eli/flowback-infra
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Create minimal cloud staging config for netcup VPS

Browse source
This commit is contained in:
Eli Fadi 2026-03-17 20:37:51 +01:00
parent 8c1d4baeda
commit 3ceca975ae
1 changed files with 5 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

40
hosts/staging/configuration.nix
View file

@ -4,55 +4,25 @@
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../modules/common.nix ../../modules/common.nix
../../modules/sops.nix
../../modules/nextcloud.nix
../../modules/forgejo.nix
]; ];
networking.hostName = name; networking.hostName = name;
time.timeZone = "Europe/Stockholm";
# Staging: open ports for web boot.loader.grub.enable = true;
networking.firewall.allowedTCPPorts = [ 80 443 22 ]; boot.loader.grub.device = "/dev/vda";
# Put placeholders for domains now; you can change later networking.firewall.allowedTCPPorts = [ 22 80 443 ];
services.flowback = {
nextcloudHost = "cloud-staging.example.com";
forgejoHost = "git-staging.example.com";
};
# Minimal user (replace with your SSH key)
users.users.elifa = { users.users.elifa = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGI1L2SZzAfxkdHPsgJe0cx9s0owlMPyS6LnAURzXyad eli@wsl" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGI1L2SZzAfxkdHPsgJe0cx9s0owlMPyS6LnAURzXyad eli@wsl"
]; ];
}; };
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
# Local VM overrides (so you can test immediately without real DNS/TLS/secrets)
virtualisation.vmVariant = { lib, config, ... }: {
# Forward guest port 80 -> host port 8080
virtualisation.forwardPorts = [
{ from = "host"; host.port = 8080; guest.port = 80; }
];
# Disable ACME/forced SSL for VM testing
security.acme.acceptTerms = lib.mkForce false;
services.nginx.virtualHosts.${config.services.flowback.nextcloudHost}.enableACME = lib.mkForce false;
services.nginx.virtualHosts.${config.services.flowback.nextcloudHost}.forceSSL = lib.mkForce false;
services.nginx.virtualHosts.${config.services.flowback.forgejoHost}.enableACME = lib.mkForce false;
services.nginx.virtualHosts.${config.services.flowback.forgejoHost}.forceSSL = lib.mkForce false;
# Nextcloud over HTTP in VM
services.nextcloud.https = lib.mkForce false;
# VM-only admin password file (OK for local testing)
environment.etc."nextcloud-adminpass".text = "admin123admin123";
services.nextcloud.config.adminpassFile = lib.mkForce "/etc/nextcloud-adminpass";
# Allow Forgejo user creation in VM (first user becomes admin during setup)
services.forgejo.settings.service.DISABLE_REGISTRATION = lib.mkForce false;
};
system.stateVersion = "25.11"; system.stateVersion = "25.11";
} }