From db77fcc3789a6e532e26f7db3b5ac5d47b9d9b7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 02:46:38 +0200 Subject: [PATCH 01/21] feat: nextcloud initial commit --- hosts/nachtigall/default.nix | 1 + hosts/nachtigall/nextcloud.nix | 37 ++++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 hosts/nachtigall/nextcloud.nix diff --git a/hosts/nachtigall/default.nix b/hosts/nachtigall/default.nix index d452af5..2b21af4 100644 --- a/hosts/nachtigall/default.nix +++ b/hosts/nachtigall/default.nix @@ -14,6 +14,7 @@ ./apps/keycloak.nix ./apps/mailman.nix ./apps/mastodon.nix + ./apps/nextcloud.nix ./apps/nginx-mastodon.nix ./apps/nginx-mastodon-files.nix ./apps/nginx-website.nix diff --git a/hosts/nachtigall/nextcloud.nix b/hosts/nachtigall/nextcloud.nix new file mode 100644 index 0000000..6206806 --- /dev/null +++ b/hosts/nachtigall/nextcloud.nix @@ -0,0 +1,37 @@ +{ config, pkgs, ... }: +{ + services.caddy.virtualHosts."cloud.pub.solar" = { + # logFormat = lib.mkForce '' + # output discard + # ''; + extraConfig = '' + reverse_proxy :8080 + ''; + }; + + services.nginx.virtualHosts."localhost".listen = [ { addr = "127.0.0.1"; port = 8080; } ]; + + services.nextcloud = { + enable = true; + https = true; + secretFile = ""; # secret + + notify_push = { + enable = true; + }; + + config = { + adminuser = "admin"; + dbuser = "nextcloud"; + dbtype = "pgsql"; + dbname = "nextcloud"; + dbtableprefix = "oc_"; + trustedProxies = [ + "cloud.pub.solar" + ]; + }; + + autoUpdateApps.enable = true; + database.createLocally = true; + }; +} -- 2.44.2 From 8737ddbe6cf9ced724706d020da0519bc9b835b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 16:53:40 +0200 Subject: [PATCH 02/21] feat: add complete nextcloud config without secrets --- hosts/nachtigall/apps/nextcloud.nix | 81 +++++++++++++++++++++++++++++ hosts/nachtigall/nextcloud.nix | 37 ------------- 2 files changed, 81 insertions(+), 37 deletions(-) create mode 100644 hosts/nachtigall/apps/nextcloud.nix delete mode 100644 hosts/nachtigall/nextcloud.nix diff --git a/hosts/nachtigall/apps/nextcloud.nix b/hosts/nachtigall/apps/nextcloud.nix new file mode 100644 index 0000000..2689597 --- /dev/null +++ b/hosts/nachtigall/apps/nextcloud.nix @@ -0,0 +1,81 @@ +{ config, pkgs, ... }: +{ + services.nextcloud = { + hostName = "cloud.pub.solar"; + home = "/var/lib/nextcloud"; + + enable = true; + https = true; + secretFile = ""; # secret + + configureRedis = true; + + notify_push = { + enable = true; + }; + + config = { + adminuser = "admin"; + dbuser = "nextcloud"; + dbtype = "pgsql"; + dbname = "nextcloud"; + dbtableprefix = "oc_"; + overwriteProtocol = "https"; + }; + + extraOptions = { + overwrite.cli.url = "http://cloud.pub.solar"; + + installed = true; + default_phone_region = "+49"; + mail_sendmailmode = "smtp"; + mail_from_address = "nextcloud"; + mail_smtpmode = "smtp"; + mail_smtpauthtype = "PLAIN"; + mail_domain = "pub.solar"; + mail_smtpname = "admins@pub.solar"; + mail_smtpsecure = "tls"; + mail_smtpauth = 1; + mail_smtphost = "mx2.greenbaum.cloud"; + mail_smtpport = "587"; + + enable_previews = true; + enabledPreviewProviders = [ + "OC\\Preview\\PNG" + "OC\\Preview\\JPEG" + "OC\\Preview\\GIF" + "OC\\Preview\\BMP" + "OC\\Preview\\XBitmap" + "OC\\Preview\\Movie" + "OC\\Preview\\PDF" + "OC\\Preview\\MP3" + "OC\\Preview\\TXT" + "OC\\Preview\\MarkDown" + ]; + preview_max_x = "1024"; + preview_max_y = "768"; + preview_max_scale_factor = "1"; + + auth.bruteforce.protection.enabled = true; + trashbin_retention_obligation = "auto,7"; + skeletondirectory = ""; + defaultapp = "file"; + activity_expire_days = "14"; + integrity.check.disabled = false; + updater.release.channel = "stable"; + loglevel = 0; + maintenance = false; + app_install_overwrite = [ + "pdfdraw" + "integration_whiteboard" + ]; + htaccess.RewriteBase = "/"; + theme = ""; + simpleSignUpLink.shown = false; + }; + + caching.redis = true; + autoUpdateApps.enable = true; + database.createLocally = true; + }; +} diff --git a/hosts/nachtigall/nextcloud.nix b/hosts/nachtigall/nextcloud.nix deleted file mode 100644 index 6206806..0000000 --- a/hosts/nachtigall/nextcloud.