From c94db74393bc5c87a0e13e4bac3fd26ff91fab23 Mon Sep 17 00:00:00 2001 From: Chris Toph Date: Wed, 22 Jan 2025 17:32:48 -0500 Subject: [PATCH] archived/disabled nginx nextcloud --- common/archive/nextcloud/default.nix | 89 +++++++++++++++++++ .../archive}/nextcloud/nextcloud-admin-pass | 0 common/archive/nginx/default.nix | 27 ++++++ host/cloud/default.nix | 53 ++++++----- host/cloud/hardware.nix | 16 ++-- host/cloud/modules/nextcloud/default.nix | 51 ----------- host/cloud/modules/snapraid/default.nix | 58 ++++++------ 7 files changed, 186 insertions(+), 108 deletions(-) create mode 100644 common/archive/nextcloud/default.nix rename {host/cloud/modules => common/archive}/nextcloud/nextcloud-admin-pass (100%) create mode 100644 common/archive/nginx/default.nix delete mode 100644 host/cloud/modules/nextcloud/default.nix diff --git a/common/archive/nextcloud/default.nix b/common/archive/nextcloud/default.nix new file mode 100644 index 0000000..2911882 --- /dev/null +++ b/common/archive/nextcloud/default.nix @@ -0,0 +1,89 @@ +{ config, pkgs, ... }: + +{ + # The Nextcloud admin password is stored in a separate file to avoid + environment.etc."nextcloud-admin-pass".text = builtins.readFile ./nextcloud-admin-pass; + + services.nextcloud = { + enable = true; + hostName = "cloud.ryot.foo"; + + # Need to manually increment with every major upgrade. + package = pkgs.nextcloud29; + + # Let NixOS install and configure the database automatically. + database.createLocally = true; + + # Let NixOS install and configure Redis caching automatically. + configureRedis = true; + + # Increase the maximum file upload size to avoid problems uploading videos. + maxUploadSize = "5G"; + https = true; + + # appstoreEnable = true; + autoUpdateApps.enable = true; + extraAppsEnable = true; + extraApps = with config.services.nextcloud.package.packages.apps; { + # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json + inherit + calendar + contacts + mail + notes + tasks + registration + spreed + twofactor_nextcloud_notification + ; + + # breeze = pkgs.fetchNextcloudApp { + # sha256 = "sha256-9xMH9IcQrzzMJ5bL6RP/3CS1QGuByriCjGkJQJxQ4CU="; + # url = "https://github.com/mwalbeck/nextcloud-breeze-dark/releases/download/v29.0.0/breezedark.tar.gz"; + # license = "agpl3Only"; + # }; + + oidc_login = pkgs.fetchNextcloudApp { + sha256 = "sha256-DrbaKENMz2QJfbDKCMrNGEZYpUEvtcsiqw9WnveaPZA="; + url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.2.0/oidc_login.tar.gz"; + license = "agpl3Only"; + }; + + impersonate = pkgs.fetchNextcloudApp { + sha256 = "sha256-7NCfm2c861E1ZOZhpqjbsw2LC9I7ypp2J1LamqmWvtU="; + url = "https://github.com/nextcloud-releases/impersonate/releases/download/v1.16.0/impersonate-v1.16.0.tar.gz"; + license = "agpl3Only"; + }; + + # Custom app installation example. + # cookbook = pkgs.fetchNextcloudApp rec { + # url = + # "https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz"; + # sha256 = "sha256-XgBwUr26qW6wvqhrnhhhhcN4wkI+eXDHnNSm1HDbP6M="; + # }; + }; + + settings = { + overwriteProtocol = "https"; + overwritehost = "cloud.ryot.foo"; + trusted_domains = [ "cloud.ryot.foo" ]; + default_phone_region = "US"; + allow_user_to_change_display_name = "false"; + lost_password_link = "disabled"; + oidc_login_provider_url = "https://auth.ryot.foo/application/o/cloud-slug"; + oidc_login_client_id = "Fmc7v4MFQ3Iv8bZwOdXIaqYZUdDkiL0bKbDuGWd3"; + oidc_login_client_secret = "TPo7Q4uiusak2G6cneZMijMt45Y2FNCE2YT4hXWU9IjcywNhgzFXDY5sxC4SyyggkFmj3Dz3DYcZj295kjAES2W140EfjNRWI6xHd6B7Fxj8B6BzudJ5ii5Um1ZyjU47"; + # oidc_login_logout_url = "https://openid.example.com/thankyou"; + # oidc_login_end_session_redirect = "false"; + oidc_login_button_text = "Authentik Login"; + oidc_login_scope = "openid profile"; + oidc_login_disable_registration = "false"; + }; + + config = { + dbtype = "pgsql"; + adminuser = "admin"; + adminpassFile = "/etc/nextcloud-admin-pass"; + }; + }; +} diff --git a/host/cloud/modules/nextcloud/nextcloud-admin-pass b/common/archive/nextcloud/nextcloud-admin-pass similarity index 100% rename from host/cloud/modules/nextcloud/nextcloud-admin-pass rename to common/archive/nextcloud/nextcloud-admin-pass diff --git a/common/archive/nginx/default.nix b/common/archive/nginx/default.nix new file mode 100644 index 0000000..24ca5bd --- /dev/null +++ b/common/archive/nginx/default.nix @@ -0,0 +1,27 @@ +{ + # Nginx + services.nginx = { + + enable = true; + + # Use recommended settings + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + # Only allow PFS-enabled ciphers with AES256 + sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; + + # Setup Nextcloud virtual host to listen on ports + virtualHosts = { + + "drive.ryot.foo" = { + ## Force HTTP redirect to HTTPS + forceSSL = true; + ## LetsEncrypt + enableACME = true; + }; + }; + }; +} diff --git a/host/cloud/default.nix b/host/cloud/default.nix index 8a2ea04..32ba2a5 100644 --- a/host/cloud/default.nix +++ b/host/cloud/default.nix @@ -1,35 +1,48 @@ -{ modulesPath, config, pkgs, hostName, ... }: +{ + modulesPath, + config, + pkgs, + hostName, + ... +}: { ## MODULES & IMPORTS ## - imports = [ - # Common Modules - ../../common/acme - ../../common/lxc - ../../common/ssh + imports = [ + # Common Modules + ../../common/acme + ../../common/lxc + ../../common/ssh - # Import hardware configuration. - ./hardware.nix - - # Local Modules + # Import hardware configuration. + ./hardware.nix - # cron - ./modules/cron - # Logrotate + # Local Modules + + # cron + ./modules/cron + # Logrotate ./modules/logrotate # Caddy ./modules/caddy - # Snapraid-runner - ./modules/snapraid + # Snapraid-runner + ./modules/snapraid ]; ## NETWORKING ## networking.firewall = { - allowedTCPPorts = [ 22 80 443 ]; + allowedTCPPorts = [ + 22 + 80 + 443 + 8181 + ]; allowedUDPPorts = [ ]; }; + ## USERS ## + ## ENVIORMENT & PACKAGES ## - nixpkgs.overlays = [ (import ./overlays) ]; + nixpkgs.overlays = [ (import ../../nix/overlays) ]; environment.systemPackages = with pkgs; [ git mergerfs @@ -38,10 +51,10 @@ ranger sshfs snapraid - snapraid-runner - wget + snapraid-runner + wget ]; - + environment.variables = { HOSTNAME = hostName; }; diff --git a/host/cloud/hardware.nix b/host/cloud/hardware.nix index 965186a..4c4fb64 100644 --- a/host/cloud/hardware.nix +++ b/host/cloud/hardware.nix @@ -33,13 +33,13 @@ ]; }; - "/var/lib/nextcloud" = { - fsType = "none"; - device = "/pool/NextCloud"; - options = [ - "bind" - "nofail" - ]; - }; + # "/var/lib/nextcloud" = { + # fsType = "none"; + # device = "/pool/NextCloud"; + # options = [ + # "bind" + # "nofail" + # ]; + # }; }; } diff --git a/host/cloud/modules/nextcloud/default.nix b/host/cloud/modules/nextcloud/default.nix deleted file mode 100644 index c9d98cc..0000000 --- a/host/cloud/modules/nextcloud/default.