chonk: extend monitoring, use nextcloud-apps from nixos

hosts/chonk/monitoring.nix

@@ -4,7 +4,64 @@
   self,
   ...
 }: {
-  pub-solar.monitoring-server.enable = true;
+  pub-solar.monitoring-server = {
+    enable = true;
+    listenAddress = "10.0.1.6";
+    grafana.enable = true;
+    node_exporter = {
+      enable = true;
+      hosts = [
+        "10.0.1.11:9002"
+        "10.0.1.12:9002"
+        "10.0.1.13:9002"
+        "10.0.1.254:9100"
+      ];
+    };
+    snmp = {
+      enable = true;
+      hosts = [
+        "192.168.42.1"
+        #"10.0.1.254:9116" = [
+        #  {
+        #    targets = [ "192.168.42.1" ];
+        #    auth = [ "public_v2" ];
+        #    modules = [ "if_mib" ];
+        #  }
+        #];
+      ];
+    };
+    smokeping = {
+      enable = true;
+      hosts = [
+        "mail.gssws.de"
+        "cust.gssws.de"
+        "data.gssws.de"
+        "mail.hosting.de"
+        "blog.fefe.de"
+        # hosting.de
+        "ovh2.goekal.de"
+        "83.151.16.16"
+        "83.151.16.17"
+        "83.151.16.51"
+        "r2backup17.masterlogin.de"
+        "demo.routing.net"
+        "vsrv07344.customer.vlinux.de"
+        "213.160.76.43"
+        "185.11.139.27"
+        "185.11.137.4"
+        "83.151.30.176"
+        "83.151.28.246"
+        "83.151.21.204"
+        "79.140.42.4"
+        "31.15.67.23"
+        "31.15.64.79"
+        "80.244.244.244"
+        "95.129.51.51"
+        "185.11.137.122"
+        "79.140.41.12"
+      ];
+    };
+  };
 
   # wireguard exporter
   networking.firewall.allowedTCPPorts = [9585];

hosts/chonk/nextcloud-apps.nix

@@ -4,84 +4,26 @@
   config,
   lib,
   ...
-}: let
-  notify_push = pkgs.fetchzip {
-    sha256 = "7q1I4V2xUkRUK8qfEwxPNW/srkrGPPXiS1Y1Ew22zls=";
-    url = "https://github.com/nextcloud-releases/notify_push/releases/download/v0.5.2/notify_push-v0.5.2.tar.gz";
-  };
-in {
-  systemd.services.nextcloud-notify-push = {
-    enable = true;
-    wantedBy = ["multi-user.target"];
-    serviceConfig = {
-      Environment = [
-        "PORT=7867"
-        "NEXTCLOUD_URL=https://data.gssws.de"
-      ];
-      ExecStart = "${notify_push}/bin/x86_64/notify_push /mnt/internal/nextcloud/config/config.php";
-      User = "nextcloud";
-    };
-  };
+}: {
+  services.nextcloud.extraApps = with pkgs.nextcloud27Packages.apps; {
+    inherit bookmarks
+      calendar
+      contacts
+      files_markdown
+      impersonate
+      keeweb
+      maps
+      news
+      notes
+      notify_push
+      tasks
+      #twofactor_totp
+      twofactor_webauthn
+      user_saml;
 
