forked from pub-solar/infra
Merge pull request 'feat: nextcloud' (#6) from feat/nextcloud into main
Reviewed-on: pub-solar/infra-new#6 Reviewed-by: hensoko <hensoko@gssws.de>
This commit is contained in:
commit
b47bfc13d3
|
@ -103,7 +103,13 @@
|
||||||
nixosModules = {
|
nixosModules = {
|
||||||
# Common nixos/nix-darwin configuration shared between Linux and macOS.
|
# Common nixos/nix-darwin configuration shared between Linux and macOS.
|
||||||
common = { pkgs, ... }: {
|
common = { pkgs, ... }: {
|
||||||
virtualisation.docker.enable = true;
|
virtualisation.docker = {
|
||||||
|
enable = true;
|
||||||
|
extraOptions = ''
|
||||||
|
--data-root /var/lib/docker
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
services.openssh.settings.PermitRootLogin = "prohibit-password";
|
services.openssh.settings.PermitRootLogin = "prohibit-password";
|
||||||
services.openssh.settings.PasswordAuthentication = false;
|
services.openssh.settings.PasswordAuthentication = false;
|
||||||
|
|
39
hosts/nachtigall/apps/collabora.nix
Normal file
39
hosts/nachtigall/apps/collabora.nix
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
self,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
services.nginx.virtualHosts."collabora.pub.solar" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
|
||||||
|
locations."/".proxyPass = "http://127.0.0.1:9980";
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualisation = {
|
||||||
|
oci-containers = {
|
||||||
|
backend = "docker";
|
||||||
|
|
||||||
|
containers."collabora" = {
|
||||||
|
image = "collabora/code";
|
||||||
|
autoStart = true;
|
||||||
|
ports = [
|
||||||
|
"127.0.0.1:9980:9980"
|
||||||
|
];
|
||||||
|
extraOptions = [
|
||||||
|
"--cap-add=MKNOD"
|
||||||
|
"--pull=always"
|
||||||
|
];
|
||||||
|
environment = {
|
||||||
|
server_name = "collabora.pub.solar";
|
||||||
|
aliasgroup1 = "https://cloud.pub.solar:443";
|
||||||
|
DONT_GEN_SSL_CERT = "1";
|
||||||
|
extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
|
||||||
|
SLEEPFORDEBUGGER = "0";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
93
hosts/nachtigall/apps/nextcloud.nix
Normal file
93
hosts/nachtigall/apps/nextcloud.nix
Normal file
|
@ -0,0 +1,93 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
{
|
||||||
|
age.secrets."nextcloud-secrets" = {
|
||||||
|
file = "${flake.self}/secrets/nextcloud-secrets.age";
|
||||||
|
mode = "400";
|
||||||
|
owner = config.services.mastodon.user;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."cloud.pub.solar" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nextcloud = {
|
||||||
|
hostName = "cloud.pub.solar";
|
||||||
|
