From 3981805a6baf952fba27f39e85e38327e91e3dc0 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Sat, 30 Dec 2023 21:13:48 +0100
Subject: [PATCH] add experimental module for data sharing on hypverisor

---
 nixos/machines/default.nix |  1 +
 nixos/modules/default.nix  |  1 +
 nixos/modules/thecloud.nix | 65 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 67 insertions(+)
 create mode 100644 nixos/modules/thecloud.nix

diff --git a/nixos/machines/default.nix b/nixos/machines/default.nix
index 08342c1..e272f71 100644
--- a/nixos/machines/default.nix
+++ b/nixos/machines/default.nix
@@ -40,6 +40,7 @@
       disko.osDiskDevice = "/dev/sda";
       backups.enable = true;
       networking.allowDMZConnectivity = true;
+      thecloud.enable = true;
 
       dataDisk = {
         enable = true;
diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix
index dade716..00d077f 100644
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@@ -7,5 +7,6 @@
     ./disko.nix
     ./backups.nix
     ./networking.nix
+    ./thecloud.nix
   ];
 }
diff --git a/nixos/modules/thecloud.nix b/nixos/modules/thecloud.nix
new file mode 100644
index 0000000..e62b8a1
--- /dev/null
+++ b/nixos/modules/thecloud.nix
@@ -0,0 +1,65 @@
+{ pkgs, lib, config, ... }:
+let
+  cfg = config.lab.thecloud;
+  nfsShares = [
+    "/ancient"
+  ];
+  nfsExports = lib.strings.concatLines (
+    builtins.map
+      (share:
+        "${cfg.nfsRoot}${share} 192.168.30.0/24(rw,sync,no_subtree_check,no_root_squash)"
+      )
+      nfsShares
+  );
+in
+{
+  options.lab.thecloud = {
+    enable = lib.mkOption {
+      default = false;
+      type = lib.types.bool;
+      description = ''
+        Experimental: migrate thecloud.dmz to hypervisor.
+      '';
+    };
+
+    nfsRoot = lib.mkOption {
+      default = "/mnt/data";
+      type = lib.types.str;
+      description = ''
+        Root directory of NFS data.
+      '';
+    };
+
+    postgresDir = lib.mkOption {
+      default = "/mnt/data/postgresql/${config.services.postgresql.package.psqlSchema}";
+      type = lib.types.str;
+      description = ''
+        Postgresql data directory.
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [ 2049 5432 ];
+
+    services = {
+      nfs.server = {
+        enable = true;
+        exports = nfsExports;
+      };
+
+      postgresql = {
+        enable = true;
+        package = pkgs.postgresql_15;
+        enableTCPIP = true;
+
+        dataDir = cfg.postgresDir;
+
+        authentication = ''
+          host	nextcloud	nextcloud	all	md5
+          host	hedgedoc	hedgedoc	all	md5
+        '';
+      };
+    };
+  };
+}