From 8a1f1cce311c968471418932dc34ac9c49f3b162 Mon Sep 17 00:00:00 2001 From: Jimbo Date: Tue, 7 Jan 2025 13:35:36 -0500 Subject: [PATCH] Add back nextcloud and try collabora --- modules/system/secrets/default.nix | Bin 1790 -> 1901 bytes modules/system/services/server/default.nix | 3 +- .../services/server/fileserver/default.nix | 8 ----- .../server/fileserver/samba/default.nix | 26 -------------- .../server/fileserver/seafile/default.nix | 12 ------- .../fileserver/seafile/nginx/default.nix | 17 ---------- .../server/nextcloud/collabora/default.nix | 6 ++++ .../services/server/nextcloud/default.nix | 32 ++++++++++++++++++ .../server/nextcloud/nginx/default.nix | 18 ++++++++++ .../server/{fileserver => }/nfs/default.nix | 0 modules/system/settings/nix/gc/default.nix | 2 +- 11 files changed, 59 insertions(+), 65 deletions(-) delete mode 100644 modules/system/services/server/fileserver/default.nix delete mode 100644 modules/system/services/server/fileserver/samba/default.nix delete mode 100644 modules/system/services/server/fileserver/seafile/default.nix delete mode 100644 modules/system/services/server/fileserver/seafile/nginx/default.nix create mode 100644 modules/system/services/server/nextcloud/collabora/default.nix create mode 100644 modules/system/services/server/nextcloud/default.nix create mode 100644 modules/system/services/server/nextcloud/nginx/default.nix rename modules/system/services/server/{fileserver => }/nfs/default.nix (100%) diff --git a/modules/system/secrets/default.nix b/modules/system/secrets/default.nix index be5c2a83573564e8ae048912d559634e146281e6..19439f234b36c6a9a3bbaa909189c2b58c424651 100644 GIT binary patch literal 1901 zcmV-z2a@;zM@dveQdv+`0C45vPtA`R?|d;yhRIS;JG*HQclpOwotoYUGc@6tDYi(h zJG;~%Vxa(8A3==0JU%4nTEciLT5EUd?2y&Z?hgJT{=Rovpr=<$4H6#-<^?K{+$WQB zeYQrFpy!GC=p5~bKTU?ELUFqhNiF5xR~|$~5wcWuLoZs>!m$F9P{dLkjf%3DMl6!~ zak%LwK&-n+orX?k24vjrXt*p3)`uv;IUj6}q zuuJt9O(0bFzz_LH(@)}Ta%zlhcNc!IKE^`hsQs3eV_roP=jO=x7UkCQnQ-~TBgynB zSB*yV*X+h5>1|ylw#|KZlZ_H|5M$>i^D^FN+RaAXrro?TBr0Amxp)1>7)O#lOzJ`K z{?T)CLij5dmx?T~JB_1(yhV^pX8~RDni%2b!yfs!(^L27vwlQ`@!J<}>`^j(gaKeM zs_TET9n$vPPwn*>?Jx51R$QcA?eW;ythfQhoL|&s$W#*n?;wF`d|! z_x6?IZf7=6&M(!{pOL6eE@r<0R#*IH)#35h1_($g+%`CCHxVT1L50Mv%t^geK$!ig z@hRgYu)~GZ%bF_>i&-;+K3A^(nQ6nY&Ai`aysdy1gMgn$XoQ|Mwbn&~pCv zNyF^bQe+D08Y35R-4FY>V~3Ng6NytNOH@Kiwif2rMf;^uReLTIZM{>;amP-9^mn2| z7!@sQwv7Qdjc=F-UE|CpS{dP2n}19nh`=!rilxBw;@7!@s61FR^wX;u)%rewyWY(K zKwmhJ@E`8_D1t?V5I4b8c(3z~2hq<{fRJ#YKLK>wKS=Dn@{4KqX2zDCnM^qDWybS; z2EK>Q6bKp4*{fE;t4d+zpBP1{nmFy!4b5i_)^i@qoo~(Sb_pB3w5Pae zxj6)6L=woGv4MRMr6RMuBMQW0XPAl4-o=TxNicgIHKJqx#2rYfl`tTa)-Bv|V!MI- ztndzk64zQh?C+ig*A)~%h_aUAX&(?Lj%BQEY>4dpdXwROGNaLZsa#<2q13ib?EzDE z){GC6m#WfQwA!Ad@jm;0ZA$J^1N8$2Sp_M*q4XTokN?r3YEq_awK zb|d;SUWm=Rqg;1iWe#RUJb3+tUB^tn!X;89-nhX`5aIDRV0YeZhehdol6ljUrLMf- z4%FLhf(LS|t=%U|Iy61*UlAY4F^Pn4x3U1fau78CKE`&SG~kYf(c|8J76#>7mV&bP z4+usC%z|qv#vs*n0D?C5Q{PV4GUDq9ZlnC1{juUWj~v)jENeY~Kwj%Kz(U<295}ig2H{oK{1yO7Q)A@N z7bSKIttIM2Y?lLLn<@GxiSV*ZrLFNce(V3=ln!_{^r}9N8a($-W;`}D&U9M-^4?}{ n79dfkDMb5NYbkm&&k_yl%%h}dPCe`EfyoFn`1)FGURr{WspbDbC;0n{89Nu<$?(>;pLTkzB9^BN8E|6gR=i^n{Dio#J9t36x^-#EUW+c-E@j+kgj z_N;L$5D+u_&(yG$3?Dbp{$SdUV0U6<%nP(|pM&jcDMeNSleCMCC?Q~muqWf#!t&+f z3a*#u{0Imb+m_wRL#;G^QLlEjCfk?3>$jQUYh^DwM%s-ke6@ey-QU{59Agu=jm$KPvwaD(rs(sJtBbN%RwOB*C|_iBaaW8? zseGf%dxOG-Bq!gKiC#Ee`Or9I79{{WdP}GhmEkrk-xJ+l>dFizcT*cAtUInj@Hgd9l)GyB+u@PQtypYXY;}RLTbFGKv=`Elmkmr;TlL%KfGS}#T!1*b_i2j zpO3hiW$YZ}r7_vPzVTX~jEsB)s)thr=!#^SGEC zn8iFS`dRgI^(xWFXiYzHH}B`~6%3^;2I>C80g%0NE>)f~FN248yA%Zo04nWX&L zTm*^G@h<%!_7Oxaw*mAZEdxb^8IU&%SQCiMQ?S^kEG4cX=t@S4jv=n|4LhV2T6nkb zx3@c4GVC`27-~>s>Nd18+HEQ;ovjd9CD_QcJ@-S#jyraO8(zZkUqYq6XKWP!(g}3j z4 z0~4k!8w6wS&oILIr*YE|Xk4MHE#q?LOmYp{1*%Il!Mjmb((zX9cs1p$qLKeb=we6 zY#SIndo0k!lJ3o%AmV*|c>qN8%O$<@=|?~PTP$0PX=ShMDD@}cn%iP|Q1$QRjJ%`2 zA5jR_^77@Nceu`az_ICWGr92YS7skp5&3gTiK_u9Tsp&L=54lwsFqJ|PuTF-XZqYjQ#_SMza;yM?{AV;)?`9Y(iY<*{BgOX;iB zr$Qvm2BSZ%Y-_7qH&WhyF{#f6V_?Stm$I1?jw)ng- zN<0V2IUd|4LWO|s48yUQ|3=iiDaSEXEF~jjAw}h(S+D~rWUI*!8IIu>ZY`>aqD)MS zd|Gmt_-eZ4B@6pLk?Y36bC1xYcT1DPgaG=AegvjN7lM1cV@mC2*?A(^aTN?P?yDZ? zW}Lk!y|re9wG%sSsZv;Bc9lKYn>8~q&zMT%t zN}qi)#+oh9l_O|CT1cyI*=*WoDi#X?=|xplgnL+RyfScL9$?w*B1KP}0!TN@xZdnD z6#6OS=0C&qd`5c^+m_|g`54IU1mvG-FH@=DAcML{{n^P-A})5UrpYcDg9kdcgmmk< zo{eWqZRhLrM7shN0cYci#<2J^KHXT-7@VeqmL>~{p0n#g8^b0sp}uN?k(?J(-dQ6$ zLPa>+EF2giJ=F?1Y<8wtCPy{!r*jq+Z4dRiSZ^+kV-XSkY@lC^P7gPV4Ft*lIZI@x zzs#FDx^Wda(kknC6QRWKIJ>t!a<0xhgG%6munO)FCnC0djf5GWAu)O6w9h`RB{6zj ggv#fI^7h9>hT0zP{>nz;W_1B*f(5xs1utojy#^qALjV8( diff --git a/modules/system/services/server/default.nix b/modules/system/services/server/default.nix index 7481d00..9b1b490 100644 --- a/modules/system/services/server/default.nix +++ b/modules/system/services/server/default.nix @@ -3,12 +3,13 @@ imports = [ ./acme ./ddclient - ./fileserver ./forgejo ./icecast ./mailserver ./minecraft ./mysql + ./nextcloud + ./nfs ./nginx ./social ./transmission diff --git a/modules/system/services/server/fileserver/default.nix b/modules/system/services/server/fileserver/default.nix deleted file mode 100644 index 3ff4afc..0000000 --- a/modules/system/services/server/fileserver/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: -{ - imports = [ - ./nfs - ./samba - ./seafile - ]; -} diff --git a/modules/system/services/server/fileserver/samba/default.nix b/modules/system/services/server/fileserver/samba/default.nix deleted file mode 100644 index 7e2ef8d..0000000 --- a/modules/system/services/server/fileserver/samba/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, lib, ... }: -{ - services = lib.mkIf config.system.server.enable { - samba = { - enable = true; - openFirewall = true; - settings = { - global = { - "workgroup" = "WORKGROUP"; - "server string" = "NixSMB"; - "security" = "user"; - "hosts allow" = "${config.ips.localSpan}. 127.0.0.1 localhost"; - "hosts deny" = "0.0.0.0/0"; - "guest account" = "nobody"; - "map to guest" = "bad user"; - }; - }; - }; - - # Advertise to Windows - samba-wsdd = { - enable = true; - openFirewall = true; - }; - }; -} diff --git a/modules/system/services/server/fileserver/seafile/default.nix b/modules/system/services/server/fileserver/seafile/default.nix deleted file mode 100644 index c43d614..0000000 --- a/modules/system/services/server/fileserver/seafile/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, ... }: -{ - imports = [ ./nginx ]; - - services.seafile = { - enable = config.system.server.enable; - adminEmail = "jimbo@${config.domains.p2}"; - initialAdminPassword = config.secrets.mainAccPass; - ccnetSettings.General.SERVICE_URL = "https://sync.