From eaf99a2d78d5aff3b1614c4f709dc28f80e62814 Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Sun, 29 Oct 2023 04:48:26 +0100 Subject: [PATCH 01/11] nachtigall: Add nginx config for serving matrix-synapse --- .../apps/matrix/element-client-config.nix | 46 +++++++ hosts/nachtigall/apps/nginx-matrix.nix | 113 ++++++++++++++++++ hosts/nachtigall/default.nix | 1 + 3 files changed, 160 insertions(+) create mode 100644 hosts/nachtigall/apps/matrix/element-client-config.nix create mode 100644 hosts/nachtigall/apps/nginx-matrix.nix diff --git a/hosts/nachtigall/apps/matrix/element-client-config.nix b/hosts/nachtigall/apps/matrix/element-client-config.nix new file mode 100644 index 00000000..e89ea95c --- /dev/null +++ b/hosts/nachtigall/apps/matrix/element-client-config.nix @@ -0,0 +1,46 @@ +{ + default_server_config = { + "m.homeserver" = { + base_url = "https://matrix.test.pub.solar"; + server_name = "test.pub.solar"; + }; + "m.identity_server" = { + base_url = ""; + }; + }; + # TODO: Add themes + # setting_defaults = { + # custom_themes = {{ matrix_client_element_setting_defaults_custom_themes | to_json }} + # }; + # default_theme = {{ matrix_client_element_default_theme | string | to_json }}; + # default_country_code = {{ matrix_client_element_default_country_code | string | to_json }}; + permalink_prefix = "https://matrix.to"; + disable_custom_urls = true; + disable_guests = true; + brand = "Element Solar"; + + # TODO: Configure these + integrations_ui_url = ""; + integrations_rest_url = ""; + integrations_widgets_urls = ""; + integrations_jitsi_widget_url = ""; + + bug_report_endpoint_url = "https://element.io/bugreports/submit"; + show_labs_settings = true; + room_directory = { + servers = ["matrix.org"]; + }; + # TODO: This looks wrong + enable_presence_by_hs_url = "\n"; + embedded_pages = { + homeUrl = ""; + }; + branding = { + auth_footer_links = [{ + text = "Privacy"; + url = "https://pub.solar/privacy"; + }]; + # FUTUREWORK: Replace with pub.solar logo + auth_header_logo_url = "themes/element/img/logos/element-logo.svg"; + }; +} diff --git a/hosts/nachtigall/apps/nginx-matrix.nix b/hosts/nachtigall/apps/nginx-matrix.nix new file mode 100644 index 00000000..13dc2730 --- /dev/null +++ b/hosts/nachtigall/apps/nginx-matrix.nix @@ -0,0 +1,113 @@ +{ lib, pkgs, ... }: +let + commonHeaders = '' + add_header Permissions-Policy interest-cohort=() always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header X-XSS-Protection "1; mode=block"; + ''; + clientConfig = import ./matrix/element-client-config.nix; + wellKnownClient."m.homeserver".base_url = "https://matrix.test.pub.solar"; + wellKnownServer."m.server" = "matrix.test.pub.solar:8448"; + mkWellKnown = data: '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON data}'; + ''; + wellKnownLocations = { + "= /.well-known/matrix/server".extraConfig = mkWellKnown wellKnownServer; + "= /.well-known/matrix/client".extraConfig = mkWellKnown wellKnownClient; + }; +in +{ + services.nginx.virtualHosts = { + "test.pub.solar" = { + root = "/dev/null"; + + forceSSL = lib.mkDefault true; + enableACME = lib.mkDefault true; + + locations = wellKnownLocations; + }; + + "chat.test.pub.solar" = { + forceSSL = true; + enableACME = true; + root = pkgs.element-web.override { + conf = clientConfig; + }; + }; + + "matrix.test.pub.solar" = { + root = "/dev/null"; + + forceSSL = lib.mkDefault true; + enableACME = lib.mkDefault true; + + extraConfig = '' + server_tokens off; + gzip on; + gzip_types text/plain application/json; + ''; + locations = wellKnownLocations // { + # TODO: Configure metrics + # "/metrics" = { + # }; + + "/c3c3f34b-29fb-5feb-86e5-98c75ec8214b" = { + proxyPass = "http://127.0.0.1:8009"; + extraConfig = commonHeaders; + }; + + "~* ^(/_matrix|/_synapse/client|/_synapse/oidc)" = { + proxyPass = "http://127.0.0.1:8008"; + + extraConfig = '' + ${commonHeaders} + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + + client_body_buffer_size 25M; + client_max_body_size 50M; + proxy_max_temp_file_size 0; + ''; + }; + }; + }; + "matrix.pub.solar-federation" = { + serverName = "matrix.test.pub.solar"; + forceSSL = lib.mkDefault true; + enableACME = lib.mkDefault true; + listen = [{ + port = 8448; + addr = "0.0.0.0"; + ssl = true; + } { + port = 8448; + addr = "[::]"; + ssl = true; + }]; + root = "/dev/null"; + extraConfig = '' + server_tokens off; + + gzip on; + gzip_types text/plain application/json; + ''; + locations."/" = { + proxyPass = "http://127.0.0.1:8008"; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + + client_body_buffer_size 25M; + client_max_body_size 150M; + proxy_max_temp_file_size 0; + ''; + }; + }; + }; + networking.firewall.allowedTCPPorts = [8448]; +} + diff --git a/hosts/nachtigall/default.nix b/hosts/nachtigall/default.nix index d452af54..ccd276ff 100644 --- a/hosts/nachtigall/default.nix +++ b/hosts/nachtigall/default.nix @@ -22,5 +22,6 @@ ./apps/matrix/mautrix-telegram.nix ./apps/matrix/synapse.nix + ./apps/nginx-matrix.nix ]; } From 8a2889fd46e9aeea86e45fa2e7c19ae2d94d8f48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 02:46:38 +0200 Subject: [PATCH 02/11] feat: nextcloud initial commit --- hosts/nachtigall/default.nix | 1 + hosts/nachtigall/nextcloud.nix | 37 ++++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 hosts/nachtigall/nextcloud.nix diff --git a/hosts/nachtigall/default.nix b/hosts/nachtigall/default.nix index ccd276ff..01c5f5af 100644 --- a/hosts/nachtigall/default.nix +++ b/hosts/nachtigall/default.nix @@ -14,6 +14,7 @@ ./apps/keycloak.nix ./apps/mailman.nix ./apps/mastodon.nix + ./apps/nextcloud.nix ./apps/nginx-mastodon.nix ./apps/nginx-mastodon-files.nix ./apps/nginx-website.nix diff --git a/hosts/nachtigall/nextcloud.nix b/hosts/nachtigall/nextcloud.nix new file mode 100644 index 00000000..6206806c --- /dev/null +++ b/hosts/nachtigall/nextcloud.nix @@ -0,0 +1,37 @@ +{ config, pkgs, ... }: +{ + services.caddy.virtualHosts."cloud.pub.solar" = { + # logFormat = lib.mkForce '' + # output discard + # ''; + extraConfig = '' + reverse_proxy :8080 + ''; + }; + + services.nginx.virtualHosts."localhost".listen = [ { addr = "127.0.0.1"; port = 8080; } ]; + + services.nextcloud = { + enable = true; + https = true; + secretFile = ""; # secret + + notify_push = { + enable = true; + }; + + config = { + adminuser = "admin"; + dbuser = "nextcloud"; + dbtype = "pgsql"; + dbname = "nextcloud"; + dbtableprefix = "oc_"; + trustedProxies = [ + "cloud.pub.solar" + ]; + }; + + autoUpdateApps.enable = true; + database.createLocally = true; + }; +} From c6453f2631d50e415de1b530f4740d64d4ee47a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 16:53:40 +0200 Subject: [PATCH 03/11] feat: add complete