upRootNutrition/dotfiles
upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-12-06 21:17:14 -06:00
Code Issues Projects 1 Releases Packages Wiki Activity Actions

Compare commits

base: upRootNutrition:68b314733800fe7d726e7326b55867bd9fc9ca6d
Branches Tags
upRootNutrition:main
...
compare: upRootNutrition:dc66e0050dd9efb99a0062dd893259a41997a937
Branches Tags
upRootNutrition:main

13 commits
68b3147338 ... dc66e0050d

Author SHA1 Message Date
Nick
dc66e0050d test: trying to fix opencloud 2025-11-30 18:39:54 -06:00
Nick
6da9433ba0 test: trying to fix opencloud 2025-11-30 18:16:08 -06:00
Nick
cd9522913a test: trying to fix opencloud 2025-11-30 17:53:28 -06:00
Nick
b3b9ed430e test: trying to fix opencloud 2025-11-30 17:53:19 -06:00
Nick
8c2a56cda2 test: trying to fix opencloud 2025-11-30 17:33:57 -06:00
Nick
05f1f40208 test: trying to fix opencloud 2025-11-30 17:15:54 -06:00
Nick
58ce309071 test: trying to fix opencloud 2025-11-30 17:13:44 -06:00
Nick
1fe4a86a19 test: trying to fix opencloud 2025-11-30 17:12:26 -06:00
Nick
ac0ba3e5d6 test: trying to fix opencloud 2025-11-30 17:04:02 -06:00
Nick
6a7fb05c69 test: trying to fix opencloud 2025-11-30 16:59:47 -06:00
Nick
3edcf0883b test: trying to fix opencloud 2025-11-30 16:32:34 -06:00
Nick
2d09ad6359 test: trying to fix opencloud 2025-11-30 16:18:57 -06:00
Nick
27c1859ace test: trying to fix opencloud 2025-11-30 14:57:21 -06:00
2 changed files with 64 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

