Add testbench and rudiger

config/hosts/rudiger/configuration.nix

@@ -0,0 +1,81 @@
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+      ./data/secrets/secrets.nix
+      ../../common/services/ssh.nix
+      ./services/nextcloud.nix
+      ./services/nginx.nix
+      ./services/postgres.nix
+    ];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/sda";
+
+  boot.supportedFilesystems = ["zfs"];
+  services.zfs.autoSnapshot.enable = true;
+  services.zfs.autoScrub.enable = true;
+
+  time.timeZone = "Europe/Copenhagen";
+
+  networking = {
+    hostName = "rudiger";
+    hostId = "8c7b66a4";
+    useDHCP = false;
+    tempAddresses = "disabled";
+    interfaces = {
+      "ens3" = {
+        ipv4.addresses = [ {
+          address = "202.61.202.170";
+          prefixLength = 22;
+        } ];
+        ipv6.addresses = [ {
+          address = "2a03:4000:5a:c61::1";
+          prefixLength = 64;
+        } ];
+      };
+    };
+    defaultGateway = "202.61.200.1";
+    defaultGateway6 = {
+      address = "fe80::1";
+      interface = "ens3";
+    };
+    nameservers = [ "1.1.1.1" "1.0.0.1" "2606:4700:4700::1111" "2606:4700:4700::1001" ];
+  };
+
+  nix = {
+    autoOptimiseStore = true;
+    trustedUsers = [
+      "root"
+      "@wheel"
+    ];
+  };
+  users.users.emelie = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICO4LyBsW1YuUA6i3EL/IZhchSvk7reO4qgRmR/tdQPU emelie@flap"
+    ];
+  };
+  environment.systemPackages = with pkgs; [
+    vim
+    wget
+    htop
+    iotop
+    dig
+  ];
+  security.sudo.wheelNeedsPassword = false;
+
+  systemd.services."nextcloud-setup" = {
+    requires = ["postgresql.service"];
+    after = ["postgresql.service"];
+  };
+
+  networking.firewall.allowedTCPPorts = [ 22 80 443 ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  system.stateVersion = "21.05";
+
+}

config/hosts/rudiger/hardware-configuration.nix

@@ -0,0 +1,42 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+      (modulesPath + "/profiles/minimal.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "rpool/safe/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/F220-781F";
+      fsType = "vfat";
+    };
+
+  fileSystems."/home" =
+    { device = "rpool/safe/home";
+      fsType = "zfs";
+    };
+
+  fileSystems."/nix" =
+    { device = "rpool/local/nix";
+      fsType = "zfs";
+    };
+
+  fileSystems."/var/lib/nextcloud" =
+    { device = "rpool/safe/nextcloud";
+      fsType = "zfs";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/52f7db16-b51b-4b8c-bfea-46184bb3099e"; }
+    ];
+}

config/hosts/rudiger/services/nextcloud.nix

@@ -0,0 +1,20 @@
+{ config, pkgs, ... }:
+{
+  services.nextcloud = {
+    enable = true;
+    hostName = "cloud.graven.dev";
+    #https = true;
+    package = pkgs.nextcloud22;
+    autoUpdateApps.enable = true;
+    maxUploadSize = "10G";
+    webfinger = true;
+    config = {
+      dbtype = "pgsql";
+      dbuser = "nextcloud";
+      dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
+      dbname = "nextcloud";
+      adminpassFile = builtins.toString config.secrets.files.nc_admin_pass.file;
+      adminuser = "root";
+    };
+  };
+}

config/hosts/rudiger/services/nginx.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  imports = [ ../../../common/services/nginx.nix ];
+}

config/hosts/rudiger/services/postgres.nix

@@ -0,0 +1,12 @@
+{ ... }:
+{
+  services.postgresql = {
+    enable = true;
+    ensureDatabases = [ "nextcloud" ];
+    ensureUsers = [
+     { name = "nextcloud";
+       ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
+     }
+    ];
+  };
+}