nextcloud config without secrets --- hosts/nachtigall/apps/nextcloud.nix | 81 +++++++++++++++++++++++++++++ hosts/nachtigall/nextcloud.nix | 37 ------------- 2 files changed, 81 insertions(+), 37 deletions(-) create mode 100644 hosts/nachtigall/apps/nextcloud.nix delete mode 100644 hosts/nachtigall/nextcloud.nix diff --git a/hosts/nachtigall/apps/nextcloud.nix b/hosts/nachtigall/apps/nextcloud.nix new file mode 100644 index 00000000..26895970 --- /dev/null +++ b/hosts/nachtigall/apps/nextcloud.nix @@ -0,0 +1,81 @@ +{ config, pkgs, ... }: +{ + services.nextcloud = { + hostName = "cloud.pub.solar"; + home = "/var/lib/nextcloud"; + + enable = true; + https = true; + secretFile = ""; # secret + + configureRedis = true; + + notify_push = { + enable = true; + }; + + config = { + adminuser = "admin"; + dbuser = "nextcloud"; + dbtype = "pgsql"; + dbname = "nextcloud"; + dbtableprefix = "oc_"; + overwriteProtocol = "https"; + }; + + extraOptions = { + overwrite.cli.url = "http://cloud.pub.solar"; + + installed = true; + default_phone_region = "+49"; + mail_sendmailmode = "smtp"; + mail_from_address = "nextcloud"; + mail_smtpmode = "smtp"; + mail_smtpauthtype = "PLAIN"; + mail_domain = "pub.solar"; + mail_smtpname = "admins@pub.solar"; + mail_smtpsecure = "tls"; + mail_smtpauth = 1; + mail_smtphost = "mx2.greenbaum.cloud"; + mail_smtpport = "587"; + + enable_previews = true; + enabledPreviewProviders = [ + "OC\\Preview\\PNG" + "OC\\Preview\\JPEG" + "OC\\Preview\\GIF" + "OC\\Preview\\BMP" + "OC\\Preview\\XBitmap" + "OC\\Preview\\Movie" + "OC\\Preview\\PDF" + "OC\\Preview\\MP3" + "OC\\Preview\\TXT" + "OC\\Preview\\MarkDown" + ]; + preview_max_x = "1024"; + preview_max_y = "768"; + preview_max_scale_factor = "1"; + + auth.bruteforce.protection.enabled = true; + trashbin_retention_obligation = "auto,7"; + skeletondirectory = ""; + defaultapp = "file"; + activity_expire_days = "14"; + integrity.check.disabled = false; + updater.release.channel = "stable"; + loglevel = 0; + maintenance = false; + app_install_overwrite = [ + "pdfdraw" + "integration_whiteboard" + ]; + htaccess.RewriteBase = "/"; + theme = ""; + simpleSignUpLink.shown = false; + }; + + caching.redis = true; + autoUpdateApps.enable = true; + database.createLocally = true; + }; +} diff --git a/hosts/nachtigall/nextcloud.nix b/hosts/nachtigall/nextcloud.nix deleted file mode 100644 index 6206806c..00000000 --- a/hosts/nachtigall/nextcloud.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, pkgs, ... }: -{ - services.caddy.virtualHosts."cloud.pub.solar" = { - # logFormat = lib.mkForce '' - # output discard - # ''; - extraConfig = '' - reverse_proxy :8080 - ''; - }; - - services.nginx.virtualHosts."localhost".listen = [ { addr = "127.0.0.1"; port = 8080; } ]; - - services.nextcloud = { - enable = true; - https = true; - secretFile = ""; # secret - - notify_push = { - enable = true; - }; - - config = { - adminuser = "admin"; - dbuser = "nextcloud"; - dbtype = "pgsql"; - dbname = "nextcloud"; - dbtableprefix = "oc_"; - trustedProxies = [ - "cloud.pub.solar" - ]; - }; - - autoUpdateApps.enable = true; - database.createLocally = true; - }; -} From 41c5f1797c0bf293dab8a5969c831492ab4ee3b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 02:46:38 +0200 Subject: [PATCH 04/11] feat: nextcloud initial commit --- hosts/nachtigall/nextcloud.nix | 37 ++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 hosts/nachtigall/nextcloud.nix diff --git a/hosts/nachtigall/nextcloud.nix b/hosts/nachtigall/nextcloud.nix new file mode 100644 index 00000000..6206806c --- /dev/null +++ b/hosts/nachtigall/nextcloud.nix @@ -0,0 +1,37 @@ +{ config, pkgs, ... }: +{ + services.caddy.virtualHosts."cloud.pub.solar" = { + # logFormat = lib.mkForce '' + # output discard + # ''; + extraConfig = '' + reverse_proxy :8080 + ''; + }; + + services.nginx.virtualHosts."localhost".listen = [ { addr = "127.0.0.1"; port = 8080; } ]; + + services.nextcloud = { + enable = true; + https = true; + secretFile = ""; # secret + + notify_push = { + enable = true; + }; + + config = { + adminuser = "admin"; + dbuser = "nextcloud"; + dbtype = "pgsql"; + dbname = "nextcloud"; + dbtableprefix = "oc_"; + trustedProxies = [ + "cloud.pub.solar" + ]; + }; + + autoUpdateApps.enable = true; + database.createLocally = true; + }; +} From 422b1ba33e14965963e0b0f731e6f8e7e3724f6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 16:53:40 +0200 Subject: [PATCH 05/11] feat: add complete nextcloud config without secrets --- hosts/nachtigall/nextcloud.nix | 37 ---------------------------------- 1 file changed, 37 deletions(-) delete mode 100644 hosts/nachtigall/nextcloud.nix diff --git a/hosts/nachtigall/nextcloud.nix b/hosts/nachtigall/nextcloud.nix deleted file mode 100644 index 6206806c..00000000 --- a/hosts/nachtigall/nextcloud.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, pkgs, ... }: -{ - services.caddy.virtualHosts."cloud.pub.solar" = { - # logFormat = lib.mkForce '' - # output discard - # ''; - extraConfig = '' - reverse_proxy :8080 - ''; - }; - - services.nginx.virtualHosts."localhost".listen = [ { addr = "127.0.0.1"; port = 8080; } ]; - - services.nextcloud = { - enable = true; - https = true; - secretFile = ""; # secret - - notify_push = { - enable = true; - }; - - config = { - adminuser = "admin"; - dbuser = "nextcloud"; - dbtype = "pgsql"; - dbname = "nextcloud"; - dbtableprefix = "oc_"; - trustedProxies = [ - "cloud.pub.solar" - ]; - }; - - autoUpdateApps.enable = true; - database.createLocally = true; - }; -} From c187b59bd72b2950950ad88faec4af60628f802a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 18:53:02 +0200 Subject: [PATCH 06/11] feat: add nextcloud secrets --- hosts/nachtigall/apps/nextcloud.nix | 8 +++++++- secrets/nextcloud-secrets.age | 28 ++++++++++++++++++++++++++++ secrets/secrets.nix | 2 ++ 3 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 secrets/nextcloud-secrets.age diff --git a/hosts/nachtigall/apps/nextcloud.nix b/hosts/nachtigall/apps/nextcloud.nix index 26895970..1cb6b910 100644 --- a/hosts/nachtigall/apps/nextcloud.nix +++ b/hosts/nachtigall/apps/nextcloud.nix @@ -1,12 +1,18 @@ { config, pkgs, ... }: { + age.secrets."nextcloud-secrets" = { + file = "${flake.self}/secrets/nextcloud-secrets.age"; + mode = "400"; + owner = config.services.mastodon.user; + }; + services.nextcloud = { hostName = "cloud.pub.solar"; home = "/var/lib/nextcloud"; enable = true; https = true; - secretFile = ""; # secret + secretFile = config.age.secrets."nextcloud-secrets".path; # secret configureRedis = true; diff --git a/secrets/nextcloud-secrets.age b/secrets/nextcloud-secrets.age new file mode 100644 index 00000000..937ccecc --- /dev/null +++ b/secrets/nextcloud-secrets.age @@ -0,0 +1,28 @@ +age-encryption.org/v1 +-> ssh-ed25519 iDKjwg GHVh1GUADEN6UVTUYntCaYfEqH+LX+gvaICkBHJ5OUY +rfoD++gVdnZ5HSlXbCOy8Pn7if6QM2WRaShpk0dCJ48 +-> ssh-ed25519 uYcDNw kKeYQIaKjVDKMDBkluuxarRfv2wR9W5TKHzbu1DR2hQ +bfFYcbcQ7De5hwkCng/CIZXWLHgr/cum0+OfRs5ESvI +-> ssh-rsa kFDS0A +pAZ0JEVyYZk3U1vFH/STAuHucNECpbhDdnJR7asfMt2bgTs1dvI9ZA5XBpJs3U4a +PntBwgYebJyHhgeZ0L7q5NYE6eLVThkxnWvm5OP2NjPyTgGUxjp+NA7WNw+Fc/gA +mz//NLMmKVHuknKBVEaZn+2lBWaIXyTkD3KetqxChDcXSnKswesLa6LdHLfE97jP +gHX5Y+JVNeGOlHPn0Ds40I/aFGJJ56p3cD3nTsgoQyGpoQGVIVHO6ghRmVjhSkW4 +7ZfPluq9G0u3NbSD3YjnLrAmUzdJsLPmYme2vvu0YKJr40TG6i5m196DSDuvAtM4 +XhiClq7a2KJfmEF+epVdoXo/7GrPs/F9Bb+NV1S7bVJX7Q87gQ3bbFq2LISu8QvD +HUlx2hJh0fZXpBv6yHIqXutEL1g6XCtpkli15wrHBfEQHOxP6mB/pNeM3gCYwOLX +ZdVqpR46OzOErNDwXTniwQecuKrRB9ecTjmmRZycEZErgEcASEZgAlfu2Q8EIW30 +65byX4EWskm6qlhLxp6SfRXlVcA9XcwIg6q2E2UIoEukZQ5zJNKcFAYec7/xTXs0 +DrLyGkOO+8C0lmCDY8Escd4cge2hIbIcsnQdkfh3NQT1ZqXEXkef/XB6yMEzvysg +3Z13W4dcxwc0ylRFwm2VKcBQD9jDwCyeV4iKohFIyJk +-> ssh-ed25519 YFSOsg X4DtlP1y5JXKyaYXJ/l18S7cOGIDlwk3vhrO0Vk6t3U +OXzEp3tRncra6pBvDoeiLkF4SlaHZ6E6j+UV0q1WB80 +-> ssh-ed25519 iHV63A AYUNvys+v75VarEdcZ1g9r9bnW76Tfq91gWnyED7kB0 +zloI/t4Dfa4re850ldwdFEjbF1OR/5G8VBAl9n7umEs +-> ssh-ed25519 BVsyTA glhHHYg1w7qntg8J3y+6zKJHBaC6PZWFQJnmiQR6axw +WiIDKiuzouGyiyANmEp25T1Dv2IRyRx+lovSpdFP/Dc +-> wcj`iUv7-grease }SsQ!/4Y)V\Q\y_g+HڄHoN@wd @ <: NO X!/̬Y7_ ˂ʠѦA}^q +؃ ɐ`:/"iqjGc[>YtT:h$Oh#, R[ץF3a]{Jѷב"Ƣު \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index cb063560..5b060b56 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -35,4 +35,6 @@ in { "matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ baseKeys; "matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ baseKeys; "matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ baseKeys; + + "nextcloud-secrets.age".publicKeys = nachtigallKeys ++ baseKeys; } From 1577462c945ed11924277dc0bbcc46994d896214 Mon Sep 17 00:00:00 2001 From: Hendrik Sokolowski Date: Sat, 28 Oct 2023 21:34:47 +0200 Subject: [PATCH 07/11] add virtualhost for nextcloud --- hosts/nachtigall/apps/nextcloud.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/nachtigall/apps/nextcloud.nix b/hosts/nachtigall/apps/nextcloud.nix index 1cb6b910..575aa6ec 100644 --- a/hosts/nachtigall/apps/nextcloud.nix +++ b/hosts/nachtigall/apps/nextcloud.nix @@ -6,6 +6,11 @@ owner = config.services.mastodon.user; }; + services.nginx.virtualHosts."cloud.pub.solar" = { + enableACME = true; + forceSSL = true; + }; + services.nextcloud = { hostName = "cloud.pub.solar"; home = "/var/lib/nextcloud"; From f33a7c48e75583c2c884f75253dd9b30a797d3f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 21:39:13 +0200 Subject: [PATCH 08/11] feat: add collabora --- flake.nix | 8 +++++- hosts/nachtigall/apps/collabora.nix | 39 +++++++++++++++++++++++++++++ hosts/nachtigall/default.nix | 1 + 3 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 hosts/nachtigall/apps/collabora.nix diff --git a/flake.nix b/flake.nix index 0bc7545e..48b6fa15 100644 --- a/flake.nix +++ b/flake.nix @@ -103,7 +103,13 @@ nixosModules = { # Common nixos/nix-darwin configuration shared between Linux and macOS. common = { pkgs, ... }: { - virtualisation.docker.enable = true; + virtualisation.docker = { + enable = true; + extraOptions = '' + --data-root /var/lib/docker + ''; + }; + services.openssh.enable = true; services.openssh.settings.PermitRootLogin = "prohibit-password"; services.openssh.settings.PasswordAuthentication = false; diff --git a/hosts/nachtigall/apps/collabora.nix b/hosts/nachtigall/apps/collabora.nix new file mode 100644 index 00000000..89c3e855 --- /dev/null +++ b/hosts/nachtigall/apps/collabora.nix @@ -0,0 +1,39 @@ +{ + config, + lib, + pkgs, + self, + ... +}: { + services.nginx.virtualHosts."collabora.pub.solar" = { + enableACME = true; + forceSSL = true; + + locations."