toph/dot.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

archived/disabled nginx nextcloud

Browse source
This commit is contained in:
Chris Toph 2025-01-22 17:32:48 -05:00
parent ed2507c9f1
commit c94db74393
7 changed files with 186 additions and 108 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

89
common/archive/nextcloud/default.nix Normal file
View file

@ -0,0 +1,89 @@
{ config, pkgs, ... }:
{
# The Nextcloud admin password is stored in a separate file to avoid
environment.etc."nextcloud-admin-pass".text = builtins.readFile ./nextcloud-admin-pass;
services.nextcloud = {
enable = true;
hostName = "cloud.ryot.foo";
# Need to manually increment with every major upgrade.
package = pkgs.nextcloud29;
# Let NixOS install and configure the database automatically.
database.createLocally = true;
# Let NixOS install and configure Redis caching automatically.
configureRedis = true;
# Increase the maximum file upload size to avoid problems uploading videos.
maxUploadSize = "5G";
https = true;
# appstoreEnable = true;
autoUpdateApps.enable = true;
extraAppsEnable = true;
extraApps = with config.services.nextcloud.package.packages.apps; {
# https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
inherit
calendar
contacts
mail
notes
tasks
registration
spreed
twofactor_nextcloud_notification
;
# breeze = pkgs.fetchNextcloudApp {
# sha256 = "sha256-9xMH9IcQrzzMJ5bL6RP/3CS1QGuByriCjGkJQJxQ4CU=";
# url = "https://github.com/mwalbeck/nextcloud-breeze-dark/releases/download/v29.0.0/breezedark.tar.gz";
# license = "agpl3Only";
# };
oidc_login = pkgs.fetchNextcloudApp {
sha256 = "sha256-DrbaKENMz2QJfbDKCMrNGEZYpUEvtcsiqw9WnveaPZA=";
url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.2.0/oidc_login.tar.gz";
license = "agpl3Only";
};
impersonate = pkgs.fetchNextcloudApp {
sha256 = "sha256-7NCfm2c861E1ZOZhpqjbsw2LC9I7ypp2J1LamqmWvtU=";
url = "https://github.com/nextcloud-releases/impersonate/releases/download/v1.16.0/impersonate-v1.16.0.tar.gz";
license = "agpl3Only";
};
# Custom app installation example.
# cookbook = pkgs.fetchNextcloudApp rec {
# url =
# "https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz";
# sha256 = "sha256-XgBwUr26qW6wvqhrnhhhhcN4wkI+eXDHnNSm1HDbP6M=";
# };
};
settings = {
overwriteProtocol = "https";
overwritehost = "cloud.ryot.foo";
trusted_domains = [ "cloud.ryot.foo" ];
default_phone_region = "US";
allow_user_to_change_display_name = "false";
lost_password_link = "disabled";
oidc_login_provider_url = "https://auth.ryot.foo/application/o/cloud-slug";
oidc_login_client_id = "Fmc7v4MFQ3Iv8bZwOdXIaqYZUdDkiL0bKbDuGWd3";
oidc_login_client_secret = "TPo7Q4uiusak2G6cneZMijMt45Y2FNCE2YT4hXWU9IjcywNhgzFXDY5sxC4SyyggkFmj3Dz3DYcZj295kjAES2W140EfjNRWI6xHd6B7Fxj8B6BzudJ5ii5Um1ZyjU47";
# oidc_login_logout_url = "https://openid.example.com/thankyou";
# oidc_login_end_session_redirect = "false";
oidc_login_button_text = "Authentik Login";
oidc_login_scope = "openid profile";
oidc_login_disable_registration = "false";
};
config = {
dbtype = "pgsql";
adminuser = "admin";
adminpassFile = "/etc/nextcloud-admin-pass";
};
};
}

0
host/cloud/modules/nextcloud/nextcloud-admin-pass → common/archive/nextcloud/nextcloud-admin-pass
View file

27
common/archive/nginx/default.nix Normal file
View file

@ -0,0 +1,27 @@
{
# Nginx
services.nginx = {
enable = true;
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# Only allow PFS-enabled ciphers with AES256
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
# Setup Nextcloud virtual host to listen on ports
virtualHosts = {
"drive.ryot.foo" = {
## Force HTTP redirect to HTTPS
forceSSL = true;
## LetsEncrypt
enableACME = true;
};
};
};
}

