Agenix secrets overhaul

2024-10-28 23:24:12 -04:00 · 2024-10-28 23:24:12 -04:00 · 55dcb2fca7
commit 55dcb2fca7
parent 83796f7cb2
56 changed files with 530 additions and 137 deletions
--- a/modules/system/services/server/fileserver/public/nextcloud/default.nix
+++ b/modules/system/services/server/fileserver/public/nextcloud/default.nix
@ -1,5 +1,9 @@
 { pkgs, config, ... }:
 {
+  imports = [
+    ./nginx
+  ];
+
  services = {
    nextcloud = {
      enable = true;
@ -20,7 +24,7 @@
        mail_from_address = "noreply";
        mail_smtpauth = "true";
        mail_smtpname = "noreply@${config.domains.jim1}";
-        mail_smtppassword = config.secrets.noreplyPassword;
+        mail_smtppassword = "${builtins.readFile config.age.secrets.noreplyMailPass.path}";
        mail_smtpmode = "smtp";
        mail_smtpport = 587;
      };
--- a/modules/system/services/server/fileserver/public/nextcloud/nginx/default.nix
+++ b/modules/system/services/server/fileserver/public/nextcloud/nginx/default.nix
@ -0,0 +1,18 @@
+{ pkgs, config, ... }:
+{
+  services.nginx.virtualHosts."cloud.${config.domains.jim1}" =  {
+    enableACME = true;
+    addSSL = true;
+    locations."/" = {
+      proxyWebsockets = true;
+      extraConfig = "
+       location /.well-known/carddav {
+          return 301 $scheme://$host/remote.php/dav;
+        }
+        location /.well-known/caldav {
+          return 301 $scheme://$host/remote.php/dav;
+        }
+     ";
+    };
+  };
+}