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ config, pkgs, ... }: - -{ - # The Nextcloud admin password is stored in a separate file to avoid - environment.etc."nextcloud-admin-pass".text = builtins.readFile ./nextcloud-admin-pass; - - services.nextcloud = { - enable = true; - hostName = "cloud.ryot.foo"; - - # Need to manually increment with every major upgrade. - package = pkgs.nextcloud29; - - # Let NixOS install and configure the database automatically. - database.createLocally = true; - - # Let NixOS install and configure Redis caching automatically. - configureRedis = true; - - # Increase the maximum file upload size to avoid problems uploading videos. - maxUploadSize = "5G"; - https = true; - - autoUpdateApps.enable = true; - extraAppsEnable = true; - extraApps = with config.services.nextcloud.package.packages.apps; { - # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json - inherit calendar contacts mail notes tasks registration spreed twofactor_nextcloud_notification; - - # Custom app installation example. - # cookbook = pkgs.fetchNextcloudApp rec { - # url = - # "https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz"; - # sha256 = "sha256-XgBwUr26qW6wvqhrnhhhhcN4wkI+eXDHnNSm1HDbP6M="; - # }; - }; - - settings = { - overwriteProtocol = "https"; - overwritehost = "cloud.ryot.foo"; - trusted_domains = [ "cloud.ryot.foo" ]; - default_phone_region = "US"; - }; - - config = { - dbtype = "pgsql"; - adminuser = "admin"; - adminpassFile = "/etc/nextcloud-admin-pass"; - }; - }; -} \ No newline at end of file diff --git a/host/cloud/modules/snapraid/default.nix b/host/cloud/modules/snapraid/default.nix index 7559102..721c12d 100644 --- a/host/cloud/modules/snapraid/default.nix +++ b/host/cloud/modules/snapraid/default.nix @@ -1,37 +1,37 @@ { pkgs, ... }: { - environment.etc."snapraid.conf".text = builtins.readFile ./snapraid.conf; - environment.etc."snapraid-runner.conf".text = '' - [snapraid] - executable = ${pkgs.snapraid}/bin/snapraid - config = /etc/snapraid.conf - deletethreshold = 40 - touch = false + environment.etc."snapraid.conf".text = builtins.readFile ./snapraid.conf; + environment.etc."snapraid-runner.conf".text = '' + [snapraid] + executable = ${pkgs.snapraid}/bin/snapraid + config = /etc/snapraid.conf + deletethreshold = 40 + touch = false - [logging] - file = /var/log/snapraid-runner.log - maxsize = 5000 + [logging] + file = /var/log/snapraid-runner.log + maxsize = 5000 - [email] - sendon = - short = true - subject = [SnapRAID] Status Report: - from = cloud@ryot.foo - to = [REDACTED] - maxsize = 500 + [email] + sendon = + short = true + subject = [SnapRAID] Status Report: + from = cloud@ryot.foo + to = [REDACTED] + maxsize = 500 - [smtp] - host = ryot.foo - port = - ssl = true - tls = true - user = admin - password = [REDACTED] + [smtp] + host = ryot.foo + port = + ssl = true + tls = true + user = admin + password = [REDACTED] - [scrub] - enabled = true - plan = 12 - older-than = 10 - ''; + [scrub] + enabled = true + plan = 12 + older-than = 10 + ''; }