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, pkgs, ... }: -{ - services.caddy.virtualHosts."cloud.pub.solar" = { - # logFormat = lib.mkForce '' - # output discard - # ''; - extraConfig = '' - reverse_proxy :8080 - ''; - }; - - services.nginx.virtualHosts."localhost".listen = [ { addr = "127.0.0.1"; port = 8080; } ]; - - services.nextcloud = { - enable = true; - https = true; - secretFile = ""; # secret - - notify_push = { - enable = true; - }; - - config = { - adminuser = "admin"; - dbuser = "nextcloud"; - dbtype = "pgsql"; - dbname = "nextcloud"; - dbtableprefix = "oc_"; - trustedProxies = [ - "cloud.pub.solar" - ]; - }; - - autoUpdateApps.enable = true; - database.createLocally = true; - }; -} -- 2.44.2 From 1425492e19ffd07dc358d0f49ba3ec2643a45098 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 02:46:38 +0200 Subject: [PATCH 03/21] feat: nextcloud initial commit --- hosts/nachtigall/nextcloud.nix | 37 ++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 hosts/nachtigall/nextcloud.nix diff --git a/hosts/nachtigall/nextcloud.nix b/hosts/nachtigall/nextcloud.nix new file mode 100644 index 0000000..6206806 --- /dev/null +++ b/hosts/nachtigall/nextcloud.nix @@ -0,0 +1,37 @@ +{ config, pkgs, ... }: +{ + services.caddy.virtualHosts."cloud.pub.solar" = { + # logFormat = lib.mkForce '' + # output discard + # ''; + extraConfig = '' + reverse_proxy :8080 + ''; + }; + + services.nginx.virtualHosts."localhost".listen = [ { addr = "127.0.0.1"; port = 8080; } ]; + + services.nextcloud = { + enable = true; + https = true; + secretFile = ""; # secret + + notify_push = { + enable = true; + }; + + config = { + adminuser = "admin"; + dbuser = "nextcloud"; + dbtype = "pgsql"; + dbname = "nextcloud"; + dbtableprefix = "oc_"; + trustedProxies = [ + "cloud.pub.solar" + ]; + }; + + autoUpdateApps.enable = true; + database.createLocally = true; + }; +} -- 2.44.2 From 9244a42a202980069015a2b1586404991e328c52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 16:53:40 +0200 Subject: [PATCH 04/21] feat: add complete nextcloud config without secrets --- hosts/nachtigall/nextcloud.nix | 37 ---------------------------------- 1 file changed, 37 deletions(-) delete mode 100644 hosts/nachtigall/nextcloud.nix diff --git a/hosts/nachtigall/nextcloud.nix b/hosts/nachtigall/nextcloud.nix deleted file mode 100644 index 6206806..0000000 --- a/hosts/nachtigall/nextcloud.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, pkgs, ... }: -{ - services.caddy.virtualHosts."cloud.pub.solar" = { - # logFormat = lib.mkForce '' - # output discard - # ''; - extraConfig = '' - reverse_proxy :8080 - ''; - }; - - services.nginx.virtualHosts."localhost".listen = [ { addr = "127.0.0.1"; port = 8080; } ]; - - services.nextcloud = { - enable = true; - https = true; - secretFile = ""; # secret - - notify_push = { - enable = true; - }; - - config = { - adminuser = "admin"; - dbuser = "nextcloud"; - dbtype = "pgsql"; - dbname = "nextcloud"; - dbtableprefix = "oc_"; - trustedProxies = [ - "cloud.pub.solar" - ]; - }; - - autoUpdateApps.enable = true; - database.createLocally = true; - }; -} -- 2.44.2 From ece8e9156a04dbad04e2e5106d4790c35b326f04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 18:53:02 +0200 Subject: [PATCH 05/21] feat: add nextcloud secrets --- hosts/nachtigall/apps/nextcloud.nix | 8 +++++++- secrets/nextcloud-secrets.age | 28 ++++++++++++++++++++++++++++ secrets/secrets.nix | 2 ++ 3 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 secrets/nextcloud-secrets.age diff --git a/hosts/nachtigall/apps/nextcloud.nix b/hosts/nachtigall/apps/nextcloud.nix index 2689597..1cb6b91 100644 --- a/hosts/nachtigall/apps/nextcloud.nix +++ b/hosts/nachtigall/apps/nextcloud.nix @@ -1,12 +1,18 @@ { config, pkgs, ... }: { + age.secrets."nextcloud-secrets" = { + file = "${flake.self}/secrets/nextcloud-secrets.age"; + mode = "400"; + owner = config.services.mastodon.user; + }; + services.nextcloud = { hostName = "cloud.pub.solar"; home = "/var/lib/nextcloud"; enable = true; https = true; - secretFile = ""; # secret + secretFile = config.age.secrets."nextcloud-secrets".path; # secret configureRedis = true; diff --git a/secrets/nextcloud-secrets.age b/secrets/nextcloud-secrets.age new file mode 100644 index 0000000..937ccec --- /dev/null +++ b/secrets/nextcloud-secrets.age @@ -0,0 +1,28 @@ +age-encryption.org/v1 +-> ssh-ed25519 iDKjwg GHVh1GUADEN6UVTUYntCaYfEqH+LX+gvaICkBHJ5OUY +rfoD++gVdnZ5HSlXbCOy8Pn7if6QM2WRaShpk0dCJ48 +-> ssh-ed25519 uYcDNw kKeYQIaKjVDKMDBkluuxarRfv2wR9W5TKHzbu1DR2hQ +bfFYcbcQ7De5hwkCng/CIZXWLHgr/cum0+OfRs5ESvI +-> ssh-rsa kFDS0A +pAZ0JEVyYZk3U1vFH/STAuHucNECpbhDdnJR7asfMt2bgTs1dvI9ZA5XBpJs3U4a +PntBwgYebJyHhgeZ0L7q5NYE6eLVThkxnWvm5OP2NjPyTgGUxjp+NA7WNw+Fc/gA +mz//NLMmKVHuknKBVEaZn+2lBWaIXyTkD3KetqxChDcXSnKswesLa6LdHLfE97jP +gHX5Y+JVNeGOlHPn0Ds40I/aFGJJ56p3cD3nTsgoQyGpoQGVIVHO6ghRmVjhSkW4 +7ZfPluq9G0u3NbSD3YjnLrAmUzdJsLPmYme2vvu0YKJr40TG6i5m196DSDuvAtM4 +XhiClq7a2KJfmEF+epVdoXo/7GrPs/F9Bb+NV1S7bVJX7Q87gQ3bbFq2LISu8QvD +HUlx2hJh0fZXpBv6yHIqXutEL1g6XCtpkli15wrHBfEQHOxP6mB/pNeM3gCYwOLX +ZdVqpR46OzOErNDwXTniwQecuKrRB9ecTjmmRZycEZErgEcASEZgAlfu2Q8EIW30 +65byX4EWskm6qlhLxp6SfRXlVcA9XcwIg6q2E2UIoEukZQ5zJNKcFAYec7/xTXs0 +DrLyGkOO+8C0lmCDY8Escd4cge2hIbIcsnQdkfh3NQT1ZqXEXkef/XB6yMEzvysg +3Z13W4dcxwc0ylRFwm2VKcBQD9jDwCyeV4iKohFIyJk +-> ssh-ed25519 YFSOsg X4DtlP1y5JXKyaYXJ/l18S7cOGIDlwk3vhrO0Vk6t3U +OXzEp3tRncra6pBvDoeiLkF4SlaHZ6E6j+UV0q1WB80 +-> ssh-ed25519 iHV63A AYUNvys+v75VarEdcZ1g9r9bnW76Tfq91gWnyED7kB0 +zloI/t4Dfa4re850ldwdFEjbF1OR/5G8VBAl9n7umEs +-> ssh-ed25519 BVsyTA glhHHYg1w7qntg8J3y+6zKJHBaC6PZWFQJnmiQR6axw +WiIDKiuzouGyiyANmEp25T1Dv2IRyRx+lovSpdFP/Dc +-> wcj`iUv7-grease }SsQ!/4Y)V\Q\y_g+HڄHoN@wd @ <: NO X!/̬Y7_ ˂ʠѦA}^q +؃ ɐ`:/"iqjGc[>YtT:h$Oh#, R[ץF3a]{Jѷב"Ƣު \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index cb06356..5b060b5 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -35,4 +35,6 @@ in { "matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ baseKeys; "matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ baseKeys; "matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ baseKeys; + + "nextcloud-secrets.age".publicKeys = nachtigallKeys ++ baseKeys; } -- 2.44.2 From ea7996ce0a1715ca5e47df374ca7ff2ce412a6aa Mon Sep 17 00:00:00 2001 From: Hendrik Sokolowski Date: Sat, 28 Oct 2023 21:34:47 +0200 Subject: [PATCH 06/21] add virtualhost for nextcloud --- hosts/nachtigall/apps/nextcloud.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/nachtigall/apps/nextcloud.nix b/hosts/nachtigall/apps/nextcloud.nix index 1cb6b91..575aa6e 100644 --- a/hosts/nachtigall/apps/nextcloud.nix +++ b/hosts/nachtigall/apps/nextcloud.nix @@ -6,6 +6,11 @@ owner = config.services.mastodon.user; }; + services.nginx.virtualHosts."cloud.pub.solar" = { + enableACME = true; + forceSSL = true; + }; + services.nextcloud = { hostName = "cloud.pub.solar"; home = "/var/lib/nextcloud"; -- 2.44.2 From 3cb548d77a4a3f3df7c2a8118f28ab2abe195a68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 21:39:13 +0200 Subject: [PATCH 07/21] feat: add collabora --- flake.nix | 8 +++++- hosts/nachtigall/apps/collabora.nix | 39 +++++++++++++++++++++++++++++ hosts/nachtigall/default.nix | 1 + 3 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 hosts/nachtigall/apps/collabora.nix diff --git a/flake.nix b/flake.nix index 0bc7545..48b6fa1 100644 --- a/flake.nix +++ b/flake.nix @@ -103,7 +103,13 @@ nixosModules = { # Common nixos/nix-darwin configuration shared between Linux and macOS. common = { pkgs, ... }: { - virtualisation.docker.enable = true; + virtualisation.docker = { + enable = true; + extraOptions = '' + --data-root /var/lib/docker + ''; + }; + services.openssh.enable = true; services.openssh.settings.PermitRootLogin = "prohibit-password"; services.openssh.settings.PasswordAuthentication = false; diff --git a/hosts/nachtigall/apps/collabora.nix b/hosts/nachtigall/apps/collabora.nix new file mode 100644 index 0000000..89c3e85 --- /dev/null +++ b/hosts/nachtigall/apps/collabora.nix @@ -0,0 +1,39 @@ +{ + config, + lib, + pkgs, + self, + ... +}: { + services.nginx.virtualHosts."collabora.pub.solar" = { + enableACME = true; + forceSSL = true; + + locations."/".proxyPass = "http://localhost:9980"; + }; + + virtualisation = { + oci-containers = { + backend = "docker"; + + containers."collabora" = { + image = "collabora/code"; + autoStart = true; + ports = [ + "9980:9980" + ]; + extraOptions = [ + "--cap-add=MKNOD" + "--pull=always" + ]; + environment = { + server_name = "collabora.pub.solar"; + aliasgroup1 = "https://cloud.pub.solar:443"; + DONT_GEN_SSL_CERT = "1"; + extra_params = "--o:ssl.enable=false --o:ssl.termination=true"; + SLEEPFORDEBUGGER = "0"; + }; + }; + }; + }; +} diff --git a/hosts/nachtigall/default.nix b/hosts/nachtigall/default.nix index 2b21af4..5d1781d 100644 --- a/hosts/nachtigall/default.nix +++ b/hosts/nachtigall/default.nix @@ -10,6 +10,7 @@ ./nix.nix ./apps/nginx.nix + ./apps/collabora.nix ./apps/forgejo.nix ./apps/keycloak.nix ./apps/mailman.nix -- 2.44.2 From 25f4c8d296811eb9378f7854ac8e3b32bba7e808 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 29 Oct 2023 13:43:41 +0100 Subject: [PATCH 08/21] fix: don't global bind collabora --- hosts/nachtigall/apps/collabora.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/nachtigall/apps/collabora.nix b/hosts/nachtigall/apps/collabora.nix index 89c3e85..cfe875e 100644 --- a/hosts/nachtigall/apps/collabora.nix +++ b/hosts/nachtigall/apps/collabora.nix @@ -9,7 +9,7 @@ enableACME = true; forceSSL = true; - locations."/".proxyPass = "http://localhost:9980"; + locations."/".proxyPass = "http://127.0.0.1:9980"; }; virtualisation = { @@ -20,7 +20,7 @@ image = "collabora/code"; autoStart = true; ports = [ - "9980:9980" + "127.0.0.1:9980:9980" ]; extraOptions = [ "--cap-add=MKNOD" -- 2.44.2 From ac817a7ca2568d69ccc0695cf1ef73e8b391494d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 29 Oct 2023 13:46:06 +0100 Subject: [PATCH 09/21] chore: use php8.2 for nextcloud --- hosts/nachtigall/apps/nextcloud.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/nachtigall/apps/nextcloud.nix b/hosts/nachtigall/apps/nextcloud.nix index 575aa6e..c7300b3 100644 --- a/hosts/nachtigall/apps/nextcloud.nix +++ b/hosts/nachtigall/apps/nextcloud.nix @@ -18,6 +18,7 @@ enable = true; https = true; secretFile = config.age.secrets."nextcloud-secrets".path; # secret + phpPackage = pkgs.82; configureRedis = true; -- 2.44.2 From b42917de78cf3c56ea110a17d6f2bf0a67b93695 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 29 Oct 2023 13:46:52 +0100 Subject: [PATCH 10/21] fix: fix php package name --- hosts/nachtigall/apps/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/nachtigall/apps/nextcloud.nix b/hosts/nachtigall/apps/nextcloud.nix index c7300b3..ed2f072 100644 --- a/hosts/nachtigall/apps/nextcloud.nix +++ b/hosts/nachtigall/apps/nextcloud.nix @@ -18,7 +18,7 @@ enable = true; https = true; secretFile = config.age.secrets."nextcloud-secrets".path; # secret - phpPackage = pkgs.82; + phpPackage = pkgs.php82; configureRedis = true; -- 2.44.2 From 8a2889fd46e9aeea86e45fa2e7c19ae2d94d8f48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 02:46:38 +0200 Subject: [PATCH 11/21] feat: nextcloud initial commit --- hosts/nachtigall/default.nix | 1 + hosts/nachtigall/nextcloud.nix | 37 ++++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 hosts/nachtigall/nextcloud.nix diff --git