From e44fad005723ea673efb7a8e365d0170c1c115f6 Mon Sep 17 00:00:00 2001 From: Hendrik Sokolowski Date: Sun, 1 Oct 2023 22:07:32 +0200 Subject: [PATCH] chonk: extend monitoring, use nextcloud-apps from nixos --- hosts/chonk/monitoring.nix | 59 +++++++++++++++++- hosts/chonk/nextcloud-apps.nix | 96 ++++++----------------------- hosts/chonk/nextcloud-collabora.nix | 39 ++++++++++++ hosts/chonk/nextcloud.nix | 60 +++--------------- 4 files changed, 126 insertions(+), 128 deletions(-) create mode 100644 hosts/chonk/nextcloud-collabora.nix diff --git a/hosts/chonk/monitoring.nix b/hosts/chonk/monitoring.nix index 1cdfb4ae..6ea036eb 100644 --- a/hosts/chonk/monitoring.nix +++ b/hosts/chonk/monitoring.nix @@ -4,7 +4,64 @@ self, ... }: { - pub-solar.monitoring-server.enable = true; + pub-solar.monitoring-server = { + enable = true; + listenAddress = "10.0.1.6"; + grafana.enable = true; + node_exporter = { + enable = true; + hosts = [ + "10.0.1.11:9002" + "10.0.1.12:9002" + "10.0.1.13:9002" + "10.0.1.254:9100" + ]; + }; + snmp = { + enable = true; + hosts = [ + "192.168.42.1" + #"10.0.1.254:9116" = [ + # { + # targets = [ "192.168.42.1" ]; + # auth = [ "public_v2" ]; + # modules = [ "if_mib" ]; + # } + #]; + ]; + }; + smokeping = { + enable = true; + hosts = [ + "mail.gssws.de" + "cust.gssws.de" + "data.gssws.de" + "mail.hosting.de" + "blog.fefe.de" + # hosting.de + "ovh2.goekal.de" + "83.151.16.16" + "83.151.16.17" + "83.151.16.51" + "r2backup17.masterlogin.de" + "demo.routing.net" + "vsrv07344.customer.vlinux.de" + "213.160.76.43" + "185.11.139.27" + "185.11.137.4" + "83.151.30.176" + "83.151.28.246" + "83.151.21.204" + "79.140.42.4" + "31.15.67.23" + "31.15.64.79" + "80.244.244.244" + "95.129.51.51" + "185.11.137.122" + "79.140.41.12" + ]; + }; + }; # wireguard exporter networking.firewall.allowedTCPPorts = [9585]; diff --git a/hosts/chonk/nextcloud-apps.nix b/hosts/chonk/nextcloud-apps.nix index 93cb0788..686e39a4 100644 --- a/hosts/chonk/nextcloud-apps.nix +++ b/hosts/chonk/nextcloud-apps.nix @@ -4,84 +4,26 @@ config, lib, ... -}: let - notify_push = pkgs.fetchzip { - sha256 = "7q1I4V2xUkRUK8qfEwxPNW/srkrGPPXiS1Y1Ew22zls="; - url = "https://github.com/nextcloud-releases/notify_push/releases/download/v0.5.2/notify_push-v0.5.2.tar.gz"; - }; -in { - systemd.services.nextcloud-notify-push = { - enable = true; - wantedBy = ["multi-user.target"]; - serviceConfig = { - Environment = [ - "PORT=7867" - "NEXTCLOUD_URL=https://data.gssws.de" - ]; - ExecStart = "${notify_push}/bin/x86_64/notify_push /mnt/internal/nextcloud/config/config.php"; - User = "nextcloud"; - }; - }; +}: { + services.nextcloud.extraApps = with pkgs.nextcloud27Packages.apps; { + inherit bookmarks + calendar + contacts + files_markdown + impersonate + keeweb + maps + news + notes + notify_push + tasks + #twofactor_totp + twofactor_webauthn + user_saml; - services.nextcloud.extraApps = with pkgs.nextcloud25Packages.apps; { - inherit bookmarks calendar contacts deck keeweb news tasks; - inherit notify_push; - - "bruteforcesettings" = pkgs.fetchzip { - sha256 = "8Sev4B7AOzLGPX6a4in0BEXJ5oL6m2EYGuBExSCnfok="; - url = "https://github.com/nextcloud-releases/bruteforcesettings/releases/download/v2.4.0/bruteforcesettings-v2.4.0.tar.gz"; + "twofactor_totp" = pkgs.fetchzip { + sha256 = "zAPNugbvngXcpgWJLD78YAg4G1QtGaphx1bhhg7mLKE="; + url = "https://github.com/nextcloud-releases/twofactor_totp/releases/download/v6.4.1/twofactor_totp-v6.4.1.tar.gz"; }; - "cookbook" = pkgs.fetchzip { - sha256 = "j7nAprAIY4NMPD6kXfmXVW+PgpRiyx5SRPSe6IEB/vY="; - url = "https://github.com/nextcloud/cookbook/releases/download/v0.10.1/Cookbook-0.10.1.tar.gz"; - }; - "cospend" = pkgs.fetchzip { - sha256 = "vGjK9Sy+q4ycS5MWeTTrwDGPTOp6t4leH+rF/Y54d0c="; - url = "https://github.com/eneiluj/cospend-nc/releases/download/v1.5.5/cospend-1.5.5.tar.gz"; - }; - "files_accesscontrol" = pkgs.fetchzip { - sha256 = "34goKXWLUym5p7alby3WEyFzr346psHUeJ/+OZtfGmc="; - url = "https://github.com/nextcloud-releases/files_accesscontrol/releases/download/v1.15.1/files_accesscontrol-v1.15.1.tar.gz"; - }; - "files_automatedtagging" = pkgs.fetchzip { - sha256 = "PmcqHojtfww3wNIFoLM+hVXAjoo4zqzK6sUMeveHYa0="; - url = "https://github.com/nextcloud-releases/files_automatedtagging/releases/download/v1.15.0/files_automatedtagging-v1.15.0.tar.gz"; - }; - "files_fulltextsearch" = pkgs.fetchzip { - sha256 = "DEl/CbCvwiWvkNQOuKtHWzifq3AMrhL5wLHmSMuL4TU="; - url = "https://github.com/nextcloud-releases/files_fulltextsearch/releases/download/25.0.0/files_fulltextsearch-25.0.0.tar.gz"; - }; - "files_mindmap" = pkgs.fetchzip { - sha256 = "/u1H2QvyKfdGjelFAkLc3rRGQlm3T+OajAbpUF0+cdY="; - url = "https://github.com/ACTom/files_mindmap/releases/download/v0.0.27/files_mindmap-0.0.27.tar.gz"; - }; - "fulltextsearch" = pkgs.fetchzip { - sha256 = "1LVo5Cv6Gf4M/laVlHfm5wAQ8I8EsdLIThVm/jUj6uA="; - url = "https://github.com/nextcloud-releases/fulltextsearch/releases/download/25.0.0/fulltextsearch-25.0.0.tar.gz"; - }; - "groupfolders" = pkgs.fetchzip { - sha256 = "CGGt5QEzdJqOJywZQTQYeKIy/2JhHYGACHrfAmH9LD0="; - url = "https://github.com/nextcloud-releases/groupfolders/releases/download/v13.1.0/groupfolders-v13.1.0.tar.gz"; - }; - "maps" = pkgs.fetchzip { - sha256 = "8HNew2sIlMd+wt2a6jXa1tZpub56AnB5gfBs/cYlkcI="; - url = "https://github.com/nextcloud/maps/releases/download/v0.2.4/maps-0.2.4.tar.gz"; - }; - #"notify_push" = pkgs.fetchzip { - # sha256 = "7q1I4V2xUkRUK8qfEwxPNW/srkrGPPXiS1Y1Ew22zls="; - # url = "https://github.com/nextcloud-releases/notify_push/releases/download/v0.5.2/notify_push-v0.5.2.tar.gz"; - #}; - "quota_warning" = pkgs.fetchzip { - sha256 = "If4tW4yJbJ1xgfOyN0wxcgHLxXUrtKPdphRhbQOM6b4="; - url = "https://github.com/nextcloud-releases/quota_warning/releases/download/v1.15.0/quota_warning-v1.15.0.tar.gz"; - }; - "richdocuments" = pkgs.fetchzip { - sha256 = "I6Y3lyZADiUCpmnkRS7Muc54uOOvKpWdlQ189EKzesA="; - url = "https://github.com/nextcloud-releases/richdocuments/releases/download/v7.0.2/richdocuments-v7.0.2.tar.gz"; - }; - #"twofactor_totp" = pkgs.fetchzip { - # sha256 = "p3Ft3sQ/2HPXCFE03dm8pBL39b7bWCi2iAxHkbOK2V4="; - # url = "https://github.com/nextcloud-releases/twofactor_totp/releases/download/v6.4.1/twofactor_totp-v6.4.1.tar.gz"; - #}; }; } diff --git a/hosts/chonk/nextcloud-collabora.nix b/hosts/chonk/nextcloud-collabora.nix new file mode 100644 index 00000000..27f74776 --- /dev/null +++ b/hosts/chonk/nextcloud-collabora.nix @@ -0,0 +1,39 @@ +{...