archived/disabled nginx nextcloud

common/archive/nextcloud/default.nix

@@ -0,0 +1,89 @@
+{ config, pkgs, ... }:
+
+{
+  # The Nextcloud admin password is stored in a separate file to avoid
+  environment.etc."nextcloud-admin-pass".text = builtins.readFile ./nextcloud-admin-pass;
+
+  services.nextcloud = {
+    enable = true;
+    hostName = "cloud.ryot.foo";
+
+    # Need to manually increment with every major upgrade.
+    package = pkgs.nextcloud29;
+
+    # Let NixOS install and configure the database automatically.
+    database.createLocally = true;
+
+    # Let NixOS install and configure Redis caching automatically.
+    configureRedis = true;
+
+    # Increase the maximum file upload size to avoid problems uploading videos.
+    maxUploadSize = "5G";
+    https = true;
+
+    # appstoreEnable = true;
+    autoUpdateApps.enable = true;
+    extraAppsEnable = true;
+    extraApps = with config.services.nextcloud.package.packages.apps; {
+      # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
+      inherit
+        calendar
+        contacts
+        mail
+        notes
+        tasks
+        registration
+        spreed
+        twofactor_nextcloud_notification
+        ;
+
+      # breeze = pkgs.fetchNextcloudApp {
+      #   sha256 = "sha256-9xMH9IcQrzzMJ5bL6RP/3CS1QGuByriCjGkJQJxQ4CU=";
+      #   url = "https://github.com/mwalbeck/nextcloud-breeze-dark/releases/download/v29.0.0/breezedark.tar.gz";
+      #   license = "agpl3Only";
+      # };
+
+      oidc_login = pkgs.fetchNextcloudApp {
+        sha256 = "sha256-DrbaKENMz2QJfbDKCMrNGEZYpUEvtcsiqw9WnveaPZA=";
+        url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.2.0/oidc_login.tar.gz";
+        license = "agpl3Only";
+      };
+
+      impersonate = pkgs.fetchNextcloudApp {
+        sha256 = "sha256-7NCfm2c861E1ZOZhpqjbsw2LC9I7ypp2J1LamqmWvtU=";
+        url = "https://github.com/nextcloud-releases/impersonate/releases/download/v1.16.0/impersonate-v1.16.0.tar.gz";
+        license = "agpl3Only";
+      };
+
+      # Custom app installation example.
+      # cookbook = pkgs.fetchNextcloudApp rec {
+      #   url =
+      #     "https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz";
+      #   sha256 = "sha256-XgBwUr26qW6wvqhrnhhhhcN4wkI+eXDHnNSm1HDbP6M=";
+      # };
+    };
+
+    settings = {
+      overwriteProtocol = "https";
+      overwritehost = "cloud.ryot.foo";
+      trusted_domains = [ "cloud.ryot.foo" ];
+      default_phone_region = "US";
+      allow_user_to_change_display_name = "false";
+      lost_password_link = "disabled";
+      oidc_login_provider_url = "https://auth.ryot.foo/application/o/cloud-slug";
+      oidc_login_client_id = "Fmc7v4MFQ3Iv8bZwOdXIaqYZUdDkiL0bKbDuGWd3";
+      oidc_login_client_secret = "TPo7Q4uiusak2G6cneZMijMt45Y2FNCE2YT4hXWU9IjcywNhgzFXDY5sxC4SyyggkFmj3Dz3DYcZj295kjAES2W140EfjNRWI6xHd6B7Fxj8B6BzudJ5ii5Um1ZyjU47";
+      # oidc_login_logout_url = "https://openid.example.com/thankyou";
+      # oidc_login_end_session_redirect = "false";
+      oidc_login_button_text = "Authentik Login";
+      oidc_login_scope = "openid profile";
+      oidc_login_disable_registration = "false";
+    };
+
+    config = {
+      dbtype = "pgsql";
+      adminuser = "admin";
+      adminpassFile = "/etc/nextcloud-admin-pass";
+    };
+  };
+}

common/archive/nginx/default.nix

@@ -0,0 +1,27 @@
+{
+  # Nginx
+  services.nginx = {
+
+    enable = true;
+
+    # Use recommended settings
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    # Only allow PFS-enabled ciphers with AES256
+    sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
+
+    # Setup Nextcloud virtual host to listen on ports
+    virtualHosts = {
+
+      "drive.ryot.foo" = {
+        ## Force HTTP redirect to HTTPS
+        forceSSL = true;
+        ## LetsEncrypt
+        enableACME = true;
+      };
+    };
+  };
+}

host/cloud/default.nix

@@ -1,35 +1,48 @@
-{ modulesPath, config, pkgs, hostName, ... }:
+{
+  modulesPath,
+  config,
+  pkgs,
+  hostName,
+  ...
+}:
 {
   ## MODULES & IMPORTS ##
-  imports = [ 
+  imports = [
-      # Common Modules
+    # Common Modules
-      ../../common/acme
+    ../../common/acme
-      ../../common/lxc
+    ../../common/lxc
-      ../../common/ssh
+    ../../common/ssh
 
-      # Import hardware configuration.
+    # Import hardware configuration.
-      ./hardware.nix
+    ./hardware.nix
-      
-      # Local Modules
 
