add experimental module for data sharing on hypverisor

nixos/machines/default.nix

@@ -40,6 +40,7 @@
       disko.osDiskDevice = "/dev/sda";
       backups.enable = true;
       networking.allowDMZConnectivity = true;
+      thecloud.enable = true;
 
       dataDisk = {
         enable = true;

nixos/modules/default.nix

@@ -7,5 +7,6 @@
     ./disko.nix
     ./backups.nix
     ./networking.nix
+    ./thecloud.nix
   ];
 }

nixos/modules/thecloud.nix

@@ -0,0 +1,65 @@
+{ pkgs, lib, config, ... }:
+let
+  cfg = config.lab.thecloud;
+  nfsShares = [
+    "/ancient"
+  ];
+  nfsExports = lib.strings.concatLines (
+    builtins.map
+      (share:
+        "${cfg.nfsRoot}${share} 192.168.30.0/24(rw,sync,no_subtree_check,no_root_squash)"
+      )
+      nfsShares
+  );
+in
+{
+  options.lab.thecloud = {
+    enable = lib.mkOption {
+      default = false;
+      type = lib.types.bool;
+      description = ''
+        Experimental: migrate thecloud.dmz to hypervisor.
+      '';
+    };
+
+    nfsRoot = lib.mkOption {
+      default = "/mnt/data";
+      type = lib.types.str;
+      description = ''
+        Root directory of NFS data.
+      '';
+    };
+
+    postgresDir = lib.mkOption {
+      default = "/mnt/data/postgresql/${config.services.postgresql.package.psqlSchema}";
+      type = lib.types.str;
+      description = ''
+        Postgresql data directory.
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [ 2049 5432 ];
+
+    services = {
+      nfs.server = {
+        enable = true;
+        exports = nfsExports;
+      };
+
+      postgresql = {
+        enable = true;
+        package = pkgs.postgresql_15;
+        enableTCPIP = true;
+
+        dataDir = cfg.postgresDir;
+
+        authentication = ''
+          host	nextcloud	nextcloud	all	md5
+          host	hedgedoc	hedgedoc	all	md5
+        '';
+      };
+    };
+  };
+}