l ubik.r: init on neoprism.r
This commit is contained in:
parent
2b01c33282
commit
ab06eab6af
38
kartei/lass/ubik.nix
Normal file
38
kartei/lass/ubik.nix
Normal file
|
@ -0,0 +1,38 @@
|
|||
{ r6, w6, ... }:
|
||||
{
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.12";
|
||||
ip6.addr = r6 "0b1c";
|
||||
aliases = [
|
||||
"ubik.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAnWJKDrDmmGZbwVeaBhvOdTR4nsumo1yzOR2Iu+SMTOH6fbgJM5cW
|
||||
WtlgPhrdOMrBYR956SBiBNkvsdczRrOF7F6hvXyDwwoGdWGsZXzaTMJlNAYjP5Y4
|
||||
fbJlDq8/QV/SvVFGeu4XP3g2yuU/aNu/4FkU4jlysX+8wo9qGpIFPLpLvqfuU247
|
||||
jHCatNzHfLK60fx7yt57iDhuX2plyFfQVX7xPTxudfGZKD7rEDEnKX4Ghd5dUkOA
|
||||
z0lr0B1AOrkZgrnajU0ZmkjnNy8lrylCWDOnEPhJdao53gL4XFmUcZaR4uFsWuS7
|
||||
V1VM+VivuMTAXRUnJScyLap2mo6dcr9h11kas70c/R7tI2pGmxlNk9t2uYy/jQnC
|
||||
WmyzNCcqpPSfKikx5sRVAVIuv2wtAKYDuZg+1D4YEfeklA0+ZZlHO43NnRnIoKeO
|
||||
Za0SNUE6vtd/EPoiifMkOWtHaO0LppgOxMTk8OgUxR6dcTmbuL0Roz3aY0rSW3EG
|
||||
+li3yjS3YAtMtvhQwuqooVrkBFrcGQLjTnAfCeUHbCjZidGAHnqhESA+Aj+LKx32
|
||||
0ALQY439xAs6Vf3rICs93cO4Yxa8W1F5sHE6ANOGU+jCmSkCWI2hdHGbckD3L0AQ
|
||||
NBJ+jyXm0kFfVgqRS2i17JPz2ZZxhAHw3KH13Ef1KI4tMdzCvFSayW0CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
tinc.pubkey_ed25519 = "BcbZOID7dipWNH0/uowqCF7Ivqm4QktMoz11Yv249tG";
|
||||
};
|
||||
wiregrill = {
|
||||
ip6.addr = w6 "0b1c";
|
||||
aliases = [
|
||||
"ubik.w"
|
||||
];
|
||||
wireguard.pubkey = ''
|
||||
JakWwg7Rq76jjzLFWPBQJPpzRHbIEbb46VLsSUOKI2I=
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHlqW8zqJpjbva0NTty9Ex7R/Jk2emDxHJNpaM3WPt5L";
|
||||
}
|
|
@ -9,6 +9,7 @@
|
|||
<stockholm/lass/2configs/consul.nix>
|
||||
<stockholm/lass/2configs/yellow-host.nix>
|
||||
<stockholm/lass/2configs/radio/container-host.nix>
|
||||
<stockholm/lass/2configs/ubik-host.nix>
|
||||
|
||||
# other containers
|
||||
<stockholm/lass/2configs/riot.nix>
|
||||
|
|
33
lass/1systems/ubik/config.nix
Normal file
33
lass/1systems/ubik/config.nix
Normal file
|
@ -0,0 +1,33 @@
|
|||
with import <stockholm/lib>;
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
<stockholm/lass/2configs>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.ubik;
|
||||
|
||||
lass.sync-containers3.inContainer = {
|
||||
enable = true;
|
||||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPBFGMjH0+Dco6DVFZbByENMci8CFTLXCL7j53yctPnM";
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||
services.nextcloud = {
|
||||
enable = true;
|
||||
hostName = "c.apanowicz.de";
|
||||
package = pkgs.nextcloud25;
|
||||
config.adminpassFile = "/run/nextcloud.pw";
|
||||
https = true;
|
||||
};
|
||||
systemd.services.nextcloud-setup.serviceConfig.ExecStartPre = [
|
||||
"+${pkgs.writeDash "copy-pw" ''
|
||||
${pkgs.rsync}/bin/rsync \
|
||||
--chown nextcloud:nextcloud \
|
||||
--chmod 0700 \
|
||||
/var/src/secrets/nextcloud.pw /run/nextcloud.pw
|
||||
''}"
|
||||
];
|
||||
}
|
7
lass/1systems/ubik/physical.nix
Normal file
7
lass/1systems/ubik/physical.nix
Normal file
|
@ -0,0 +1,7 @@
|
|||
{
|
||||
imports = [
|
||||
./config.nix
|
||||
];
|
||||
boot.isContainer = true;
|
||||
networking.useDHCP = true;
|
||||
}
|
26
lass/2configs/ubik-host.nix
Normal file
26
lass/2configs/ubik-host.nix
Normal file
|
@ -0,0 +1,26 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
lass.sync-containers3.containers.ubik = {
|
||||
sshKey = "${toString <secrets>}/ubik.sync.key";
|
||||
};
|
||||
containers.ubik.bindMounts."/var/lib" = {
|
||||
hostPath = "/var/lib/sync-containers3/ubik/state";
|
||||
isReadOnly = false;
|
||||
};
|
||||
containers.ubik.bindMounts."/var/lib/nextcloud/data" = {
|
||||
hostPath = "/var/ubik";
|
||||
isReadOnly = false;
|
||||
};
|
||||
services.nginx.virtualHosts."c.apanowicz.de" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
recommendedProxySettings = true;
|
||||
proxyWebsockets = true;
|
||||
proxyPass = "http://ubik.r";
|
||||
extraConfig = ''
|
||||
client_max_body_size 9001M;
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue