chonk: extend monitoring, use nextcloud-apps from nixos

2023-10-01 22:07:32 +02:00 · 2023-10-01 22:07:32 +02:00 · e44fad0057
parent 49eb99ed51
commit e44fad0057
4 changed files with 126 additions and 128 deletions
--- a/hosts/chonk/monitoring.nix
+++ b/hosts/chonk/monitoring.nix
@ -4,7 +4,64 @@
  self,
  ...
 }: {
-  pub-solar.monitoring-server.enable = true;
+  pub-solar.monitoring-server = {
    enable = true;
    listenAddress = "10.0.1.6";
    grafana.enable = true;
    node_exporter = {
      enable = true;
      hosts = [
        "10.0.1.11:9002"
        "10.0.1.12:9002"
        "10.0.1.13:9002"
        "10.0.1.254:9100"
      ];
    };
    snmp = {
      enable = true;
      hosts = [
        "192.168.42.1"
        #"10.0.1.254:9116" = [
        #  {
        #    targets = [ "192.168.42.1" ];
        #    auth = [ "public_v2" ];
        #    modules = [ "if_mib" ];
        #  }
        #];
      ];
    };
    smokeping = {
      enable = true;
      hosts = [
        "mail.gssws.de"
        "cust.gssws.de"
        "data.gssws.de"
        "mail.hosting.de"
        "blog.fefe.de"
        # hosting.de
        "ovh2.goekal.de"
        "83.151.16.16"
        "83.151.16.17"
        "83.151.16.51"
        "r2backup17.masterlogin.de"
        "demo.routing.net"
        "vsrv07344.customer.vlinux.de"
        "213.160.76.43"
        "185.11.139.27"
        "185.11.137.4"
        "83.151.30.176"
        "83.151.28.246"
        "83.151.21.204"
        "79.140.42.4"
        "31.15.67.23"
        "31.15.64.79"
        "80.244.244.244"
        "95.129.51.51"
        "185.11.137.122"
        "79.140.41.12"
      ];
    };
  };
  # wireguard exporter
  networking.firewall.allowedTCPPorts = [9585];
--- a/hosts/chonk/nextcloud-apps.nix
+++ b/hosts/chonk/nextcloud-apps.nix
@ -4,84 +4,26 @@
  config,
  lib,
  ...
-}: let
+}: {
-  notify_push = pkgs.fetchzip {
+  services.nextcloud.extraApps = with pkgs.nextcloud27Packages.apps; {
-    sha256 = "7q1I4V2xUkRUK8qfEwxPNW/srkrGPPXiS1Y1Ew22zls=";
+    inherit bookmarks
-    url = "https://github.com/nextcloud-releases/notify_push/releases/download/v0.5.2/notify_push-v0.5.2.tar.gz";
+      calendar
-  };
+      contacts
-in {
+      files_markdown
-  systemd.services.nextcloud-notify-push = {
+      impersonate
-    enable = true;
+      keeweb
-    wantedBy = ["multi-user.target"];
+      maps
-    serviceConfig = {
+      news
-      Environment = [
+      notes
-        "PORT=7867"
+      notify_push
-        "NEXTCLOUD_URL=https://data.gssws.de"
+      tasks
-      ];
+      #twofactor_totp
-      ExecStart = "${notify_push}/bin/x86_64/notify_push /mnt/internal/nextcloud/config/config.php";
+      twofactor_webauthn
-      User = "nextcloud";
+      user_saml;
    };
  };
-  services.nextcloud.extraApps = with pkgs.nextcloud25Packages.apps; {
+    "twofactor_totp" = pkgs.fetchzip {
-    inherit bookmarks calendar contacts deck keeweb news tasks;
+      sha256 = "zAPNugbvngXcpgWJLD78YAg4G1QtGaphx1bhhg7mLKE=";
-    inherit notify_push;
+      url = "https://github.com/nextcloud-releases/twofactor_totp/releases/download/v6.4.1/twofactor_totp-v6.4.1.tar.gz";
    "bruteforcesettings" = pkgs.fetchzip {
      sha256 = "8Sev4B7AOzLGPX6a4in0BEXJ5oL6m2EYGuBExSCnfok=";
      url = "https://github.com/nextcloud-releases/bruteforcesettings/releases/download/v2.4.0/bruteforcesettings-v2.4.0.tar.gz";