-  services.nextcloud.extraApps = with pkgs.nextcloud25Packages.apps; {
-    inherit bookmarks calendar contacts deck keeweb news tasks;
-    inherit notify_push;
-
-    "bruteforcesettings" = pkgs.fetchzip {
-      sha256 = "8Sev4B7AOzLGPX6a4in0BEXJ5oL6m2EYGuBExSCnfok=";
-      url = "https://github.com/nextcloud-releases/bruteforcesettings/releases/download/v2.4.0/bruteforcesettings-v2.4.0.tar.gz";
+    "twofactor_totp" = pkgs.fetchzip {
+      sha256 = "zAPNugbvngXcpgWJLD78YAg4G1QtGaphx1bhhg7mLKE=";
+      url = "https://github.com/nextcloud-releases/twofactor_totp/releases/download/v6.4.1/twofactor_totp-v6.4.1.tar.gz";
     };
-    "cookbook" = pkgs.fetchzip {
-      sha256 = "j7nAprAIY4NMPD6kXfmXVW+PgpRiyx5SRPSe6IEB/vY=";
-      url = "https://github.com/nextcloud/cookbook/releases/download/v0.10.1/Cookbook-0.10.1.tar.gz";
-    };
-    "cospend" = pkgs.fetchzip {
-      sha256 = "vGjK9Sy+q4ycS5MWeTTrwDGPTOp6t4leH+rF/Y54d0c=";
-      url = "https://github.com/eneiluj/cospend-nc/releases/download/v1.5.5/cospend-1.5.5.tar.gz";
-    };
-    "files_accesscontrol" = pkgs.fetchzip {
-      sha256 = "34goKXWLUym5p7alby3WEyFzr346psHUeJ/+OZtfGmc=";
-      url = "https://github.com/nextcloud-releases/files_accesscontrol/releases/download/v1.15.1/files_accesscontrol-v1.15.1.tar.gz";
-    };
-    "files_automatedtagging" = pkgs.fetchzip {
-      sha256 = "PmcqHojtfww3wNIFoLM+hVXAjoo4zqzK6sUMeveHYa0=";
-      url = "https://github.com/nextcloud-releases/files_automatedtagging/releases/download/v1.15.0/files_automatedtagging-v1.15.0.tar.gz";
-    };
-    "files_fulltextsearch" = pkgs.fetchzip {
-      sha256 = "DEl/CbCvwiWvkNQOuKtHWzifq3AMrhL5wLHmSMuL4TU=";
-      url = "https://github.com/nextcloud-releases/files_fulltextsearch/releases/download/25.0.0/files_fulltextsearch-25.0.0.tar.gz";
-    };
-    "files_mindmap" = pkgs.fetchzip {
-      sha256 = "/u1H2QvyKfdGjelFAkLc3rRGQlm3T+OajAbpUF0+cdY=";
-      url = "https://github.com/ACTom/files_mindmap/releases/download/v0.0.27/files_mindmap-0.0.27.tar.gz";
-    };
-    "fulltextsearch" = pkgs.fetchzip {
-      sha256 = "1LVo5Cv6Gf4M/laVlHfm5wAQ8I8EsdLIThVm/jUj6uA=";
-      url = "https://github.com/nextcloud-releases/fulltextsearch/releases/download/25.0.0/fulltextsearch-25.0.0.tar.gz";
-    };
-    "groupfolders" = pkgs.fetchzip {
-      sha256 = "CGGt5QEzdJqOJywZQTQYeKIy/2JhHYGACHrfAmH9LD0=";
-      url = "https://github.com/nextcloud-releases/groupfolders/releases/download/v13.1.0/groupfolders-v13.1.0.tar.gz";
-    };
-    "maps" = pkgs.fetchzip {
-      sha256 = "8HNew2sIlMd+wt2a6jXa1tZpub56AnB5gfBs/cYlkcI=";
-      url = "https://github.com/nextcloud/maps/releases/download/v0.2.4/maps-0.2.4.tar.gz";
-    };
-    #"notify_push" = pkgs.fetchzip {
-    #  sha256 = "7q1I4V2xUkRUK8qfEwxPNW/srkrGPPXiS1Y1Ew22zls=";
-    #  url = "https://github.com/nextcloud-releases/notify_push/releases/download/v0.5.2/notify_push-v0.5.2.tar.gz";
-    #};
-    "quota_warning" = pkgs.fetchzip {
-      sha256 = "If4tW4yJbJ1xgfOyN0wxcgHLxXUrtKPdphRhbQOM6b4=";
-      url = "https://github.com/nextcloud-releases/quota_warning/releases/download/v1.15.0/quota_warning-v1.15.0.tar.gz";
-    };
-    "richdocuments" = pkgs.fetchzip {
-      sha256 = "I6Y3lyZADiUCpmnkRS7Muc54uOOvKpWdlQ189EKzesA=";
-      url = "https://github.com/nextcloud-releases/richdocuments/releases/download/v7.0.2/richdocuments-v7.0.2.tar.gz";
-    };
-    #"twofactor_totp" = pkgs.fetchzip {
-    #  sha256 = "p3Ft3sQ/2HPXCFE03dm8pBL39b7bWCi2iAxHkbOK2V4=";
-    #  url = "https://github.com/nextcloud-releases/twofactor_totp/releases/download/v6.4.1/twofactor_totp-v6.4.1.tar.gz";
-    #};
   };
 }