65
modules/nixos/guests/opencloud/ceresOpenCloud/default.nix
View file

@ -30,7 +30,7 @@ in
port = serviceCfg.ports.port0; port = serviceCfg.ports.port0;
address = localhost; address = localhost;
stateDir = "/var/lib/${serviceCfg.name}"; stateDir = "/var/lib/${serviceCfg.name}";
environmentFile = "/run/secrets/projectenv"; environmentFile = "/etc/opencloud-secrets/env";
}; };
openssh = { openssh = {
@ -53,11 +53,43 @@ in
opencloud = { opencloud = {
path = [ pkgs.inotify-tools ]; path = [ pkgs.inotify-tools ];
}; };
opencloud-copy-secrets = {
description = "Copy secrets from virtiofs to local filesystem";
before = [
"opencloud-init-config.service"
"opencloud.service"
];
requiredBy = [ "opencloud.service" ];
after = [ "run-secrets.mount" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
set -e
echo "Checking for secrets..."
if [ ! -f /run/secrets/projectenv ]; then
echo "ERROR: /run/secrets/projectenv not found!"
ls -la /run/secrets/ || true
exit 1
fi
echo "Copying secrets..."
mkdir -p /etc/opencloud-secrets
cp /run/secrets/projectenv /etc/opencloud-secrets/env
chmod 755 /etc/opencloud-secrets
chmod 644 /etc/opencloud-secrets/*
echo "Secrets copied successfully"
cat /etc/opencloud-secrets/env
'';
};
}; };
network = { network = {
enable = true; enable = true;
networks."20-lan" = { networks."20-lan" = {
matchConfig.Name = "enp0s5"; matchConfig.Name = "enp0s6";
addresses = [ addresses = [
{ Address = "${serviceCfg.interface.ip}/24"; } { Address = "${serviceCfg.interface.ip}/24"; }
]; ];
@ -75,7 +107,9 @@ in
}; };
tmpfiles.rules = [ tmpfiles.rules = [
"Z ${serviceCfg.varPaths.path0} 0755 ${serviceCfg.name} ${serviceCfg.name} -" "d ${serviceCfg.varPaths.path0} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
"z /etc/opencloud 0700 ${serviceCfg.name} ${serviceCfg.name} -"
# "L+ /etc/opencloud/proxy.yaml - - - - /etc/static/opencloud/proxy.yaml"
]; ];
}; };
@ -83,8 +117,8 @@ in
systemd.services.systemd-networkd.wantedBy = [ "multi-user.target" ]; systemd.services.systemd-networkd.wantedBy = [ "multi-user.target" ];
microvm = { microvm = {
vcpu = 2; vcpu = 1;
mem = 1024 * 3; mem = 1024 * 1;
hypervisor = "qemu"; hypervisor = "qemu";
interfaces = [ interfaces = [
{ {
@ -115,9 +149,15 @@ in
{ {
mountPoint = "/var/lib/${serviceCfg.name}"; mountPoint = "/var/lib/${serviceCfg.name}";
proto = "virtiofs"; proto = "virtiofs";
source = serviceCfg.mntPaths.path0; source = "${serviceCfg.mntPaths.path0}/data";
tag = "${serviceCfg.name}_data"; tag = "${serviceCfg.name}_data";
} }
{
mountPoint = "/etc/opencloud";
proto = "virtiofs";
source = "${serviceCfg.mntPaths.path0}/config";
tag = "${serviceCfg.name}_config";
}
{ {
mountPoint = "/run/secrets"; mountPoint = "/run/secrets";
proto = "virtiofs"; proto = "virtiofs";
@ -132,6 +172,7 @@ in
bottom bottom
trashy trashy
fastfetch fastfetch
opencloud
; ;
}; };
@ -147,7 +188,11 @@ in
services.caddy.virtualHosts = { services.caddy.virtualHosts = {
"${host}" = { "${host}" = {
extraConfig = '' extraConfig =
let
credPath = "/var/lib/acme/${host}";
in
''
reverse_proxy ${serviceCfg.interface.ip}:${toString serviceCfg.ports.port0} { reverse_proxy ${serviceCfg.interface.ip}:${toString serviceCfg.ports.port0} {
header_up X-Real-IP {remote_host} header_up X-Real-IP {remote_host}
} }
@ -155,7 +200,7 @@ in
redir /.well-known/carddav /remote.php/dav/ 301 redir /.well-known/carddav /remote.php/dav/ 301
redir /.well-known/caldav /remote.php/dav/ 301 redir /.well-known/caldav /remote.php/dav/ 301
tls /var/lib/acme/${host}/fullchain.pem /var/lib/acme/${host}/key.pem tls ${credPath}/fullchain.pem ${credPath}/key.pem
''; '';
}; };
}; };
@ -165,8 +210,8 @@ in
systemd = { systemd = {
tmpfiles.rules = [ tmpfiles.rules = [
"d ${serviceCfg.mntPaths.path0} 0751 microvm wheel - -" "d ${serviceCfg.mntPaths.path0} 0751 microvm wheel - -"
"d ${serviceCfg.mntPaths.path0}/storage 0755 opencloud opencloud - -" "d ${serviceCfg.mntPaths.path0}/data 0751 microvm wheel - -"
"d ${serviceCfg.mntPaths.path0}/storage/users 2775 opencloud wheel - -" "d ${serviceCfg.mntPaths.path0}/config 0751 microvm wheel - -"
]; ];
}; };