a/hosts/nachtigall/default.nix b/hosts/nachtigall/default.nix index ccd276f..01c5f5a 100644 --- a/hosts/nachtigall/default.nix +++ b/hosts/nachtigall/default.nix @@ -14,6 +14,7 @@ ./apps/keycloak.nix ./apps/mailman.nix ./apps/mastodon.nix + ./apps/nextcloud.nix ./apps/nginx-mastodon.nix ./apps/nginx-mastodon-files.nix ./apps/nginx-website.nix diff --git a/hosts/nachtigall/nextcloud.nix b/hosts/nachtigall/nextcloud.nix new file mode 100644 index 0000000..6206806 --- /dev/null +++ b/hosts/nachtigall/nextcloud.nix @@ -0,0 +1,37 @@ +{ config, pkgs, ... }: +{ + services.caddy.virtualHosts."cloud.pub.solar" = { + # logFormat = lib.mkForce '' + # output discard + # ''; + extraConfig = '' + reverse_proxy :8080 + ''; + }; + + services.nginx.virtualHosts."localhost".listen = [ { addr = "127.0.0.1"; port = 8080; } ]; + + services.nextcloud = { + enable = true; + https = true; + secretFile = ""; # secret + + notify_push = { + enable = true; + }; + + config = { + adminuser = "admin"; + dbuser = "nextcloud"; + dbtype = "pgsql"; + dbname = "nextcloud"; + dbtableprefix = "oc_"; + trustedProxies = [ + "cloud.pub.solar" + ]; + }; + + autoUpdateApps.enable = true; + database.createLocally = true; + }; +} -- 2.44.2 From c6453f2631d50e415de1b530f4740d64d4ee47a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 16:53:40 +0200 Subject: [PATCH 12/21] feat: add complete nextcloud config without secrets --- hosts/nachtigall/apps/nextcloud.nix | 81 +++++++++++++++++++++++++++++ hosts/nachtigall/nextcloud.nix | 37 ------------- 2 files changed, 81 insertions(+), 37 deletions(-) create mode 100644 hosts/nachtigall/apps/nextcloud.nix delete mode 100644 hosts/nachtigall/nextcloud.nix diff --git a/hosts/nachtigall/apps/nextcloud.nix b/hosts/nachtigall/apps/nextcloud.nix new file mode 100644 index 0000000..2689597 --- /dev/null +++ b/hosts/nachtigall/apps/nextcloud.nix @@ -0,0 +1,81 @@ +{ config, pkgs, ... }: +{ + services.nextcloud = { + hostName = "cloud.pub.solar"; + home = "/var/lib/nextcloud"; + + enable = true; + https = true; + secretFile = ""; # secret + + configureRedis = true; + + notify_push = { + enable = true; + }; + + config = { + adminuser = "admin"; + dbuser = "nextcloud"; + dbtype = "pgsql"; + dbname = "nextcloud"; + dbtableprefix = "oc_"; + overwriteProtocol = "https"; + }; + + extraOptions = { + overwrite.cli.url = "http://cloud.pub.solar"; + + installed = true; + default_phone_region = "+49"; + mail_sendmailmode = "smtp"; + mail_from_address = "nextcloud"; + mail_smtpmode = "smtp"; + mail_smtpauthtype = "PLAIN"; + mail_domain = "pub.solar"; + mail_smtpname = "admins@pub.solar"; + mail_smtpsecure = "tls"; + mail_smtpauth = 1; + mail_smtphost = "mx2.greenbaum.cloud"; + mail_smtpport = "587"; + + enable_previews = true; + enabledPreviewProviders = [ + "OC\\Preview\\PNG" + "OC\\Preview\\JPEG" + "OC\\Preview\\GIF" + "OC\\Preview\\BMP" + "OC\\Preview\\XBitmap" + "OC\\Preview\\Movie" + "OC\\Preview\\PDF" + "OC\\Preview\\MP3" + "OC\\Preview\\TXT" + "OC\\Preview\\MarkDown" + ]; + preview_max_x = "1024"; + preview_max_y = "768"; + preview_max_scale_factor = "1"; + + auth.bruteforce.protection.enabled = true; + trashbin_retention_obligation = "auto,7"; + skeletondirectory = ""; + defaultapp = "file"; + activity_expire_days = "14"; + integrity.check.disabled = false; + updater.release.channel = "stable"; + loglevel = 0; + maintenance = false; + app_install_overwrite = [ + "pdfdraw" + "integration_whiteboard" + ]; + htaccess.RewriteBase = "/"; + theme = ""; + simpleSignUpLink.shown = false; + }; + + caching.redis = true; + autoUpdateApps.enable = true; + database.createLocally = true; + }; +} diff --git a/hosts/nachtigall/nextcloud.nix b/hosts/nachtigall/nextcloud.nix deleted file mode 100644 index 6206806..0000000 --- a/hosts/nachtigall/nextcloud.