diff --git a/.sops.yaml b/.sops.yaml index fc8028b..7157add 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,11 +1,13 @@ keys: - - &muskduck age1f99k8ujf9gt9zhzyqquhuv38znwjtv2cf42s0sf3h0waa5gwxsvscd2rvw - - &firefox-syncserver age1hrvts2jkdclk3f9atjry7chuakt5n9qmlwfwsdlcnmc88ld3ysuqz6ejge - - &nextcloud age1vkup37w26905wzmjnjxryfzga7f72dzhuay45uuhqvntj3gajydsnukxv7 + - &admin_fern age1n9q3cspp4a6qvjv9xaf00e5d5za3d8upz4akj2fh6zt5ly3ahans3vpx5x + - &admin_ornithologist age1t4cmsp8ge42cftxne6vjxt255tsfe6aga4r35gev647f3yuvwvkqyetenv + - &server_firefox-syncserver age1hrvts2jkdclk3f9atjry7chuakt5n9qmlwfwsdlcnmc88ld3ysuqz6ejge + - &server_nextcloud age1fn3y3km7wuftvrc2ds78ceu2wfrya0l5up0gshhnyhrq7gyglu0s2j8mpm creation_rules: - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ key_groups: - age: - - *muskduck - - *firefox-syncserver - - *nextcloud + - *admin_fern + - *admin_ornithologist + - *server_firefox-syncserver + - *server_nextcloud diff --git a/flake.lock b/flake.lock index ec3508d..6029120 100755 --- a/flake.lock +++ b/flake.lock @@ -412,11 +412,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1755613196, - "narHash": "sha256-nHR8//I5cMjWbDvlBk4HNE3wb0l+M4y5Xx8cwehJlE0=", + "lastModified": 1753192971, + "narHash": "sha256-+Gg9j2Un6wEtut8uXtfiya+QeL+EMWzR+/xWXDR8fVg=", "ref": "main", - "rev": "026300d70aff95c9b3514e9922979ae0340b6d6a", - "revCount": 5, + "rev": "3caaec2bd7cd7d1feb244e00ca4664dabb8a0495", + "revCount": 4, "type": "git", "url": "ssh://git@docker.local:222/fern/secrets" }, diff --git a/flake.nix b/flake.nix index 3a17913..dbaf5c4 100755 --- a/flake.nix +++ b/flake.nix @@ -98,10 +98,5 @@ (mkHost "firefox-syncserver" { suite = "server/lxc"; }) - - # Container running Nextcloud. - (mkHost "nextcloud" { - suite = "server/lxc"; - }) ]; } diff --git a/hosts/nextcloud/default.nix b/hosts/nextcloud/default.nix deleted file mode 100644 index 4aaa702..0000000 --- a/hosts/nextcloud/default.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ - config, - pkgs, - secrets, - ... -}: { - # Import secrets. - sops = { - age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; - defaultSopsFile = "${secrets}/sops.yaml"; - secrets."nextcloud/admin_pass" = {}; - }; - - # Enable Nextcloud. - services.nextcloud = { - enable = true; - package = pkgs.nextcloud31; - hostName = "localhost"; - database.createLocally = true; - appstoreEnable = false; - autoUpdateApps.enable = true; - - extraApps = with config.services.nextcloud.package.packages.apps; { - inherit calendar contacts dav_push gpoddersync notify_push user_oidc; - }; - - settings = { - trusted_domains = ["cloud.ferngarden.net" "10.0.1.107"]; - trusted_proxies = [ - "::1" - "127.0.0.1" - "10.0.1.102" # reverse proxy - ]; - log_type = "file"; - default_phone_region = "AU"; - maintenance_window_start = 1; - }; - - config = { - dbtype = "pgsql"; - adminuser = "fern"; - adminpassFile = config.sops.secrets."nextcloud/admin_pass".path; - }; - - phpOptions."opcache.interned_strings_buffer" = "64"; - - notify_push = { - enable = true; - }; - }; - - # Open required ports for Nextcloud. - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; -} diff --git a/suites/desktop/default.nix b/suites/desktop/default.nix index 9a80881..11f8fd1 100755 --- a/suites/desktop/default.nix +++ b/suites/desktop/default.nix @@ -265,7 +265,6 @@ with lib; { gnomeExtensions.color-picker gnomeExtensions.rounded-window-corners-reborn gnomeExtensions.smile-complementary-extension - inkscape jellyfin-media-player libreoffice minipro