6
secrets/secrets.yaml
View file

@ -47,7 +47,7 @@ wireguard:
glance: glance:
jellyfin: ENC[AES256_GCM,data:Ddpv23kdMGTWvlemn7o5M2ARQ+NuzUfgO9eLuMnRh/kt,iv:RiMRQPoyHtQqqc3wx48g1+Ip3meuCKSOniLZq2iJ3i4=,tag:B2sZT8R4ZnLIKiUMaU3L+w==,type:str] jellyfin: ENC[AES256_GCM,data:Ddpv23kdMGTWvlemn7o5M2ARQ+NuzUfgO9eLuMnRh/kt,iv:RiMRQPoyHtQqqc3wx48g1+Ip3meuCKSOniLZq2iJ3i4=,tag:B2sZT8R4ZnLIKiUMaU3L+w==,type:str]
opencloud: opencloud:
projectenv: ENC[AES256_GCM,data:+XCd3xScfxCN1Zl5L+4RAOjpmMPhVLSBtqH2nkEUpXhssy5EU82qAanNmqwiIJ1VrYXYovuu3XOwRKY3Ub1nsR5h1S0KUCwav2zmFKVopxF/5jVNIk6qR8Ggz/fAa1YQSW+SAnrtRGvP0Q1SERlCgnH4isVxNvWPyWCZKIgiX2Enu7hVwsJXKLYDomRWt47zzXNUzw50aFn7xPtXE/AYbMPBa+FweCrCfkaQ6i6jPvkdc6VBYTqIanD0908wB2SJA+1xvY7bYgRVB17/4a/9DuUN5J4xU84TOW7EFkvC/hWhlhC58GqQrOFyAgTP4YJHKGbLVKPlc4fcNMh5+pENpPG2fRDElCaLoJcYe6sYhaCDSegpDR/U9bgzKirnCu/hmdG+NQ3sGK/C89JL2kZT+tVT1u5JWnKGOGvLGQm73QUmnssDZVd8ubNsnd57W7siqAXY3+DN46yLrGgmTfHTRi4x2DKF8VCD9jXOxWsyoLvKYDyz09H9dI72xlCtSmcrFAt7bY7uEAWutrPCf3Kh/gq6oFUAPBEwfqhgnpgGA1vyA6o4zhxl4Rqye5YZMx2uNkxdA4wmk9KB/e7BVR/P04TSXoAV931OX7bnlw3XjSw5NTPEPnpmwZ3VPRGGkz171RiQQp+CkwUr35+DdwFrGazuv3wlwAhM19h9SRn8jikrw6PPGVehYp8mB/FhpNgqV0nM2DfjaBqE3yMfDzXH5b92t4Q=,iv:6mlHq6yh03x/FbZNu+A9QBoV6ALX1rRWuL13ItJWriI=,tag:tK6Ek2fzgPPWT8WCeU1Frw==,type:str] projectenv: ENC[AES256_GCM,data:At9x06kOIXWdKQVeoyZyER8u4cyq4rrj8jpZThTJD3jqqc4pmdY52EIGw/sdzcK2IVSesgPiHnyCpqtMXm1dpkW69JLlZDPgf0h9+ADxRvGbLNRN4AszLLa34OtoxaTY53EGAtAY8KLyR6AycxLUVINReVDZWLF45MZ7gCl7HGwo06ut8VE9MqodQuqrwJSNl3lZMmWDP+Xu2INMOYS+sw7AlX8Apxvnqx1bzH34DjBcQkKXD2OYOCZFLmP7rd5NLL9zf3dCBHzNcYg3rIcV5fiYbnvxMRQ9CtiL2JvlcPTe5nNZlsZ3A+urAy/RCB7mDCydBwSEKVzGLwcOQmx+1H/9qXsD3YIvIJCLgcigfUs7d1/dfjOYfAQ2gMNjRRmX583XCu8F2d+bgb090wVYkejYY+61h/89TwVPrp+VC2H/Lt8DNW2qlu7QezvqPBZJf+2gtAPk7KmT4/kG2a2Abnj/TB4CwO20xFEtL/LNOwTfNnAWjHXTZeTl2I3tyGI0jrMmpyzXr6HsflbB9/yGLS3gVIVScOWnsnwhD/8rKqnEv2VmORl4c6zjqHm+W38pO2ehh9Cw+yoacjvGZu54nnGDzBpJai/6tj6+XUuCH8l25AMYyBqDv6OFROkEqRXkkB1rrdmXuUKFP298vShbXk4ZJKeD3PHMpV4pCoRrMmFNlDxeo+sHC+Cf7itFe7qHNjshZHxYoKIl/977gy6urWroWlORiGR+eJXrXFw7bHD/w/atXQ==,iv:vVVUwKuTVmrvcRNNgshbl/weBes6fGcflKqVc/1zRNw=,tag:Jt1lCAnuPs1AP9LAR7BXhg==,type:str]