${config.domains.p2}"; - seafileSettings.fileserver.host = "unix:/run/seafile/server.sock"; - }; -} diff --git a/modules/system/services/server/fileserver/seafile/nginx/default.nix b/modules/system/services/server/fileserver/seafile/nginx/default.nix deleted file mode 100644 index 3146ab1..0000000 --- a/modules/system/services/server/fileserver/seafile/nginx/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ lib, config, ... }: -{ - services.nginx.virtualHosts."sync.${config.domains.p2}" = lib.mkIf config.services.seafile.enable { - enableACME = true; - forceSSL = true; - locations = { - "/" = { - proxyPass = "http://unix:/run/seahub/gunicorn.sock"; - proxyWebsockets = true; - }; - "/seafhttp" = { - proxyPass = "http://unix:/run/seafile/server.sock"; - proxyWebsockets = true; - }; - }; - }; -} diff --git a/modules/system/services/server/nextcloud/collabora/default.nix b/modules/system/services/server/nextcloud/collabora/default.nix new file mode 100644 index 0000000..045250e --- /dev/null +++ b/modules/system/services/server/nextcloud/collabora/default.nix @@ -0,0 +1,6 @@ +{ config, lib, ... }: +{ + services.collabora-online = { + enable = true; + }; +} diff --git a/modules/system/services/server/nextcloud/default.nix b/modules/system/services/server/nextcloud/default.nix new file mode 100644 index 0000000..b0dd15d --- /dev/null +++ b/modules/system/services/server/nextcloud/default.nix @@ -0,0 +1,32 @@ +{ pkgs, config, ... }: +{ + imports = [ + ./collabora + ./nginx + ]; + + services.nextcloud = { + enable = config.system.server.enable; + package = pkgs.nextcloud30; + hostName = "cloud.${config.domains.p2}"; + datadir = "/mnt/nextcloud"; + https = true; + config = { + adminuser = config.sysusers.main; + adminpassFile = "${pkgs.writeText "initial" config.secrets.initialPass}"; + }; + settings = { + trusted_proxies = [ "127.0.0.1" ]; + trusted_domains = [ "cloud.${config.domains.p2}" ]; + overwriteprotocol = "https"; + mail_smtphost = "mx.${config.domains.p1}"; + mail_domain = "${config.domains.p1}"; + mail_from_address = "noreply"; + mail_smtpauth = "true"; + mail_smtpname = "noreply@${config.domains.p2}"; + mail_smtppassword = config.secrets.noreplyPassword; + mail_smtpmode = "smtp"; + mail_smtpport = 587; + }; + }; +} diff --git a/modules/system/services/server/nextcloud/nginx/default.nix b/modules/system/services/server/nextcloud/nginx/default.nix new file mode 100644 index 0000000..61df13e --- /dev/null +++ b/modules/system/services/server/nextcloud/nginx/default.nix @@ -0,0 +1,18 @@ +{ lib, config, ... }: +{ + services.nginx.virtualHosts."cloud.${config.domains.p2}" = lib.mkIf config.services.nextcloud.enable { + enableACME = true; + addSSL = true; + locations."/" = { + proxyWebsockets = true; + extraConfig = '' + location /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + location /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + ''; + }; + }; +} diff --git a/modules/system/services/server/fileserver/nfs/default.nix b/modules/system/services/server/nfs/default.nix similarity index 100% rename from modules/system/services/server/fileserver/nfs/default.nix rename to modules/system/services/server/nfs/default.nix diff --git a/modules/system/settings/nix/gc/default.nix b/modules/system/settings/nix/gc/default.nix index dd5e751..0ec262a 100644 --- a/modules/system/settings/nix/gc/default.nix +++ b/modules/system/settings/nix/gc/default.nix @@ -3,6 +3,6 @@ nix.gc = { automatic = true; dates = "weekly"; - options = "--delete-older-than 1w"; + options = "--delete-older-than 7d"; }; }