diff --git a/modules/system/secrets/default.nix b/modules/system/secrets/default.nix index be5c2a8..19439f2 100644 Binary files a/modules/system/secrets/default.nix and b/modules/system/secrets/default.nix differ diff --git a/modules/system/services/server/default.nix b/modules/system/services/server/default.nix index 7481d00..9b1b490 100644 --- a/modules/system/services/server/default.nix +++ b/modules/system/services/server/default.nix @@ -3,12 +3,13 @@ imports = [ ./acme ./ddclient - ./fileserver ./forgejo ./icecast ./mailserver ./minecraft ./mysql + ./nextcloud + ./nfs ./nginx ./social ./transmission diff --git a/modules/system/services/server/fileserver/default.nix b/modules/system/services/server/fileserver/default.nix deleted file mode 100644 index 3ff4afc..0000000 --- a/modules/system/services/server/fileserver/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: -{ - imports = [ - ./nfs - ./samba - ./seafile - ]; -} diff --git a/modules/system/services/server/fileserver/samba/default.nix b/modules/system/services/server/fileserver/samba/default.nix deleted file mode 100644 index 7e2ef8d..0000000 --- a/modules/system/services/server/fileserver/samba/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, lib, ... }: -{ - services = lib.mkIf config.system.server.enable { - samba = { - enable = true; - openFirewall = true; - settings = { - global = { - "workgroup" = "WORKGROUP"; - "server string" = "NixSMB"; - "security" = "user"; - "hosts allow" = "${config.ips.localSpan}. 127.0.0.1 localhost"; - "hosts deny" = "0.0.0.0/0"; - "guest account" = "nobody"; - "map to guest" = "bad user"; - }; - }; - }; - - # Advertise to Windows - samba-wsdd = { - enable = true; - openFirewall = true; - }; - }; -} diff --git a/modules/system/services/server/fileserver/seafile/default.nix b/modules/system/services/server/fileserver/seafile/default.nix deleted file mode 100644 index c43d614..0000000 --- a/modules/system/services/server/fileserver/seafile/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, ... }: -{ - imports = [ ./nginx ]; - - services.seafile = { - enable = config.system.server.enable; - adminEmail = "jimbo@${config.domains.p2}"; - initialAdminPassword = config.secrets.mainAccPass; - ccnetSettings.General.SERVICE_URL = "https://sync.${config.domains.p2}"; - seafileSettings.fileserver.host = "unix:/run/seafile/server.sock"; - }; -} diff --git a/modules/system/services/server/fileserver/seafile/nginx/default.nix b/modules/system/services/server/fileserver/seafile/nginx/default.nix deleted file mode 100644 index 3146ab1..0000000 --- a/modules/system/services/server/fileserver/seafile/nginx/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ lib, config, ... }: -{ - services.nginx.virtualHosts."sync.${config.domains.p2}" = lib.mkIf config.services.seafile.enable { - enableACME = true; - forceSSL = true; - locations = { - "/" = { - proxyPass = "http://unix:/run/seahub/gunicorn.sock"; - proxyWebsockets = true; - }; - "/seafhttp" = { - proxyPass = "http://unix:/run/seafile/server.sock"; - proxyWebsockets = true; - }; - }; - }; -} diff --git a/modules/system/services/server/nextcloud/collabora/default.nix b/modules/system/services/server/nextcloud/collabora/default.nix new file mode 100644 index 0000000..045250e --- /dev/null +++ b/modules/system/services/server/nextcloud/collabora/default.nix @@ -0,0 +1,6 @@ +{ config, lib, ... }: +{ + services.collabora-online = { + enable = true; + }; +} diff --git a/modules/system/services/server/nextcloud/default.nix b/modules/system/services/server/nextcloud/default.nix new file mode 100644 index 0000000..b0dd15d --- /dev/null +++ b/modules/system/services/server/nextcloud/default.nix @@ -0,0 +1,32 @@ +{ pkgs, config, ... }: +{ + imports = [ + ./collabora + ./nginx + ]; + + services.nextcloud = { + enable = config.system.server.enable; + package = pkgs.nextcloud30; + hostName = "cloud.${config.domains.p2}"; + datadir = "/mnt/nextcloud"; + https = true; + config = { + adminuser = config.sysusers.main; + adminpassFile = "${pkgs.writeText "initial" config.secrets.initialPass}"; + }; + settings = { + trusted_proxies = [ "127.0.0.1" ]; + trusted_domains = [ "cloud.${config.domains.p2}" ]; + overwriteprotocol = "https"; + mail_smtphost = "mx.${config.domains.p1}"; + mail_domain = "${config.domains.p1}"; + mail_from_address = "noreply"; + mail_smtpauth = "true"; + mail_smtpname = "noreply@${config.domains.p2}"; + mail_smtppassword = config.secrets.noreplyPassword; + mail_smtpmode = "smtp"; + mail_smtpport = 587; + }; + }; +} diff --git a/modules/system/services/server/nextcloud/nginx/default.nix b/modules/system/services/server/nextcloud/nginx/default.nix new file mode 100644 index 0000000..61df13e --- /dev/null +++ b/modules/system/services/server/nextcloud/nginx/default.nix @@ -0,0 +1,18 @@ +{ lib, config, ... }: +{ + services.nginx.virtualHosts."cloud.${config.domains.p2}" = lib.mkIf config.services.nextcloud.enable { + enableACME = true; + addSSL = true; + locations."/" = { + proxyWebsockets = true; + extraConfig = '' + location /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + location /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + ''; + }; + }; +} diff --git a/modules/system/services/server/fileserver/nfs/default.nix b/modules/system/services/server/nfs/default.nix similarity index 100% rename from modules/system/services/server/fileserver/nfs/default.nix rename to modules/system/services/server/nfs/default.nix diff --git a/modules/system/settings/nix/gc/default.nix b/modules/system/settings/nix/gc/default.nix index dd5e751..0ec262a 100644 --- a/modules/system/settings/nix/gc/default.nix +++ b/modules/system/settings/nix/gc/default.nix @@ -3,6 +3,6 @@ nix.gc = { automatic = true; dates = "weekly"; - options = "--delete-older-than 1w"; + options = "--delete-older-than 7d"; }; }