53
host/cloud/default.nix
View file

@ -1,35 +1,48 @@
{ modulesPath, config, pkgs, hostName, ... }:
{
modulesPath,
config,
pkgs,
hostName,
...
}:
{
## MODULES & IMPORTS ##
imports = [
# Common Modules
../../common/acme
../../common/lxc
../../common/ssh
imports = [
# Common Modules
../../common/acme
../../common/lxc
../../common/ssh
# Import hardware configuration.
./hardware.nix
# Local Modules
# Import hardware configuration.
./hardware.nix
# cron
./modules/cron
# Logrotate
# Local Modules
# cron
./modules/cron
# Logrotate
./modules/logrotate
# Caddy
./modules/caddy
# Snapraid-runner
./modules/snapraid
# Snapraid-runner
./modules/snapraid
];
## NETWORKING ##
networking.firewall = {
allowedTCPPorts = [ 22 80 443 ];
allowedTCPPorts = [
22
80
443
8181
];
allowedUDPPorts = [ ];
};
## USERS ##
## ENVIORMENT & PACKAGES ##
nixpkgs.overlays = [ (import ./overlays) ];
nixpkgs.overlays = [ (import ../../nix/overlays) ];
environment.systemPackages = with pkgs; [
git
mergerfs
@ -38,10 +51,10 @@
ranger
sshfs
snapraid
snapraid-runner
wget
snapraid-runner
wget
];
environment.variables = {
HOSTNAME = hostName;
};

16
host/cloud/hardware.nix
View file

@ -33,13 +33,13 @@
];
};
"/var/lib/nextcloud" = {
fsType = "none";
device = "/pool/NextCloud";
options = [
"bind"
"nofail"
];
};
# "/var/lib/nextcloud" = {
# fsType = "none";
# device = "/pool/NextCloud";
# options = [
# "bind"
# "nofail"
# ];
# };
};
}

51
host/cloud/modules/nextcloud/default.nix
View file

@ -1,51 +0,0 @@
{ config, pkgs, ... }:
{
# The Nextcloud admin password is stored in a separate file to avoid
environment.etc."nextcloud-admin-pass".text = builtins.readFile ./nextcloud-admin-pass;
services.nextcloud = {
enable = true;
hostName = "cloud.ryot.foo";
# Need to manually increment with every major upgrade.
package = pkgs.nextcloud29;
# Let NixOS install and configure the database automatically.
database.createLocally = true;
# Let NixOS install and configure Redis caching automatically.
configureRedis = true;
# Increase the maximum file upload size to avoid problems uploading videos.
maxUploadSize = "5G";
https = true;
autoUpdateApps.enable = true;
extraAppsEnable = true;
extraApps = with config.services.nextcloud.package.packages.apps; {
# https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
inherit calendar contacts mail notes tasks registration spreed twofactor_nextcloud_notification;
# Custom app installation example.
# cookbook = pkgs.fetchNextcloudApp rec {
# url =
# "https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz";
# sha256 = "sha256-XgBwUr26qW6wvqhrnhhhhcN4wkI+eXDHnNSm1HDbP6M=";
# };
};
settings = {
overwriteProtocol = "https";
overwritehost = "cloud.ryot.foo";
trusted_domains = [ "cloud.ryot.foo" ];
default_phone_region = "US";
};
config = {
dbtype = "pgsql";
adminuser = "admin";
adminpassFile = "/etc/nextcloud-admin-pass";
};
};
}

58
host/cloud/modules/snapraid/default.nix
View file

@ -1,37 +1,37 @@
{ pkgs, ... }:
{
environment.etc."snapraid.conf".text = builtins.readFile ./snapraid.conf;
environment.etc."snapraid-runner.conf".text = ''
[snapraid]
executable = ${pkgs.snapraid}/bin/snapraid
config = /etc/snapraid.conf
deletethreshold = 40
touch = false
environment.etc."snapraid.conf".text = builtins.readFile ./snapraid.conf;
environment.etc."snapraid-runner.conf".text = ''
[snapraid]
executable = ${pkgs.snapraid}/bin/snapraid
config = /etc/snapraid.conf
deletethreshold = 40
touch = false
[logging]
file = /var/log/snapraid-runner.log
maxsize = 5000
[logging]
file = /var/log/snapraid-runner.log
maxsize = 5000
[email]
sendon =
short = true
subject = [SnapRAID] Status Report:
from = cloud@ryot.foo
to = [REDACTED]
maxsize = 500
[email]
sendon =
short = true
subject = [SnapRAID] Status Report:
from = cloud@ryot.foo
to = [REDACTED]
maxsize = 500
[smtp]
host = ryot.foo
port =
ssl = true
tls = true
user = admin
password = [REDACTED]
[smtp]
host = ryot.foo
port =
ssl = true
tls = true
user = admin
password = [REDACTED]
[scrub]
enabled = true
plan = 12
older-than = 10
'';
[scrub]
enabled = true
plan = 12
older-than = 10
'';
}