-      # cron
+    # Local Modules
-      ./modules/cron
+
-      # Logrotate
+    # cron
+    ./modules/cron
+    # Logrotate
     ./modules/logrotate
     # Caddy
     ./modules/caddy
-      # Snapraid-runner
+    # Snapraid-runner
-      ./modules/snapraid
+    ./modules/snapraid
   ];
 
   ## NETWORKING ##
   networking.firewall = {
-    allowedTCPPorts = [ 22 80 443 ];
+    allowedTCPPorts = [
+      22
+      80
+      443
+      8181
+    ];
     allowedUDPPorts = [ ];
   };
 
+  ## USERS ##
+
   ## ENVIORMENT & PACKAGES ##
-  nixpkgs.overlays = [ (import ./overlays) ];
+  nixpkgs.overlays = [ (import ../../nix/overlays) ];
   environment.systemPackages = with pkgs; [
     git
     mergerfs
@@ -38,10 +51,10 @@
     ranger
     sshfs
     snapraid
-    snapraid-runner 
+    snapraid-runner
-    wget 
+    wget
   ];
-  
+
   environment.variables = {
     HOSTNAME = hostName;
   };

host/cloud/hardware.nix

@@ -33,13 +33,13 @@
       ];
     };
 
-    "/var/lib/nextcloud" = {
+    # "/var/lib/nextcloud" = {
-      fsType = "none";
+    #   fsType = "none";
-      device = "/pool/NextCloud";
+    #   device = "/pool/NextCloud";
-      options = [
+    #   options = [
-        "bind"
+    #     "bind"
-        "nofail"
+    #     "nofail"
-      ];
+    #   ];
-    };
+    # };
   };
 }

host/cloud/modules/nextcloud/default.nix

@@ -1,51 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  # The Nextcloud admin password is stored in a separate file to avoid
-  environment.etc."nextcloud-admin-pass".text = builtins.readFile ./nextcloud-admin-pass;
-
-  services.nextcloud = { 
-    enable = true;
-    hostName = "cloud.ryot.foo";
-
-    # Need to manually increment with every major upgrade.
-    package = pkgs.nextcloud29;
-
-    # Let NixOS install and configure the database automatically.
-    database.createLocally = true;
-
-    # Let NixOS install and configure Redis caching automatically.
-    configureRedis = true;
-
-    # Increase the maximum file upload size to avoid problems uploading videos.
-    maxUploadSize = "5G";
-    https = true;
-
-    autoUpdateApps.enable = true;
-    extraAppsEnable = true;
-    extraApps = with config.services.nextcloud.package.packages.apps; {
-      # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
-      inherit calendar contacts mail notes tasks registration spreed twofactor_nextcloud_notification;
-
-      # Custom app installation example.
-      # cookbook = pkgs.fetchNextcloudApp rec {
-      #   url =
-      #     "https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz";
-      #   sha256 = "sha256-XgBwUr26qW6wvqhrnhhhhcN4wkI+eXDHnNSm1HDbP6M=";
-      # };
-    };
-
-    settings = {
-      overwriteProtocol = "https";
-      overwritehost = "cloud.ryot.foo";
-      trusted_domains = [ "cloud.ryot.foo" ];
-      default_phone_region = "US";
-    };
-
-    config = {
-      dbtype = "pgsql";
-      adminuser = "admin";
-      adminpassFile = "/etc/nextcloud-admin-pass";
-    };
-  };
-}

host/cloud/modules/snapraid/default.nix

@@ -1,37 +1,37 @@
 { pkgs, ... }:
 
 {
-    environment.etc."snapraid.conf".text = builtins.readFile ./snapraid.conf;
+  environment.etc."snapraid.conf".text = builtins.readFile ./snapraid.conf;
-    environment.etc."snapraid-runner.conf".text = ''
+  environment.etc."snapraid-runner.conf".text = ''
-        [snapraid]
+    [snapraid]
-        executable = ${pkgs.snapraid}/bin/snapraid
+    executable = ${pkgs.snapraid}/bin/snapraid
-        config = /etc/snapraid.conf
+    config = /etc/snapraid.conf
-        deletethreshold = 40
+    deletethreshold = 40
-        touch = false
+    touch = false
 
-        [logging]
+    [logging]
-        file = /var/log/snapraid-runner.log
+    file = /var/log/snapraid-runner.log
-        maxsize = 5000
+    maxsize = 5000
 
-        [email]
+    [email]
-        sendon = 
+    sendon = 
-        short = true
+    short = true
-        subject = [SnapRAID] Status Report:
+    subject = [SnapRAID] Status Report:
-        from = cloud@ryot.foo
+    from = cloud@ryot.foo
-        to = [REDACTED]
+    to = [REDACTED]
-        maxsize = 500
+    maxsize = 500
 
-        [smtp]
+    [smtp]
-        host = ryot.foo
+    host = ryot.foo
-        port =
+    port =
-        ssl = true
+    ssl = true
-        tls = true
+    tls = true
-        user = admin
+    user = admin
-        password = [REDACTED]
+    password = [REDACTED]
 
-        [scrub]
+    [scrub]
-        enabled = true
+    enabled = true
-        plan = 12
+    plan = 12
-        older-than = 10
+    older-than = 10
-    '';
+  '';
 }