/".proxyPass = "http://localhost:9980"; + }; + + virtualisation = { + oci-containers = { + backend = "docker"; + + containers."collabora" = { + image = "collabora/code"; + autoStart = true; + ports = [ + "9980:9980" + ]; + extraOptions = [ + "--cap-add=MKNOD" + "--pull=always" + ]; + environment = { + server_name = "collabora.pub.solar"; + aliasgroup1 = "https://cloud.pub.solar:443"; + DONT_GEN_SSL_CERT = "1"; + extra_params = "--o:ssl.enable=false --o:ssl.termination=true"; + SLEEPFORDEBUGGER = "0"; + }; + }; + }; + }; +} diff --git a/hosts/nachtigall/default.nix b/hosts/nachtigall/default.nix index 01c5f5af..f4c1ed82 100644 --- a/hosts/nachtigall/default.nix +++ b/hosts/nachtigall/default.nix @@ -10,6 +10,7 @@ ./nix.nix ./apps/nginx.nix + ./apps/collabora.nix ./apps/forgejo.nix ./apps/keycloak.nix ./apps/mailman.nix From a14af74d82af316580d5ea4fca05e7ccf9ebb0a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 29 Oct 2023 13:43:41 +0100 Subject: [PATCH 09/11] fix: don't global bind collabora --- hosts/nachtigall/apps/collabora.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/nachtigall/apps/collabora.nix b/hosts/nachtigall/apps/collabora.nix index 89c3e855..cfe875e0 100644 --- a/hosts/nachtigall/apps/collabora.nix +++ b/hosts/nachtigall/apps/collabora.nix @@ -9,7 +9,7 @@ enableACME = true; forceSSL = true; - locations."/".proxyPass = "http://localhost:9980"; + locations."/".proxyPass = "http://127.0.0.1:9980"; }; virtualisation = { @@ -20,7 +20,7 @@ image = "collabora/code"; autoStart = true; ports = [ - "9980:9980" + "127.0.0.1:9980:9980" ]; extraOptions = [ "--cap-add=MKNOD" From d2c6756371dd4ae430c2d0b7a5f7070fec19cdf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 29 Oct 2023 13:46:06 +0100 Subject: [PATCH 10/11] chore: use php8.2 for nextcloud --- hosts/nachtigall/apps/nextcloud.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/nachtigall/apps/nextcloud.nix b/hosts/nachtigall/apps/nextcloud.nix index 575aa6ec..c7300b33 100644 --- a/hosts/nachtigall/apps/nextcloud.nix +++ b/hosts/nachtigall/apps/nextcloud.nix @@ -18,6 +18,7 @@ enable = true; https = true; secretFile = config.age.secrets."nextcloud-secrets".path; # secret + phpPackage = pkgs.82; configureRedis = true; From 569ff3ee037314ed4d2b8653f2027b65d7cceff2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 29 Oct 2023 13:46:52 +0100 Subject: [PATCH 11/11] fix: fix php package name --- hosts/nachtigall/apps/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/nachtigall/apps/nextcloud.nix b/hosts/nachtigall/apps/nextcloud.nix index c7300b33..ed2f072c 100644 --- a/hosts/nachtigall/apps/nextcloud.nix +++ b/hosts/nachtigall/apps/nextcloud.nix @@ -18,7 +18,7 @@ enable = true; https = true; secretFile = config.age.secrets."nextcloud-secrets".path; # secret - phpPackage = pkgs.82; + phpPackage = pkgs.php82; configureRedis = true;