    };
    "cookbook" = pkgs.fetchzip {
      sha256 = "j7nAprAIY4NMPD6kXfmXVW+PgpRiyx5SRPSe6IEB/vY=";
      url = "https://github.com/nextcloud/cookbook/releases/download/v0.10.1/Cookbook-0.10.1.tar.gz";
    };
    "cospend" = pkgs.fetchzip {
      sha256 = "vGjK9Sy+q4ycS5MWeTTrwDGPTOp6t4leH+rF/Y54d0c=";
      url = "https://github.com/eneiluj/cospend-nc/releases/download/v1.5.5/cospend-1.5.5.tar.gz";
    };
    "files_accesscontrol" = pkgs.fetchzip {
      sha256 = "34goKXWLUym5p7alby3WEyFzr346psHUeJ/+OZtfGmc=";
      url = "https://github.com/nextcloud-releases/files_accesscontrol/releases/download/v1.15.1/files_accesscontrol-v1.15.1.tar.gz";
    };
    "files_automatedtagging" = pkgs.fetchzip {
      sha256 = "PmcqHojtfww3wNIFoLM+hVXAjoo4zqzK6sUMeveHYa0=";
      url = "https://github.com/nextcloud-releases/files_automatedtagging/releases/download/v1.15.0/files_automatedtagging-v1.15.0.tar.gz";
    };
    "files_fulltextsearch" = pkgs.fetchzip {
      sha256 = "DEl/CbCvwiWvkNQOuKtHWzifq3AMrhL5wLHmSMuL4TU=";
      url = "https://github.com/nextcloud-releases/files_fulltextsearch/releases/download/25.0.0/files_fulltextsearch-25.0.0.tar.gz";
    };
    "files_mindmap" = pkgs.fetchzip {
      sha256 = "/u1H2QvyKfdGjelFAkLc3rRGQlm3T+OajAbpUF0+cdY=";
      url = "https://github.com/ACTom/files_mindmap/releases/download/v0.0.27/files_mindmap-0.0.27.tar.gz";
    };
    "fulltextsearch" = pkgs.fetchzip {
      sha256 = "1LVo5Cv6Gf4M/laVlHfm5wAQ8I8EsdLIThVm/jUj6uA=";
      url = "https://github.com/nextcloud-releases/fulltextsearch/releases/download/25.0.0/fulltextsearch-25.0.0.tar.gz";
    };
    "groupfolders" = pkgs.fetchzip {
      sha256 = "CGGt5QEzdJqOJywZQTQYeKIy/2JhHYGACHrfAmH9LD0=";
      url = "https://github.com/nextcloud-releases/groupfolders/releases/download/v13.1.0/groupfolders-v13.1.0.tar.gz";
    };
    "maps" = pkgs.fetchzip {
      sha256 = "8HNew2sIlMd+wt2a6jXa1tZpub56AnB5gfBs/cYlkcI=";
      url = "https://github.com/nextcloud/maps/releases/download/v0.2.4/maps-0.2.4.tar.gz";
    };
    #"notify_push" = pkgs.fetchzip {
    #  sha256 = "7q1I4V2xUkRUK8qfEwxPNW/srkrGPPXiS1Y1Ew22zls=";
    #  url = "https://github.com/nextcloud-releases/notify_push/releases/download/v0.5.2/notify_push-v0.5.2.tar.gz";
    #};
    "quota_warning" = pkgs.fetchzip {
      sha256 = "If4tW4yJbJ1xgfOyN0wxcgHLxXUrtKPdphRhbQOM6b4=";
      url = "https://github.com/nextcloud-releases/quota_warning/releases/download/v1.15.0/quota_warning-v1.15.0.tar.gz";
    };
    "richdocuments" = pkgs.fetchzip {
      sha256 = "I6Y3lyZADiUCpmnkRS7Muc54uOOvKpWdlQ189EKzesA=";
      url = "https://github.com/nextcloud-releases/richdocuments/releases/download/v7.0.2/richdocuments-v7.0.2.tar.gz";
    };
    #"twofactor_totp" = pkgs.fetchzip {
    #  sha256 = "p3Ft3sQ/2HPXCFE03dm8pBL39b7bWCi2iAxHkbOK2V4=";
    #  url = "https://github.com/nextcloud-releases/twofactor_totp/releases/download/v6.4.1/twofactor_totp-v6.4.1.tar.gz";
    #};
  };
 }
--- a/hosts/chonk/nextcloud-collabora.nix
+++ b/hosts/chonk/nextcloud-collabora.nix
@ -0,0 +1,39 @@
 {...}: {
  # Collabora Code server
  virtualisation.oci-containers.containers."nextcloud-collabora-code" = {
    image = "collabora/code";
    autoStart = true;
    ports = ["127.0.0.1:9980:9980"];
    environment.domain = "data\\.gssws\\.de";
    extraOptions = ["--cap-add" "MKNOD"];
  };
  services.nginx.virtualHosts."office.gssws.de" = let
    proxyPass = "https://127.0.0.1:9980";
    extraConfig = "proxy_ssl_verify off;";
  in {
    enableACME = true;
    forceSSL = true;
    locations."^~ /browser" = {
      inherit proxyPass extraConfig;
    };
    locations."^~ /hosting/discovery" = {
      inherit proxyPass extraConfig;
    };
    locations."^~ /hosting/capabilities" = {
      inherit proxyPass extraConfig;
    };
    locations."~ ^/cool/(.*)/ws''$" = {
      inherit proxyPass extraConfig;
      proxyWebsockets = true;
    };
    locations."~ ^/(c|l)ool" = {
      inherit proxyPass extraConfig;
    };
    locations."^~ /cool/adminws" = {
      inherit proxyPass extraConfig;
      proxyWebsockets = true;
    };
  };
 }
--- a/hosts/chonk/nextcloud.nix
+++ b/hosts/chonk/nextcloud.nix
@ -9,6 +9,7 @@
 in {
  imports = [
    ./nextcloud-apps.nix
    ./nextcloud-collabora.nix
  ];
  age.secrets.nextcloud_db_pass = {
@ -34,11 +35,6 @@ in {
    virtualHosts."data.gssws.de" = {
      enableACME = true;
      forceSSL = true;
      locations."^~ /push/" = {
        proxyPass = "http://127.0.0.1:${toString notifyPushPort}";
        proxyWebsockets = true;
      };
    };
  };
@ -60,59 +56,23 @@ in {
    ];
  };
  # NOTIFY PUSH
  services.nextcloud.notify_push.enable = true;
  # REDIS
-  services.redis.servers = {
+  services.redis.servers."nextcloud".enable = true;
    "nextcloud".enable = true;
  };
  users.groups."redis-nextcloud".members = ["nextcloud"];
  # Collabora Code server
  virtualisation.oci-containers.containers."nextcloud-collabora-code" = {
    image = "collabora/code";
    autoStart = true;
    ports = ["127.0.0.1:9980:9980"];
    environment.domain = "data\\.gssws\\.de";
    extraOptions = ["--cap-add" "MKNOD"];
  };
  services.nginx.virtualHosts."office.gssws.de" = let
    proxyPass = "https://127.0.0.1:9980";
    extraConfig = "proxy_ssl_verify off;";
  in {
    enableACME = true;
    forceSSL = true;
    locations."^~ /browser" = {
      inherit proxyPass extraConfig;
    };
    locations."^~ /hosting/discovery" = {
      inherit proxyPass extraConfig;
    };
    locations."^~ /hosting/capabilities" = {
      inherit proxyPass extraConfig;
    };
    locations."~ ^/cool/(.*)/ws''$" = {
      inherit proxyPass extraConfig;
      proxyWebsockets = true;
    };
    locations."~ ^/(c|l)ool" = {
      inherit proxyPass extraConfig;
    };
    locations."^~ /cool/adminws" = {
      inherit proxyPass extraConfig;
      proxyWebsockets = true;
    };
  };
  # NEXTCLOUD
  systemd.services."nextcloud-setup" = {
    requires = ["postgresql.service"];
    after = ["postgresql.service"];
  };
  services.nextcloud = {
    enable = true;
-    package = pkgs.nextcloud25;
+    package = pkgs.nextcloud27;
    enableBrokenCiphersForSSE = false;
    hostName = "data.gssws.de";
    https = true;
    datadir = "/mnt/internal/nextcloud";
@ -120,7 +80,7 @@ in {
    caching.apcu = true;
    caching.redis = true;
-    phpPackage = lib.mkForce pkgs.php81;
+    phpPackage = lib.mkForce pkgs.php82;
    poolSettings = {
      "pm" = "dynamic";
@ -151,7 +111,7 @@ in {
      dbtype = "pgsql";
      dbuser = "nextcloud";
-      dbhost = "/run/postgresql";
+      dbhost = "127.0.0.1:5432";
      dbname = "nextcloud";
      dbpassFile = "/run/agenix/nextcloud_db_pass";
      adminpassFile = "/run/agenix/nextcloud_admin_pass";