}: { + # Collabora Code server + virtualisation.oci-containers.containers."nextcloud-collabora-code" = { + image = "collabora/code"; + autoStart = true; + ports = ["127.0.0.1:9980:9980"]; + environment.domain = "data\\.gssws\\.de"; + extraOptions = ["--cap-add" "MKNOD"]; + }; + + services.nginx.virtualHosts."office.gssws.de" = let + proxyPass = "https://127.0.0.1:9980"; + extraConfig = "proxy_ssl_verify off;"; + in { + enableACME = true; + forceSSL = true; + + locations."^~ /browser" = { + inherit proxyPass extraConfig; + }; + locations."^~ /hosting/discovery" = { + inherit proxyPass extraConfig; + }; + locations."^~ /hosting/capabilities" = { + inherit proxyPass extraConfig; + }; + locations."~ ^/cool/(.*)/ws''$" = { + inherit proxyPass extraConfig; + proxyWebsockets = true; + }; + locations."~ ^/(c|l)ool" = { + inherit proxyPass extraConfig; + }; + locations."^~ /cool/adminws" = { + inherit proxyPass extraConfig; + proxyWebsockets = true; + }; + }; +} diff --git a/hosts/chonk/nextcloud.nix b/hosts/chonk/nextcloud.nix index acdad4e1..cbd7e75d 100644 --- a/hosts/chonk/nextcloud.nix +++ b/hosts/chonk/nextcloud.nix @@ -9,6 +9,7 @@ in { imports = [ ./nextcloud-apps.nix + ./nextcloud-collabora.nix ]; age.secrets.nextcloud_db_pass = { @@ -34,11 +35,6 @@ in { virtualHosts."data.gssws.de" = { enableACME = true; forceSSL = true; - - locations."^~ /push/" = { - proxyPass = "http://127.0.0.1:${toString notifyPushPort}"; - proxyWebsockets = true; - }; }; }; @@ -60,59 +56,23 @@ in { ]; }; + # NOTIFY PUSH + services.nextcloud.notify_push.enable = true; + # REDIS - services.redis.servers = { - "nextcloud".enable = true; - }; - + services.redis.servers."nextcloud".enable = true; users.groups."redis-nextcloud".members = ["nextcloud"]; - # Collabora Code server - virtualisation.oci-containers.containers."nextcloud-collabora-code" = { - image = "collabora/code"; - autoStart = true; - ports = ["127.0.0.1:9980:9980"]; - environment.domain = "data\\.gssws\\.de"; - extraOptions = ["--cap-add" "MKNOD"]; - }; - - services.nginx.virtualHosts."office.gssws.de" = let - proxyPass = "https://127.0.0.1:9980"; - extraConfig = "proxy_ssl_verify off;"; - in { - enableACME = true; - forceSSL = true; - - locations."^~ /browser" = { - inherit proxyPass extraConfig; - }; - locations."^~ /hosting/discovery" = { - inherit proxyPass extraConfig; - }; - locations."^~ /hosting/capabilities" = { - inherit proxyPass extraConfig; - }; - locations."~ ^/cool/(.*)/ws''$" = { - inherit proxyPass extraConfig; - proxyWebsockets = true; - }; - locations."~ ^/(c|l)ool" = { - inherit proxyPass extraConfig; - }; - locations."^~ /cool/adminws" = { - inherit proxyPass extraConfig; - proxyWebsockets = true; - }; - }; - # NEXTCLOUD systemd.services."nextcloud-setup" = { requires = ["postgresql.service"]; after = ["postgresql.service"]; }; + services.nextcloud = { enable = true; - package = pkgs.nextcloud25; + package = pkgs.nextcloud27; + enableBrokenCiphersForSSE = false; hostName = "data.gssws.de"; https = true; datadir = "/mnt/internal/nextcloud"; @@ -120,7 +80,7 @@ in { caching.apcu = true; caching.redis = true; - phpPackage = lib.mkForce pkgs.php81; + phpPackage = lib.mkForce pkgs.php82; poolSettings = { "pm" = "dynamic"; @@ -151,7 +111,7 @@ in { dbtype = "pgsql"; dbuser = "nextcloud"; - dbhost = "/run/postgresql"; + dbhost = "127.0.0.1:5432"; dbname = "nextcloud"; dbpassFile = "/run/agenix/nextcloud_db_pass"; adminpassFile = "/run/agenix/nextcloud_admin_pass";