caddy: caddy:
share-auth: ENC[AES256_GCM,data:3jY2B2GOdz5EPJeAyVsk4XCs5NMft3VquIBep7SxYtEZ9H7IDroq1U1Sch6YVQ7VcL85L4Ix/OVPm4jVDEA0sZiGkltbYXRXZ8CR34ifsHtHR35lgjXyj8ZhJLydw7LgmZCEztWO8GjLdvSY,iv:MT5sA32Djx81HGc36rqV2xS5KUHLAeTyZiOdSu8oqQY=,tag:V1dv4yS2RXf4Xqrl5+tEuA==,type:str] share-auth: ENC[AES256_GCM,data:3jY2B2GOdz5EPJeAyVsk4XCs5NMft3VquIBep7SxYtEZ9H7IDroq1U1Sch6YVQ7VcL85L4Ix/OVPm4jVDEA0sZiGkltbYXRXZ8CR34ifsHtHR35lgjXyj8ZhJLydw7LgmZCEztWO8GjLdvSY,iv:MT5sA32Djx81HGc36rqV2xS5KUHLAeTyZiOdSu8oqQY=,tag:V1dv4yS2RXf4Xqrl5+tEuA==,type:str]
comfyui-auth: ENC[AES256_GCM,data:7VTXoRxnD0NyVCFRAjHaZswEUsFuQd/ZIwVfqGPmNNV87hn6CBYWvxvcPPFwe+uw7BmKMt+I66DyKx5ydYENTWxPocyT/rFdgdtWwNoenj+JwsUzegmMbEiH2HCZdiwKj0h1lo142mtA6zkc,iv:xT5XHCj8D4dyvglstE2oqo92fLdscCkaNMux43hJ7nQ=,tag:HgU9wAmjPvfoDXgnorB5yA==,type:str] comfyui-auth: ENC[AES256_GCM,data:7VTXoRxnD0NyVCFRAjHaZswEUsFuQd/ZIwVfqGPmNNV87hn6CBYWvxvcPPFwe+uw7BmKMt+I66DyKx5ydYENTWxPocyT/rFdgdtWwNoenj+JwsUzegmMbEiH2HCZdiwKj0h1lo142mtA6zkc,iv:xT5XHCj8D4dyvglstE2oqo92fLdscCkaNMux43hJ7nQ=,tag:HgU9wAmjPvfoDXgnorB5yA==,type:str]
@ -78,7 +78,7 @@ sops:
bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD
aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig== aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-29T02:32:25Z" lastmodified: "2025-12-01T00:35:20Z"
mac: ENC[AES256_GCM,data:DiW/akEjhRu7Bvfh3je1llcfj6ytRT5+ntWUIobdvVZA4fu7z00skzUYiAdAg/CAnepEgAJ1R8JDag/TFIrnKg+JHM4Kdv7F4Ier/qaSGURxGQ/rxG5jwsj5N9ar8nWxpt9X3Ox7alyNyGpCW5bzbLL2EWzPmHVQiHWpfrlkivc=,iv:QOWZ5uAq7eNPiJF2/YY83bCnSaCXhm3b25egDcFDczg=,tag:zSlHQvCRugSP/wxJ7P+gGw==,type:str] mac: ENC[AES256_GCM,data:yLqmOp2239jXoew95D+2EDq00j9tEJuIvXT+s653rG+dTesa4oYIDYnSnlZzf+TOHKgz83Xrity2mDeqOnxpdiuLPmKIVQrh4JelgQQJ7OUvtAeJJdvMiaz6M8YLT7jwF8sUF2S0MTysXQK7EPzG/9eokgI5u1U1sp+CNH027Oc=,iv:JGpL/QkFn28wP2qjo7O59PFX3/xjlGSx8EHSavVBTec=,tag:bqmx+MlkGjrnJT0Z+vj5lw==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0