home = "/var/lib/nextcloud";
|
||||||
|
|
||||||
|
enable = true;
|
||||||
|
https = true;
|
||||||
|
secretFile = config.age.secrets."nextcloud-secrets".path; # secret
|
||||||
|
phpPackage = pkgs.php82;
|
||||||
|
|
||||||
|
configureRedis = true;
|
||||||
|
|
||||||
|
notify_push = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
config = {
|
||||||
|
adminuser = "admin";
|
||||||
|
dbuser = "nextcloud";
|
||||||
|
dbtype = "pgsql";
|
||||||
|
dbname = "nextcloud";
|
||||||
|
dbtableprefix = "oc_";
|
||||||
|
overwriteProtocol = "https";
|
||||||
|
};
|
||||||
|
|
||||||
|
extraOptions = {
|
||||||
|
overwrite.cli.url = "http://cloud.pub.solar";
|
||||||
|
|
||||||
|
installed = true;
|
||||||
|
default_phone_region = "+49";
|
||||||
|
mail_sendmailmode = "smtp";
|
||||||
|
mail_from_address = "nextcloud";
|
||||||
|
mail_smtpmode = "smtp";
|
||||||
|
mail_smtpauthtype = "PLAIN";
|
||||||
|
mail_domain = "pub.solar";
|
||||||
|
mail_smtpname = "admins@pub.solar";
|
||||||
|
mail_smtpsecure = "tls";
|
||||||
|
mail_smtpauth = 1;
|
||||||
|
mail_smtphost = "mx2.greenbaum.cloud";
|
||||||
|
mail_smtpport = "587";
|
||||||
|
|
||||||
|
enable_previews = true;
|
||||||
|
enabledPreviewProviders = [
|
||||||
|
"OC\\Preview\\PNG"
|
||||||
|
"OC\\Preview\\JPEG"
|
||||||
|
"OC\\Preview\\GIF"
|
||||||
|
"OC\\Preview\\BMP"
|
||||||
|
"OC\\Preview\\XBitmap"
|
||||||
|
"OC\\Preview\\Movie"
|
||||||
|
"OC\\Preview\\PDF"
|
||||||
|
"OC\\Preview\\MP3"
|
||||||
|
"OC\\Preview\\TXT"
|
||||||
|
"OC\\Preview\\MarkDown"
|
||||||
|
];
|
||||||
|
preview_max_x = "1024";
|
||||||
|
preview_max_y = "768";
|
||||||
|
preview_max_scale_factor = "1";
|
||||||
|
|
||||||
|
auth.bruteforce.protection.enabled = true;
|
||||||
|
trashbin_retention_obligation = "auto,7";
|
||||||
|
skeletondirectory = "";
|
||||||
|
defaultapp = "file";
|
||||||
|
activity_expire_days = "14";
|
||||||
|
integrity.check.disabled = false;
|
||||||
|
updater.release.channel = "stable";
|
||||||
|
loglevel = 0;
|
||||||
|
# maintenance = false;
|
||||||
|
app_install_overwrite = [
|
||||||
|
"pdfdraw"
|
||||||
|
"integration_whiteboard"
|
||||||
|
];
|
||||||
|
htaccess.RewriteBase = "/";
|
||||||
|
theme = "";
|
||||||
|
simpleSignUpLink.shown = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
caching.redis = true;
|
||||||
|
autoUpdateApps.enable = true;
|
||||||
|
database.createLocally = true;
|
||||||
|
};
|
||||||
|
}
|
|
@ -10,10 +10,12 @@
|
||||||
./nix.nix
|
./nix.nix
|
||||||
./apps/nginx.nix
|
./apps/nginx.nix
|
||||||
|
|
||||||
|
./apps/collabora.nix
|
||||||
./apps/forgejo.nix
|
./apps/forgejo.nix
|
||||||
./apps/keycloak.nix
|
./apps/keycloak.nix
|
||||||
