
creation_rules: creation_rules:

11
hosts/idacloud/configuration.nix
View file

@ -1,19 +1,16 @@
{ config, ... }: { config, ... }:
{ {
swapDevices = [
{
device = "/var/lib/swapfile";
size = 2 * 1024;
}
];
custom.nextcloud_domain = "idacloud.sinerva.eu"; custom.nextcloud_domain = "idacloud.sinerva.eu";
services.nextcloud.settings.trusted_domains = [ "idacloud.vsinerva.fi" ]; services.nextcloud.settings.trusted_domains = [ "idacloud.vsinerva.fi" ];
custom.collabora_domain = "idacollab.sinerva.eu"; custom.collabora_domain = "idacollab.sinerva.eu";
imports = [ imports = [
../../shared/base.nix ../../shared/base.nix
../../shared/disko/zfs-impermanence.nix
../../shared/hardware/impermanence.nix
../../shared/hardware/vm.nix ../../shared/hardware/vm.nix
../../servers/nextcloud.nix ../../servers/nextcloud.nix
]; ];

22
hosts/idacloud/state.nix
View file

@ -1,23 +1,5 @@
{ ... }: { ... }:
{ {
system.stateVersion = "24.11"; networking.hostId = "43ce8e3f";
system.stateVersion = "25.05";
fileSystems."/" = {
device = "/dev/disk/by-uuid/aaebdb14-a988-4cf8-bb33-f22419d55fbe";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/E1C0-7A9E";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
fileSystems."/var/lib/nextcloud" = {
device = "/dev/disk/by-uuid/634b600c-8d3e-4021-906a-f00b7750e61e";
fsType = "ext4";
};
} }

11
hosts/nextcloud/configuration.nix
View file

@ -1,17 +1,14 @@
{ ... }: { ... }:
{ {
swapDevices = [
{
device = "/var/lib/swapfile";
size = 2 * 1024;
}
];
custom.nextcloud_domain = "nextcloud.vsinerva.fi"; custom.nextcloud_domain = "nextcloud.vsinerva.fi";
imports = [ imports = [
../../shared/base.nix ../../shared/base.nix
../../shared/disko/zfs-impermanence.nix
../../shared/hardware/impermanence.nix
../../shared/hardware/vm.nix ../../shared/hardware/vm.nix
../../servers/nextcloud.nix ../../servers/nextcloud.nix
]; ];
} }

17
hosts/nextcloud/state.nix
View file

@ -1,18 +1,5 @@
{ ... }: { ... }:
{ {
system.stateVersion = "23.05"; networking.hostId = "ba0aeb92";
system.stateVersion = "25.05";
fileSystems."/" = {
device = "/dev/disk/by-uuid/428cdba7-04a8-4e69-992a-96aa197cd6c7";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/08B5-BFD8";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
} }