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, pkgs, ... }: -{ - services.caddy.virtualHosts."cloud.pub.solar" = { - # logFormat = lib.mkForce '' - # output discard - # ''; - extraConfig = '' - reverse_proxy :8080 - ''; - }; - - services.nginx.virtualHosts."localhost".listen = [ { addr = "127.0.0.1"; port = 8080; } ]; - - services.nextcloud = { - enable = true; - https = true; - secretFile = ""; # secret - - notify_push = { - enable = true; - }; - - config = { - adminuser = "admin"; - dbuser = "nextcloud"; - dbtype = "pgsql"; - dbname = "nextcloud"; - dbtableprefix = "oc_"; - trustedProxies = [ - "cloud.pub.solar" - ]; - }; - - autoUpdateApps.enable = true; - database.createLocally = true; - }; -} -- 2.44.2 From 41c5f1797c0bf293dab8a5969c831492ab4ee3b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 02:46:38 +0200 Subject: [PATCH 13/21] feat: nextcloud initial commit --- hosts/nachtigall/nextcloud.nix | 37 ++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 hosts/nachtigall/nextcloud.nix diff --git a/hosts/nachtigall/nextcloud.nix b/hosts/nachtigall/nextcloud.nix new file mode 100644 index 0000000..6206806 --- /dev/null +++ b/hosts/nachtigall/nextcloud.nix @@ -0,0 +1,37 @@ +{ config, pkgs, ... }: +{ + services.caddy.virtualHosts."cloud.pub.solar" = { + # logFormat = lib.mkForce '' + # output discard + # ''; + extraConfig = '' + reverse_proxy :8080 + ''; + }; + + services.nginx.virtualHosts."localhost".listen = [ { addr = "127.0.0.1"; port = 8080; } ]; + + services.nextcloud = { + enable = true; + https = true; + secretFile = ""; # secret + + notify_push = { + enable = true; + }; + + config = { + adminuser = "admin"; + dbuser = "nextcloud"; + dbtype = "pgsql"; + dbname = "nextcloud"; + dbtableprefix = "oc_"; + trustedProxies = [ + "cloud.pub.solar" + ]; + }; + + autoUpdateApps.enable = true; + database.createLocally = true; + }; +} -- 2.44.2 From 422b1ba33e14965963e0b0f731e6f8e7e3724f6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 16:53:40 +0200 Subject: [PATCH 14/21] feat: add complete nextcloud config without secrets --- hosts/nachtigall/nextcloud.nix | 37 ---------------------------------- 1 file changed, 37 deletions(-) delete mode 100644 hosts/nachtigall/nextcloud.nix diff --git a/hosts/nachtigall/nextcloud.nix b/hosts/nachtigall/nextcloud.nix deleted file mode 100644 index 6206806..0000000 --- a/hosts/nachtigall/nextcloud.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, pkgs, ... }: -{ - services.caddy.virtualHosts."cloud.pub.solar" = { - # logFormat = lib.mkForce '' - # output discard - # ''; - extraConfig = '' - reverse_proxy :8080 - ''; - }; - - services.nginx.virtualHosts."localhost".listen = [ { addr = "127.0.0.1"; port = 8080; } ]; - - services.nextcloud = { - enable = true; - https = true; - secretFile = ""; # secret - - notify_push = { - enable = true; - }; - - config = { - adminuser = "admin"; - dbuser = "nextcloud"; - dbtype = "pgsql"; - dbname = "nextcloud"; - dbtableprefix = "oc_"; - trustedProxies = [ - "cloud.pub.solar" - ]; - }; - - autoUpdateApps.enable = true; - database.createLocally = true; - }; -} -- 2.44.2 From c187b59bd72b2950950ad88faec4af60628f802a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 18:53:02 +0200 Subject: [PATCH 15/21] feat: add nextcloud secrets --- hosts/nachtigall/apps/nextcloud.nix | 8 +++++++- secrets/nextcloud-secrets.age | 28 ++++++++++++++++++++++++++++ secrets/secrets.nix | 2 ++ 3 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 secrets/nextcloud-secrets.age diff --git a/hosts/nachtigall/apps/nextcloud.nix b/hosts/nachtigall/apps/nextcloud.nix index 2689597..1cb6b91 100644 --- a/hosts/nachtigall/apps/nextcloud.nix +++ b/hosts/nachtigall/apps/nextcloud.nix @@ -1,12 +1,18 @@ { config, pkgs, ... }: { + age.secrets."nextcloud-secrets" = { + file = "${flake.self}/secrets/nextcloud-secrets.age"; + mode = "400"; + owner = config.services.mastodon.user; + }; + services.nextcloud = { hostName = "cloud.pub.solar"; home = "/var/lib/nextcloud"; enable = true; https = true; - secretFile = ""; # secret + secretFile = config.age.secrets."nextcloud-secrets".path; # secret configureRedis = true; diff --git a/secrets/nextcloud-secrets.age b/secrets/nextcloud-secrets.age new file mode 100644 index 0000000..937ccec --- /dev/null +++ b/secrets/nextcloud-secrets.age @@ -0,0 +1,28 @@ +age-encryption.org/v1 +-> ssh-ed25519 iDKjwg GHVh1GUADEN6UVTUYntCaYfEqH+LX+gvaICkBHJ5OUY +rfoD++gVdnZ5HSlXbCOy8Pn7if6QM2WRaShpk0dCJ48 +-> ssh-ed25519 uYcDNw kKeYQIaKjVDKMDBkluuxarRfv2wR9W5TKHzbu1DR2hQ +bfFYcbcQ7De5hwkCng/CIZXWLHgr/cum0+OfRs5ESvI +-> ssh-rsa kFDS0A +pAZ0JEVyYZk3U1vFH/STAuHucNECpbhDdnJR7asfMt2bgTs1dvI9ZA5XBpJs3U4a +PntBwgYebJyHhgeZ0L7q5NYE6eLVThkxnWvm5OP2NjPyTgGUxjp+NA7WNw+Fc/gA +mz//NLMmKVHuknKBVEaZn+2lBWaIXyTkD3KetqxChDcXSnKswesLa6LdHLfE97jP +gHX5Y+JVNeGOlHPn0Ds40I/aFGJJ56p3cD3nTsgoQyGpoQGVIVHO6ghRmVjhSkW4 +7ZfPluq9G0u3NbSD3YjnLrAmUzdJsLPmYme2vvu0YKJr40TG6i5m196DSDuvAtM4 +XhiClq7a2KJfmEF+epVdoXo/7GrPs/F9Bb+NV1S7bVJX7Q87gQ3bbFq2LISu8QvD +HUlx2hJh0fZXpBv6yHIqXutEL1g6XCtpkli15wrHBfEQHOxP6mB/pNeM3gCYwOLX +ZdVqpR46OzOErNDwXTniwQecuKrRB9ecTjmmRZycEZErgEcASEZgAlfu2Q8EIW30 +65byX4EWskm6qlhLxp6SfRXlVcA9XcwIg6q2E2UIoEukZQ5zJNKcFAYec7/xTXs0 +DrLyGkOO+8C0lmCDY8Escd4cge2hIbIcsnQdkfh3NQT1ZqXEXkef/XB6yMEzvysg +3Z13W4dcxwc0ylRFwm2VKcBQD9jDwCyeV4iKohFIyJk +-> ssh-ed25519 YFSOsg X4DtlP1y5JXKyaYXJ/l18S7cOGIDlwk3vhrO0Vk6t3U +OXzEp3tRncra6pBvDoeiLkF4SlaHZ6E6j+UV0q1WB80 +-> ssh-ed25519 iHV63A AYUNvys+v75VarEdcZ1g9r9bnW76Tfq91gWnyED7kB0 +zloI/t4Dfa4re850ldwdFEjbF1OR/5G8VBAl9n7umEs +-> ssh-ed25519 BVsyTA glhHHYg1w7qntg8J3y+6zKJHBaC6PZWFQJnmiQR6axw +WiIDKiuzouGyiyANmEp25T1Dv2IRyRx+lovSpdFP/Dc +-> wcj`iUv7-grease }SsQ!/4Y)V\Q\y_g+HڄHoN@wd @ <: NO X!/̬Y7_ ˂ʠѦA}^q +؃ ɐ`:/"iqjGc[>YtT:h$Oh#, R[ץF3a]{Jѷב"Ƣު \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index cb06356..5b060b5 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -35,4 +35,6 @@ in { "matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ baseKeys; "matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ baseKeys; "matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ baseKeys; + + "nextcloud-secrets.age".publicKeys = nachtigallKeys ++ baseKeys; } -- 2.44.2 From 1577462c945ed11924277dc0bbcc46994d896214 Mon Sep 17 00:00:00 2001 From: Hendrik Sokolowski Date: Sat, 28 Oct 2023 21:34:47 +0200 Subject: [PATCH 16/21] add virtualhost for nextcloud --- hosts/nachtigall/apps/nextcloud.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/nachtigall/apps/nextcloud.nix b/hosts/nachtigall/apps/nextcloud.nix index 1cb6b91..575aa6e 100644 --- a/hosts/nachtigall/apps/nextcloud.nix +++ b/hosts/nachtigall/apps/nextcloud.nix @@ -6,6 +6,11 @@ owner = config.services.mastodon.user; }; + services.nginx.virtualHosts."cloud.pub.solar" = { + enableACME = true; + forceSSL = true; + }; + services.nextcloud = { hostName = "cloud.pub.solar"; home = "/var/lib/nextcloud"; -- 2.44.2 From f33a7c48e75583c2c884f75253dd9b30a797d3f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 28 Oct 2023 21:39:13 +0200 Subject: [PATCH 17/21] feat: add collabora --- flake.nix | 8 +++++- hosts/nachtigall/apps/collabora.nix | 39 +++++++++++++++++++++++++++++ hosts/nachtigall/default.nix | 1 + 3 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 hosts/nachtigall/apps/collabora.nix diff --git a/flake.nix b/flake.nix index 0bc7545..48b6fa1 100644 --- a/flake.nix +++ b/flake.nix @@ -103,7 +103,13 @@ nixosModules = { # Common nixos/nix-darwin configuration shared between Linux and macOS. common = { pkgs, ... }: { - virtualisation.docker.enable = true; + virtualisation.docker = { + enable = true; + extraOptions = '' + --data-root /var/lib/docker + ''; + }; + services.openssh.enable = true; services.openssh.settings.PermitRootLogin = "prohibit-password"; services.openssh.settings.PasswordAuthentication = false; diff --git a/hosts/nachtigall/apps/collabora.nix b/hosts/nachtigall/apps/collabora.nix new file mode 100644 index 0000000..89c3e85 --- /dev/null +++ b/hosts/nachtigall/apps/collabora.nix @@ -0,0 +1,39 @@ +{ + config, + lib, + pkgs, + self, + ... +}: { + services.nginx.virtualHosts."collabora.pub.solar" = { + enableACME = true; + forceSSL = true; + + locations."