System Gen2 @ 2026-03-24-21:10:07 by jonas@harbor

2026-03-24 21:10:08 +01:00
parent 4fa113f274
commit 6e6ac58ebd
4 changed files with 46 additions and 32 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -55,6 +55,26 @@
        "type": "github"
      }
    },
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1773889306,
+        "narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "5ad85c82cc52264f4beddc934ba57f3789f28347",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
    "dzgui-nix": {
      "inputs": {
        "nixpkgs": [
@@ -751,6 +771,7 @@
    "root": {
      "inputs": {
        "audio": "audio",
+        "disko": "disko",
        "dzgui-nix": "dzgui-nix",
        "firefox-addons": "firefox-addons",
        "home-manager": "home-manager",
--- a/hosts/harbor/configuration.nix
+++ b/hosts/harbor/configuration.nix
@@ -88,13 +88,16 @@
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "24.11"; # Did you read the comment?
+  system.stateVersion = "25.11"; # Did you read the comment?

  # VPS compat
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/sda";
  boot.loader.grub.version = 2;
-  boot.kernelParams = ["net.ifnames=0"]; # ensure iface is called eth0
+  boot.kernelParams = [
+    "net.ifnames=0" # ensure iface is called eth0
+    "ip=173.249.42.252::173.249.42.1:255.255.255.0:harbor:eth0:none:8.8.8.8"
+  ];
  networking.networkmanager.enable = true;
  networking = {
    # Static network configuration
@@ -109,6 +112,22 @@
      }
    ];
  };
+  # Temporary ssh server for disk unlock
+  boot.initrd = {
+    availableKernelModules = ["virtio_pci"];
+    network = {
+      enable = true;
+      ssh = {
+        enable = true;
+        port = 2222;
+        authorizedKeys = [
+          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyCyYsMSiy7shcehlzJEbCyRiHk+cicFB35Bc2uc4PjjkCjswLh01fRAV2QcplrNkH/5F4GBTbOoZHHc7/AVLyUxgwDC9ffD2i7fevuGpfBFy9D30uz6jDekxXkmRmIlidXLdG1Fh4zwVejGlwdhUu/Zb7PonO/dktx3EFdf1SpnW+y75anN85zoGsld7KQk42wEd0zXtCgx4CKI6Vvt6heWCEiJ9wyw1sLpTJr4H8In236CUj1/r1qY9Gfa8n9NA0J9XCpcwSCEWGRKQNicoQIpnp5txrgzaUq4r6qBKHmImYXmSTVnDZ9dJLRYNu2lDvBtTXP4ztlR6Lpxs873fPg51qgaX9rRVMMo/gGjq8fOFWsDVaJZab9VY3hZYNCKIbWFqo4GKyCQs9Xfzr2AUACm09HWiYMTefwEypOzvUb4z+LF2B/0c5XmghLF/TOzLVgDXzAgWMH4mCnPh9EDLHTtoJaGNURler9VRV8yQyLH6oK9UpHZovCFs7HpFN+WPv2QVFfkK8aHg7tnklFsT78z154bjuspiEI/fFGmTxoQUGufmHlRy/9GQDusgNfe24ZEB2hHBVjKv29XdIfvFAhoPVpA6+O/N3feSlmVISaU+8QraVQEf/TuQjopDUWpJTmqSxKvQSTPwcyWDy6NtcJ85bGAu6jSUGC3ouH4Rb2Q== cardno:000609618602"
+        ];
+        hostKeys = ["/etc/secrets/initrd/ssh_host_rsa_key"];
+        shell = "/bin/cryptsetup-askpass";
+      };
+    };
+  };

  # Set your time zone.
  time.timeZone = "Europe/Berlin";
--- a/hosts/harbor/hardware-configuration.nix
+++ b/hosts/harbor/hardware-configuration.nix
@@ -12,35 +12,10 @@
    (modulesPath + "/profiles/qemu-guest.nix")
  ];

-  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod"];
+  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
  boot.initrd.kernelModules = [];
  boot.kernelModules = [];
  boot.extraModulePackages = [];

-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/a9ac5007-f148-4001-ba49-f6a0bfad85cc";
-    fsType = "ext4";
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/12CE-A600";
-    fsType = "vfat";
-    options = ["fmask=0022" "dmask=0022"];
-  };
-
-  swapDevices = [
-    {
-      device = "/.swapfile";
-      size = 2 * 1024;
-    }
-  ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
-
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }
--- a/modules/services/nextcloud-instance.nix
+++ b/modules/services/nextcloud-instance.nix
@@ -32,7 +32,7 @@ in {
    services.nextcloud = {
      # Instance
      enable = true;
-      package = pkgs.nextcloud31;
+      package = pkgs.nextcloud33;
      hostName = cfg.instanceFQDN;
      https = cfg.ssl;
      configureRedis = true;
@@ -55,12 +55,11 @@ in {
          (config.services.nextcloud.package.packages.apps)
          calendar
          contacts
-          maps
          tasks
          ;
        drop_account = pkgs.fetchNextcloudApp {
-          sha256 = "sha256-AAWAR5i8moGlyGMaNqJwQPqPAHqWvIf4mvZ4U0dfg/A=";
-          url = "https://packages.framasoft.org/projects/nextcloud-apps/drop-account/drop_account-2.7.1.tar.gz";
+          sha256 = "sha256-J+bZVNIb/MokuTYQu8RBKdnZFakh180pa1pW5KHlC80=";
+          url = "https://packages.framasoft.org/projects/nextcloud-apps/drop-account/drop_account-3.0.0.tar.gz";
          license = "agpl3Only";
        };
      };