52
secrets/cert.yaml
View file

@ -5,47 +5,47 @@ sops:
- recipient: age1pvkuvcc38pke3euzsjzpgp6s6v3jykug2e69rplytdy7gxntm5jsraxhvp - recipient: age1pvkuvcc38pke3euzsjzpgp6s6v3jykug2e69rplytdy7gxntm5jsraxhvp
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTM09sR3h5Q0ZpajdYMnRl YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVYmtRNFp3d3MvT0RoRW1x
d0tQM09MYm1NcDdTajkzZFlNNTNnYlZuQlhVCjQzbHNHWWQ1azlVWXh5STNGRFo2 N1JRdVJ4SDNLcjhuKzczVG85SzhTVG41TW1FCjFBd09sNEphdzBLZ29WVlBCb3dq
cFp2SStGMEJVazFkVkNiL1NoOVVyWk0KLS0tIC81aU5ybTgvN0pEUGZNVE8xdjkv U0kwaytHOEJlWE9nNHdiRGJ5M0hGaFEKLS0tIDdWSk5LM1hpdlVMdCtwazdLK1Jo
OVlKOXJmbCtWa0NpcmtLNE41b0YrZWcKIaGGlj8JRRHfpF6Vr1fbJA4VWZCUGt/T ZDJiSmQ0Y2ZUK0g3cnI5SGxta1ZvUXcK+hqBrkUIvbNDH+1NJMBp9VgRGl6+inh0
ELrYGQoxCUrcZ5o9uvI0Ki+BGCOiOJ7qOsG0hkXQl46MI3OE+UgGnQ== hoA12HXicnhoEeirx0NUBttfb6gvgUSFDLAMcVZggwTZPcFiuFUbug==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cws8uzhg9qyxpjnw9w0mvalvqu3ttnnrn5r3eeczk4wcj86vnqgslzmzjp - recipient: age1cws8uzhg9qyxpjnw9w0mvalvqu3ttnnrn5r3eeczk4wcj86vnqgslzmzjp
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkYlJEWXl4Ym5hNDRyOW82 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHNDJ3ZXJUMTdjbmVaSk9y
WmwvbXdrQTVUVElUTGFhTmw4bFg2NThLWGdvClFqR0orNE5QSWhtancwR2NTWElz ZjAvQXVEQTY1U3VidFgrejUvUE9uRjBscWlVClhtOG9Mc25mQzVxcGxKazJFTS9M
QUN3YmpwVnNUUnZtOHAvblRER3ZGNjgKLS0tIGNFU2F6a1dxbjdCYlpwWDlUOTdp MkhkZzk4aGloTjZLS2taVzJxUFBMNUEKLS0tIGdTMHZJaVJkcTRCcmluWnlmdno5
TjJEUEMxeU5kczZJdGtaVlU2cVY1WVUKkK55TM6wt8mjSPs9Et/8L0uqk584KN5b NkZBMXRsUmxaOVNybGo3amI2V0NyUkkKPnLqP3PgVFeGdkOp+rom4oHbNuVPWj0J
IETi/iTeDlSPO06KM24eybiIrKBu+S0ZgqXgRCnOLHAz0LSdJVPHEw== NhKl4JEXyjPf91Y2s++ItjbppiRiCiq9/vZk7rHEJGsI7RZrH8HCrQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1actwp5rqczazhgl94npwc0phxuxzjgrk9v82e32sahanw8cyuc7stxkls2 - recipient: age1actwp5rqczazhgl94npwc0phxuxzjgrk9v82e32sahanw8cyuc7stxkls2
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkT1JaL05GK0psYjBsVHB0 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRVzNEWmlTMWVTcGRIWVlw
YlRVY1lQR2Fyck1GN3FvOStxOVRmTXE3R0dzClBRNW9YNXJWeDEwTUhPakdvTGFM MTJ1QzVoRDZkT0srMTM0U1JXL2poUldZSzJ3CmxEZmJuZi9SS1pOMG96OENkdG50
Y0p2eXBLUU5MRHl5aklWWmpaUjZEb2sKLS0tIEJrdVV6SkFWZW1uZWFybENmak42 WHBmTEpjNlE2dTZZMlpvbnJYRzNNdVEKLS0tIGlOSThQYmY2aE1JOHlITkV6WWlm
U2RYOUNnOHdWcG0zakkxZGVrdDVTVUEKZ8sOwUBgAWVBOrqxefxvyea8fXnLfbZZ d2RiU2lXbjA2VU5IaHVHOTlFOHJHT28KGGo9EJPvGFijYn0ndFrJOAbnVSs42sgA