./apps/mailman.nix
|
./apps/mailman.nix
|
||||||
./apps/mastodon.nix
|
./apps/mastodon.nix
|
||||||
|
./apps/nextcloud.nix
|
||||||
./apps/nginx-mastodon.nix
|
./apps/nginx-mastodon.nix
|
||||||
./apps/nginx-mastodon-files.nix
|
./apps/nginx-mastodon-files.nix
|
||||||
./apps/nginx-website.nix
|
./apps/nginx-website.nix
|
||||||
|
|
28
secrets/nextcloud-secrets.age
Normal file
28
secrets/nextcloud-secrets.age
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 iDKjwg GHVh1GUADEN6UVTUYntCaYfEqH+LX+gvaICkBHJ5OUY
|
||||||
|
rfoD++gVdnZ5HSlXbCOy8Pn7if6QM2WRaShpk0dCJ48
|
||||||
|
-> ssh-ed25519 uYcDNw kKeYQIaKjVDKMDBkluuxarRfv2wR9W5TKHzbu1DR2hQ
|
||||||
|
bfFYcbcQ7De5hwkCng/CIZXWLHgr/cum0+OfRs5ESvI
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
pAZ0JEVyYZk3U1vFH/STAuHucNECpbhDdnJR7asfMt2bgTs1dvI9ZA5XBpJs3U4a
|
||||||
|
PntBwgYebJyHhgeZ0L7q5NYE6eLVThkxnWvm5OP2NjPyTgGUxjp+NA7WNw+Fc/gA
|
||||||
|
mz//NLMmKVHuknKBVEaZn+2lBWaIXyTkD3KetqxChDcXSnKswesLa6LdHLfE97jP
|
||||||
|
gHX5Y+JVNeGOlHPn0Ds40I/aFGJJ56p3cD3nTsgoQyGpoQGVIVHO6ghRmVjhSkW4
|
||||||
|
7ZfPluq9G0u3NbSD3YjnLrAmUzdJsLPmYme2vvu0YKJr40TG6i5m196DSDuvAtM4
|
||||||
|
XhiClq7a2KJfmEF+epVdoXo/7GrPs/F9Bb+NV1S7bVJX7Q87gQ3bbFq2LISu8QvD
|
||||||
|
HUlx2hJh0fZXpBv6yHIqXutEL1g6XCtpkli15wrHBfEQHOxP6mB/pNeM3gCYwOLX
|
||||||
|
ZdVqpR46OzOErNDwXTniwQecuKrRB9ecTjmmRZycEZErgEcASEZgAlfu2Q8EIW30
|
||||||
|
65byX4EWskm6qlhLxp6SfRXlVcA9XcwIg6q2E2UIoEukZQ5zJNKcFAYec7/xTXs0
|
||||||
|
DrLyGkOO+8C0lmCDY8Escd4cge2hIbIcsnQdkfh3NQT1ZqXEXkef/XB6yMEzvysg
|
||||||
|
3Z13W4dcxwc0ylRFwm2VKcBQD9jDwCyeV4iKohFIyJk
|
||||||
|
-> ssh-ed25519 YFSOsg X4DtlP1y5JXKyaYXJ/l18S7cOGIDlwk3vhrO0Vk6t3U
|
||||||
|
OXzEp3tRncra6pBvDoeiLkF4SlaHZ6E6j+UV0q1WB80
|
||||||
|
-> ssh-ed25519 iHV63A AYUNvys+v75VarEdcZ1g9r9bnW76Tfq91gWnyED7kB0
|
||||||
|
zloI/t4Dfa4re850ldwdFEjbF1OR/5G8VBAl9n7umEs
|
||||||
|
-> ssh-ed25519 BVsyTA glhHHYg1w7qntg8J3y+6zKJHBaC6PZWFQJnmiQR6axw
|
||||||
|
WiIDKiuzouGyiyANmEp25T1Dv2IRyRx+lovSpdFP/Dc
|
||||||
|
-> wcj`iUv7-grease <d5F W
|
||||||
|
dXdOZ0LN94OwYEvaS4paokqfZm7hqw
|
||||||
|
--- oEfnrJu0i9DSupMbQS0hKyVuI9mguqQXDcvXjXUIFS0
|
||||||
|
‡<EFBFBD>—ãaãW(?ÍRÏêþv¥Ô9S$« :ʉ{Içñ½ô< ¾|&Øy$ؼ9UÑC>}ˆSs¶Q!½ê·/ª4ªöY)þV\Q\y_»Ûg+ÅHÚ„Ho‚Nþ@™w§d†
à@ ¯‹ª<:<0B>NO
¼Òí»X±°–„!Ëâ£/̬Y7“Þ_³«Ë‚Ê ³¤¹’¢Ñ¦A}^»q
|
||||||
|
«Øƒ
<0A>àïÄúÉ<C3BA>`:/"i²ÀqjÙÃG³½c›[ó„§>Yõäè‚tTÆ:ƒh$ŽšO¡hù#,¢ÜûR‘£[×¥F–€žŽ3a]©ù€¯{Jѷבþ÷"Æ¢æ¤Þª<C39E>ã
|
|
@ -35,4 +35,6 @@ in {
|
||||||
"matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
"matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
"matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
|
||||||
|
"nextcloud-secrets.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue