l ubik.r: init on neoprism.r

This commit is contained in:
lassulus 2023-01-26 16:15:35 +01:00
parent 2b01c33282
commit ab06eab6af
5 changed files with 105 additions and 0 deletions

38
kartei/lass/ubik.nix Normal file
View file

@ -0,0 +1,38 @@
{ r6, w6, ... }:
{
nets = {
retiolum = {
ip4.addr = "10.243.0.12";
ip6.addr = r6 "0b1c";
aliases = [
"ubik.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAnWJKDrDmmGZbwVeaBhvOdTR4nsumo1yzOR2Iu+SMTOH6fbgJM5cW
WtlgPhrdOMrBYR956SBiBNkvsdczRrOF7F6hvXyDwwoGdWGsZXzaTMJlNAYjP5Y4
fbJlDq8/QV/SvVFGeu4XP3g2yuU/aNu/4FkU4jlysX+8wo9qGpIFPLpLvqfuU247
jHCatNzHfLK60fx7yt57iDhuX2plyFfQVX7xPTxudfGZKD7rEDEnKX4Ghd5dUkOA
z0lr0B1AOrkZgrnajU0ZmkjnNy8lrylCWDOnEPhJdao53gL4XFmUcZaR4uFsWuS7
V1VM+VivuMTAXRUnJScyLap2mo6dcr9h11kas70c/R7tI2pGmxlNk9t2uYy/jQnC
WmyzNCcqpPSfKikx5sRVAVIuv2wtAKYDuZg+1D4YEfeklA0+ZZlHO43NnRnIoKeO
Za0SNUE6vtd/EPoiifMkOWtHaO0LppgOxMTk8OgUxR6dcTmbuL0Roz3aY0rSW3EG
+li3yjS3YAtMtvhQwuqooVrkBFrcGQLjTnAfCeUHbCjZidGAHnqhESA+Aj+LKx32
0ALQY439xAs6Vf3rICs93cO4Yxa8W1F5sHE6ANOGU+jCmSkCWI2hdHGbckD3L0AQ
NBJ+jyXm0kFfVgqRS2i17JPz2ZZxhAHw3KH13Ef1KI4tMdzCvFSayW0CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
tinc.pubkey_ed25519 = "BcbZOID7dipWNH0/uowqCF7Ivqm4QktMoz11Yv249tG";
};
wiregrill = {
ip6.addr = w6 "0b1c";
aliases = [
"ubik.w"
];
wireguard.pubkey = ''
JakWwg7Rq76jjzLFWPBQJPpzRHbIEbb46VLsSUOKI2I=
'';
};
};
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHlqW8zqJpjbva0NTty9Ex7R/Jk2emDxHJNpaM3WPt5L";
}

View file

@ -9,6 +9,7 @@
<stockholm/lass/2configs/consul.nix>
<stockholm/lass/2configs/yellow-host.nix>
<stockholm/lass/2configs/radio/container-host.nix>
<stockholm/lass/2configs/ubik-host.nix>
# other containers
<stockholm/lass/2configs/riot.nix>

View file

@ -0,0 +1,33 @@
with import <stockholm/lib>;
{ config, lib, pkgs, ... }:
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs>
<stockholm/lass/2configs/retiolum.nix>
];
krebs.build.host = config.krebs.hosts.ubik;
lass.sync-containers3.inContainer = {
enable = true;
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPBFGMjH0+Dco6DVFZbByENMci8CFTLXCL7j53yctPnM";
};
networking.firewall.allowedTCPPorts = [ 80 ];
services.nextcloud = {
enable = true;
hostName = "c.apanowicz.de";
package = pkgs.nextcloud25;
config.adminpassFile = "/run/nextcloud.pw";
https = true;
};
systemd.services.nextcloud-setup.serviceConfig.ExecStartPre = [
"+${pkgs.writeDash "copy-pw" ''
${pkgs.rsync}/bin/rsync \
--chown nextcloud:nextcloud \
--chmod 0700 \
/var/src/secrets/nextcloud.pw /run/nextcloud.pw
''}"
];
}

View file

@ -0,0 +1,7 @@
{
imports = [
./config.nix
];
boot.isContainer = true;
networking.useDHCP = true;
}

View file

@ -0,0 +1,26 @@
{ config, pkgs, ... }:
{
lass.sync-containers3.containers.ubik = {
sshKey = "${toString <secrets>}/ubik.sync.key";
};
containers.ubik.bindMounts."/var/lib" = {
hostPath = "/var/lib/sync-containers3/ubik/state";
isReadOnly = false;
};
containers.ubik.bindMounts."/var/lib/nextcloud/data" = {
hostPath = "/var/ubik";
isReadOnly = false;
};
services.nginx.virtualHosts."c.apanowicz.de" = {
enableACME = true;
forceSSL = true;
locations."/" = {
recommendedProxySettings = true;
proxyWebsockets = true;
proxyPass = "http://ubik.r";
extraConfig = ''
client_max_body_size 9001M;
'';
};
};
}