4KkxdodeA/g7ztu6zeqpTV6pM+ltILjsEw1woG18u8RHKDspw8LarQ== 2AvsE5gp4Y0bLaDDI158DSqvm/r1YGRZRRiVFpU51JdlcpqE9WvYng==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1rf6h87qp9ckpmf7yrvkmq3faqn5fnqx4lyg83zf5v09wnew7muzsmmnx9x - recipient: age1mxenttus0r7uva77t36hrn02vysmde5h4lspcytcma6cjkmqlvnqsk3lj0
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWdE1hbWhTMitzUW90NmxW YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNb2ltQjlHMlpGV3c1ZjVB
eFk2WlY0dlB4UjRQWkZzOE0zSHJLWi9NM2p3CklmV2dtZXNHWjcrTkpZZjRBRVBP ZHpRaXMyR1h2M1k5SkpOSFRaWWRGVWJTVG13CktoM2RoUDRmd3pLRzJXQUxwZWRt
R3RUREdyTDJVVGxBbGx1eUgvcEJEL1EKLS0tIGJSbFdseUY4TWZHUGREcWtFc282 bys0bmtDUzJtaXBGRHlwdXdOWjZLOFEKLS0tIEo0OUswSkhNMHp3ODBZRXdKLzhW
Y3F3a2pWQlRSa2NlZ2hVVXpVQkZIMzgKtTzX7BR9ajpVZ/liDgBNwfsxjTCVuycd TTRpeTNOai84bWRQWGVid3NybklybWcKd5b8L8sInIxDgJ0LvxNdJJq9/HtLkdmd
L0oLVvEyUlpWPAqVL8JgJuFLIlA5dwPzLkmxdbUlQOEdVkbc8OGJ/Q== z3D/E0jW0IsoxerNKKL34FaeBLt8q0qRVL+uZBGxtlbQG+HryQX1Pw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1d3dnansjhwtzj7pylk0nadg5jkqvzfe7zqs9rhx3yeerzwxyp4esxxsy7y - recipient: age1d3dnansjhwtzj7pylk0nadg5jkqvzfe7zqs9rhx3yeerzwxyp4esxxsy7y
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBTW9JZnd2dHZWT05DbHUy YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3ck1vNzRqYk9hdXhJS09a
cnpKOU9nc0lxWVBEOFozT0xNV3J1Ukx5KzA0ClNhR3NQKzN1TlU4eDdacnBQcjJn SEdwdWF5UU9HZ2p4elZKUSthMDVOSEU1NUF3CnRjdm1pbElJcmY2UzNNKytKVWJz
SWE4TWpUR1JrZ29SUjc1akRkS0lvYWsKLS0tIFhaNktXRUR0VUZSTTd4QytKT1Jx NEtrRmlYcGduWnRVcjZoYVNpNlNrMUEKLS0tIGFqUmZtb3B6Q2huZXhGYVY0WEIv
NmFpWVNKRENSYkNWcVk2M3RIYmtpSmMKBfzyOjjoCRsvTUX34PiGEIJ0ETJjq5ZR TWRWdHNGVi9NV0lKMVY2RnFTYWFib2MKzMeQMFm1WwfURSEyVt2lkecm8UBExCuf
qsxGOTOrG9FMv9slfvWPOaMnDeJCQc2CZS0b0EqfNg/eFzFxG/jOuw== Q+cSd0ZuW1JRAfZ3VfqLr3o0yRS4ZsYwuazfpc/WE6yhctNohOX5fg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-02T21:11:59Z" lastmodified: "2025-07-02T21:11:59Z"
mac: ENC[AES256_GCM,data:an4y6gci+Cm6RpJuFV9OUcUmZrMXUMFUD91BzWMFKTEDSgvdmh7BjuVFITlF2hR2HCOmGGjmosglqsQwMt46SNfRlFW8bcQUSh+NUbxa0YRNd84nZAtW2u8G7D48mZ0ajrUmkFyCa1WcIcY8fmwx0hKl/WOHMjeNouZVu3RzDSk=,iv:idzW6mjP2iUKeIW9LHxgRgm2M7EtXR5SOjPgmrBYJjY=,tag:XctkRR27gX21U8ndnVxYGg==,type:str] mac: ENC[AES256_GCM,data:an4y6gci+Cm6RpJuFV9OUcUmZrMXUMFUD91BzWMFKTEDSgvdmh7BjuVFITlF2hR2HCOmGGjmosglqsQwMt46SNfRlFW8bcQUSh+NUbxa0YRNd84nZAtW2u8G7D48mZ0ajrUmkFyCa1WcIcY8fmwx0hKl/WOHMjeNouZVu3RzDSk=,iv:idzW6mjP2iUKeIW9LHxgRgm2M7EtXR5SOjPgmrBYJjY=,tag:XctkRR27gX21U8ndnVxYGg==,type:str]