hosts/chonk/nextcloud-collabora.nix

@@ -0,0 +1,39 @@
+{...}: {
+  # Collabora Code server
+  virtualisation.oci-containers.containers."nextcloud-collabora-code" = {
+    image = "collabora/code";
+    autoStart = true;
+    ports = ["127.0.0.1:9980:9980"];
+    environment.domain = "data\\.gssws\\.de";
+    extraOptions = ["--cap-add" "MKNOD"];
+  };
+
+  services.nginx.virtualHosts."office.gssws.de" = let
+    proxyPass = "https://127.0.0.1:9980";
+    extraConfig = "proxy_ssl_verify off;";
+  in {
+    enableACME = true;
+    forceSSL = true;
+
+    locations."^~ /browser" = {
+      inherit proxyPass extraConfig;
+    };
+    locations."^~ /hosting/discovery" = {
+      inherit proxyPass extraConfig;
+    };
+    locations."^~ /hosting/capabilities" = {
+      inherit proxyPass extraConfig;
+    };
+    locations."~ ^/cool/(.*)/ws''$" = {
+      inherit proxyPass extraConfig;
+      proxyWebsockets = true;
+    };
+    locations."~ ^/(c|l)ool" = {
+      inherit proxyPass extraConfig;
+    };
+    locations."^~ /cool/adminws" = {
+      inherit proxyPass extraConfig;
+      proxyWebsockets = true;
+    };
+  };
+}

hosts/chonk/nextcloud.nix

@@ -9,6 +9,7 @@
 in {
   imports = [
     ./nextcloud-apps.nix
+    ./nextcloud-collabora.nix
   ];
 
   age.secrets.nextcloud_db_pass = {
@@ -34,11 +35,6 @@ in {
     virtualHosts."data.gssws.de" = {
       enableACME = true;
       forceSSL = true;
-
-      locations."^~ /push/" = {
-        proxyPass = "http://127.0.0.1:${toString notifyPushPort}";
-        proxyWebsockets = true;
-      };
     };
   };
 
@@ -60,59 +56,23 @@ in {
     ];
   };
 
+  # NOTIFY PUSH
+  services.nextcloud.notify_push.enable = true;
+
   # REDIS
-  services.redis.servers = {
-    "nextcloud".enable = true;
-  };
-
+  services.redis.servers."nextcloud".enable = true;
   users.groups."redis-nextcloud".members = ["nextcloud"];
 
-  # Collabora Code server
-  virtualisation.oci-containers.containers."nextcloud-collabora-code" = {
-    image = "collabora/code";
-    autoStart = true;
-    ports = ["127.0.0.1:9980:9980"];
-    environment.domain = "data\\.gssws\\.de";
-    extraOptions = ["--cap-add" "MKNOD"];
-  };
-
-  services.nginx.virtualHosts."office.gssws.de" = let
-    proxyPass = "https://127.0.0.1:9980";
-    extraConfig = "proxy_ssl_verify off;";
-  in {
-    enableACME = true;
-    forceSSL = true;
-
-    locations."^~ /browser" = {
-      inherit proxyPass extraConfig;
-    };
-    locations."^~ /hosting/discovery" = {
-      inherit proxyPass extraConfig;
-    };
-    locations."^~ /hosting/capabilities" = {
-      inherit proxyPass extraConfig;
-    };
-    locations."~ ^/cool/(.*)/ws''$" = {
-      inherit proxyPass extraConfig;
-      proxyWebsockets = true;
-    };
-    locations."~ ^/(c|l)ool" = {
-      inherit proxyPass extraConfig;
-    };
-    locations."^~ /cool/adminws" = {
-      inherit proxyPass extraConfig;
-      proxyWebsockets = true;
-    };
-  };
-
   # NEXTCLOUD
   systemd.services."nextcloud-setup" = {
     requires = ["postgresql.service"];
     after = ["postgresql.service"];
   };
+
   services.nextcloud = {
     enable = true;
-    package = pkgs.nextcloud25;
+    package = pkgs.nextcloud27;
+    enableBrokenCiphersForSSE = false;
     hostName = "data.gssws.de";
     https = true;
     datadir = "/mnt/internal/nextcloud";
@@ -120,7 +80,7 @@ in {
     caching.apcu = true;
     caching.redis = true;
 
-    phpPackage = lib.mkForce pkgs.php81;
+    phpPackage = lib.mkForce pkgs.php82;
 
     poolSettings = {
       "pm" = "dynamic";
@@ -151,7 +111,7 @@ in {
 
       dbtype = "pgsql";
       dbuser = "nextcloud";
-      dbhost = "/run/postgresql";
+      dbhost = "127.0.0.1:5432";
       dbname = "nextcloud";
       dbpassFile = "/run/agenix/nextcloud_db_pass";
       adminpassFile = "/run/agenix/nextcloud_admin_pass";