/".proxyPass = "http://localhost:9980"; + }; + + virtualisation = { + oci-containers = { + backend = "docker"; + + containers."collabora" = { + image = "collabora/code"; + autoStart = true; + ports = [ + "9980:9980" + ]; + extraOptions = [ + "--cap-add=MKNOD" + "--pull=always" + ]; + environment = { + server_name = "collabora.pub.solar"; + aliasgroup1 = "https://cloud.pub.solar:443"; + DONT_GEN_SSL_CERT = "1"; + extra_params = "--o:ssl.enable=false --o:ssl.termination=true"; + SLEEPFORDEBUGGER = "0"; + }; + }; + }; + }; +} diff --git a/hosts/nachtigall/default.nix b/hosts/nachtigall/default.nix index 01c5f5a..f4c1ed8 100644 --- a/hosts/nachtigall/default.nix +++ b/hosts/nachtigall/default.nix @@ -10,6 +10,7 @@ ./nix.nix ./apps/nginx.nix + ./apps/collabora.nix ./apps/forgejo.nix ./apps/keycloak.nix ./apps/mailman.nix -- 2.44.2 From a14af74d82af316580d5ea4fca05e7ccf9ebb0a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 29 Oct 2023 13:43:41 +0100 Subject: [PATCH 18/21] fix: don't global bind collabora --- hosts/nachtigall/apps/collabora.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/nachtigall/apps/collabora.nix b/hosts/nachtigall/apps/collabora.nix index 89c3e85..cfe875e 100644 --- a/hosts/nachtigall/apps/collabora.nix +++ b/hosts/nachtigall/apps/collabora.nix @@ -9,7 +9,7 @@ enableACME = true; forceSSL = true; - locations."/".proxyPass = "http://localhost:9980"; + locations."/".proxyPass = "http://127.0.0.1:9980"; }; virtualisation = { @@ -20,7 +20,7 @@ image = "collabora/code"; autoStart = true; ports = [ - "9980:9980" + "127.0.0.1:9980:9980" ]; extraOptions = [ "--cap-add=MKNOD" -- 2.44.2 From d2c6756371dd4ae430c2d0b7a5f7070fec19cdf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 29 Oct 2023 13:46:06 +0100 Subject: [PATCH 19/21] chore: use php8.2 for nextcloud --- hosts/nachtigall/apps/nextcloud.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/nachtigall/apps/nextcloud.nix b/hosts/nachtigall/apps/nextcloud.nix index 575aa6e..c7300b3 100644 --- a/hosts/nachtigall/apps/nextcloud.nix +++ b/hosts/nachtigall/apps/nextcloud.nix @@ -18,6 +18,7 @@ enable = true; https = true; secretFile = config.age.secrets."nextcloud-secrets".path; # secret + phpPackage = pkgs.82; configureRedis = true; -- 2.44.2 From 569ff3ee037314ed4d2b8653f2027b65d7cceff2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 29 Oct 2023 13:46:52 +0100 Subject: [PATCH 20/21] fix: fix php package name --- hosts/nachtigall/apps/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/nachtigall/apps/nextcloud.nix b/hosts/nachtigall/apps/nextcloud.nix index c7300b3..ed2f072 100644 --- a/hosts/nachtigall/apps/nextcloud.nix +++ b/hosts/nachtigall/apps/nextcloud.nix @@ -18,7 +18,7 @@ enable = true; https = true; secretFile = config.age.secrets."nextcloud-secrets".path; # secret - phpPackage = pkgs.82; + phpPackage = pkgs.php82; configureRedis = true; -- 2.44.2 From 42879bde054f326f73c7ee6fc498181a4b87b5de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 29 Oct 2023 13:52:11 +0100 Subject: [PATCH 21/21] fix: don't set maintenance mode in nix config --- hosts/nachtigall/apps/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/nachtigall/apps/nextcloud.nix b/hosts/nachtigall/apps/nextcloud.nix index ed2f072..ca9ac87 100644 --- a/hosts/nachtigall/apps/nextcloud.nix +++ b/hosts/nachtigall/apps/nextcloud.nix @@ -76,7 +76,7 @@ integrity.check.disabled = false; updater.release.channel = "stable"; loglevel = 0; - maintenance = false; + # maintenance = false; app_install_overwrite = [ "pdfdraw" "integration_whiteboard" -- 2.44.2