32
secrets/nextcloud.yaml
View file

@ -4,29 +4,29 @@ sops:
- recipient: age1pvkuvcc38pke3euzsjzpgp6s6v3jykug2e69rplytdy7gxntm5jsraxhvp - recipient: age1pvkuvcc38pke3euzsjzpgp6s6v3jykug2e69rplytdy7gxntm5jsraxhvp
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnNW43cVMzdnI2L0NpRVZ1 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1d1diTVhlR200c3NRb1dr
VTBocVNRRTVoaVlsWFZ6RHZIQkp6MDF3ajMwCm5tQ1REYjkxcG1kdVRLWCtRalVz TGdmbGR0YXVVbDcxdkwxZkpQVE02VXpZSkZzCjNUYUxDN3JwRmZHL2hxQXVrQUx1
cHdqanNuZkdMU1ZpZWdzUWxyOVJwbmsKLS0tIEx3T0drakJ3ZkRYZElEbEJvZEM2 OHVwUlhBejJWQ3FqbWQ3dHJDMUltOGMKLS0tIFNKd0FwQnRBS29OVlJvQzFneUdq
dytuWSsrVW9iRGNqTjN0bmNQd3hkODAKFFY88Y3cn+OB4UnvtSZJDINMYwz47cJo UzFmZU10ZGhhR0ZmQmlvS3N4RkZTOVEKGDyugT6d61/0kZCL4Nm/+4oeSvSLxo0C
u/HMDjlcFsC7KWR5sXFjytG73MjrIBUMTBp9C6hjgfoUfzw+4AzCDg== i9WEAf4Fm3m7nAgXlat1O4jyUdft7QNfRlzUb80CnYlXMeXKU7hNYA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1actwp5rqczazhgl94npwc0phxuxzjgrk9v82e32sahanw8cyuc7stxkls2 - recipient: age1actwp5rqczazhgl94npwc0phxuxzjgrk9v82e32sahanw8cyuc7stxkls2
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBRDNjNFVob0huQ0RKaFcz YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNVlNNeEl5VFpEWG5LcFdZ
R05SVlBvUloyL1VVUlVHeHoycXI3K0NJeEVVCmFWZ1dwMysrTlVZZFRhN05LRDVC ZENiWXMya242ZERPT2R1Vjl3YW9wL3R5Qmx3CmhQOWZEUm5sMi8yQWRSTnIvQmVo
Q2x5ek1paUp2cGJmMDZEZmp6RkU1eFkKLS0tIDRBK2FSUkU3TS9Rb0VjTGFhV1pE cTZqc2hTN29rQ2pQV2lNR1F3V3N2bmMKLS0tIGc2eFRKNVVnRm4zc0ZhSVVPUTRL
K25UQ3FKQzYzdUYyUjF2VkVGYytybncK4LKit4bQQ4ldhGYGQK5RWHIaQhDef8Fk VGo2RVR3a3hmb1IyWHF1SUFmTElRWWsK7AU+HRz07KKuufRmO06w/venstuhCVD0
NTQkrdl+i6lR8DemERL055WUxWeyVUtgkevK5ihVd0tfPZwasRrhVQ== JJTx3ElL8Bbeo0zxFRJXd51h9XZRNLiDRRJa+ptac++PmpR0O3mKyQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1rf6h87qp9ckpmf7yrvkmq3faqn5fnqx4lyg83zf5v09wnew7muzsmmnx9x - recipient: age1mxenttus0r7uva77t36hrn02vysmde5h4lspcytcma6cjkmqlvnqsk3lj0
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUVTBSeC9KK2hXZEtVUzhC YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSSjl2UWR4cktHKzNpdEhG
S2c1YWNiUDVFZlBkQWZpN3V6eTBWWTFCMnpBCnZIN3dabXowSGgrb045T2tpUlZY K1FpTWtud2Z4RzBqZjVEbC9XN3J1SEgrd1MwCmxpMGZadkl1cUovQmJzUmxDM3Yx
cDBiSmNFZVdMY0pncnFiNzVQbVRkSmsKLS0tIDNDYTBzTm9WVzFmZjNMT0h0SWxm akMxdzFIQW5USTFIUFBPak5hK04rbmcKLS0tIDNxTTVVR1o5SHNpb3VxOHAwNmwx
MVA2V2Rnb0l2emU0YjI1dDVETStwbGMKjFdGEZwe3eqZjkIjHNNb3La2BaEAvZGB ME81TWR4UUxBRVdERFdFcm1HM3hPdXcKLyTrHJj/ZzRyIeBtN0yHBQZ3FKxNDPaW
Drs8PPefAWzLHVAiI1nctyniBgNtP7JE/HO0fLkATqJHOGgwnjncYA== xju0sPU9EPz7JR9crC8GXBk0qxScyqUD6NZoGSNXfmYaiuaXGD6LGw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-06-21T13:24:40Z" lastmodified: "2025-06-21T13:24:40Z"
mac: ENC[AES256_GCM,data:mrXZkOlLJBrTcBzetxOdshkIwoYUdO2bzRtOk+DRO8iuc75QpzZqze/1rGiumq4Y5rWxGOj4Z7vZjol5CqpiTq9wo2+2A8IoTkta+5B2FzlkjUzJiVi12szyOgMhcvPDYBtQ+BVUo6PqF3TOT1Vt8KBgga9t4jthVoWDdXe5uUU=,iv:VqImyU5562FPF6/SrzjLz2Mmsp0wzvdralmEZagVW7Q=,tag:SQ+pdA2TOyP0x5sT1au27w==,type:str] mac: ENC[AES256_GCM,data:mrXZkOlLJBrTcBzetxOdshkIwoYUdO2bzRtOk+DRO8iuc75QpzZqze/1rGiumq4Y5rWxGOj4Z7vZjol5CqpiTq9wo2+2A8IoTkta+5B2FzlkjUzJiVi12szyOgMhcvPDYBtQ+BVUo6PqF3TOT1Vt8KBgga9t4jthVoWDdXe5uUU=,iv:VqImyU5562FPF6/SrzjLz2Mmsp0wzvdralmEZagVW7Q=,tag:SQ+pdA2TOyP0x5sT1au27w==,type:str]

8
servers/nextcloud.nix
View file

@ -25,6 +25,14 @@
config = lib.mkMerge [ config = lib.mkMerge [
{ {
environment.persistence."/persist".directories = [
{
directory = config.services.nextcloud.home;
user = "nextcloud";
group = "nextcloud";
mode = "u=rwx,g=rx,o=";
}
];
sops.secrets.admin-pass.sopsFile = ../secrets/nextcloud.yaml; sops.secrets.admin-pass.sopsFile = ../secrets/nextcloud.yaml;
services = { services = {