From 6347e2e620c75781bef5c3fed00880830289f7b0 Mon Sep 17 00:00:00 2001 From: Fern Garden Date: Tue, 19 Aug 2025 22:20:24 +0800 Subject: [PATCH 1/3] Nextcloud LXC --- .sops.yaml | 14 +++++------ flake.nix | 5 ++++ hosts/nextcloud/default.nix | 50 +++++++++++++++++++++++++++++++++++++ suites/desktop/default.nix | 1 + 4 files changed, 62 insertions(+), 8 deletions(-) create mode 100644 hosts/nextcloud/default.nix diff --git a/.sops.yaml b/.sops.yaml index 7157add..fc8028b 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,13 +1,11 @@ keys: - - &admin_fern age1n9q3cspp4a6qvjv9xaf00e5d5za3d8upz4akj2fh6zt5ly3ahans3vpx5x - - &admin_ornithologist age1t4cmsp8ge42cftxne6vjxt255tsfe6aga4r35gev647f3yuvwvkqyetenv - - &server_firefox-syncserver age1hrvts2jkdclk3f9atjry7chuakt5n9qmlwfwsdlcnmc88ld3ysuqz6ejge - - &server_nextcloud age1fn3y3km7wuftvrc2ds78ceu2wfrya0l5up0gshhnyhrq7gyglu0s2j8mpm + - &muskduck age1f99k8ujf9gt9zhzyqquhuv38znwjtv2cf42s0sf3h0waa5gwxsvscd2rvw + - &firefox-syncserver age1hrvts2jkdclk3f9atjry7chuakt5n9qmlwfwsdlcnmc88ld3ysuqz6ejge + - &nextcloud age1vkup37w26905wzmjnjxryfzga7f72dzhuay45uuhqvntj3gajydsnukxv7 creation_rules: - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ key_groups: - age: - - *admin_fern - - *admin_ornithologist - - *server_firefox-syncserver - - *server_nextcloud + - *muskduck + - *firefox-syncserver + - *nextcloud diff --git a/flake.nix b/flake.nix index dbaf5c4..3a17913 100755 --- a/flake.nix +++ b/flake.nix @@ -98,5 +98,10 @@ (mkHost "firefox-syncserver" { suite = "server/lxc"; }) + + # Container running Nextcloud. + (mkHost "nextcloud" { + suite = "server/lxc"; + }) ]; } diff --git a/hosts/nextcloud/default.nix b/hosts/nextcloud/default.nix new file mode 100644 index 0000000..f89abb3 --- /dev/null +++ b/hosts/nextcloud/default.nix @@ -0,0 +1,50 @@ +{ + config, + pkgs, + secrets, + ... +}: { + # # Import secrets. + # sops = { + # age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + # defaultSopsFile = "${secrets}/sops.yaml"; + # secrets."nextcloud/admin_pass" = {}; + # }; + # + # # Enable Nextcloud. + # services.nextcloud = { + # enable = true; + # package = pkgs.nextcloud31; + # hostName = "localhost"; + # database.createLocally = true; + # appstoreEnable = false; + # autoUpdateApps.enable = true; + # + # extraApps = with config.services.nextcloud.package.packages.apps; { + # inherit bookmarks calendar contacts dav_push gpoddersync user_oidc; + # }; + # + # settings = { + # trusted_domains = ["cloud.ferngarden.net"]; + # trusted_proxies = ["10.0.1.102"]; + # log_type = "file"; + # default_phone_region = "AU"; + # }; + # + # config = { + # dbtype = "pgsql"; + # adminuser = "fern"; + # adminpassFile = config.sops.secrets."nextcloud/admin_pass".path; + # }; + # + # notify_push = { + # enable = true; + # }; + # }; + # + # # Open required ports for Nextcloud. + # networking.firewall.allowedTCPPorts = [ + # 80 + # 443 + # ]; +} diff --git a/suites/desktop/default.nix b/suites/desktop/default.nix index 11f8fd1..9a80881 100755 --- a/suites/desktop/default.nix +++ b/suites/desktop/default.nix @@ -265,6 +265,7 @@ with lib; { gnomeExtensions.color-picker gnomeExtensions.rounded-window-corners-reborn gnomeExtensions.smile-complementary-extension + inkscape jellyfin-media-player libreoffice minipro From dbdd5ba47d7d745ac91f3edba2e3cde91a844bd5 Mon Sep 17 00:00:00 2001 From: Fern Garden Date: Wed, 20 Aug 2025 08:13:06 +0800 Subject: [PATCH 2/3] Update secrets --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 6029120..ec3508d 100755 --- a/flake.lock +++ b/flake.lock @@ -412,11 +412,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1753192971, - "narHash": "sha256-+Gg9j2Un6wEtut8uXtfiya+QeL+EMWzR+/xWXDR8fVg=", + "lastModified": 1755613196, + "narHash": "sha256-nHR8//I5cMjWbDvlBk4HNE3wb0l+M4y5Xx8cwehJlE0=", "ref": "main", - "rev": "3caaec2bd7cd7d1feb244e00ca4664dabb8a0495", - "revCount": 4, + "rev": "026300d70aff95c9b3514e9922979ae0340b6d6a", + "revCount": 5, "type": "git", "url": "ssh://git@docker.local:222/fern/secrets" }, From 7ffe1dad52e09af37c5e7dffc94661934579958a Mon Sep 17 00:00:00 2001 From: Fern Garden Date: Wed, 20 Aug 2025 08:13:09 +0800 Subject: [PATCH 3/3] Enable nextcloud --- hosts/nextcloud/default.nix | 93 ++++++++++++++++++++----------------- 1 file changed, 50 insertions(+), 43 deletions(-) diff --git a/hosts/nextcloud/default.nix b/hosts/nextcloud/default.nix index f89abb3..4aaa702 100644 --- a/hosts/nextcloud/default.nix +++ b/hosts/nextcloud/default.nix @@ -4,47 +4,54 @@ secrets, ... }: { - # # Import secrets. - # sops = { - # age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; - # defaultSopsFile = "${secrets}/sops.yaml"; - # secrets."nextcloud/admin_pass" = {}; - # }; - # - # # Enable Nextcloud. - # services.nextcloud = { - # enable = true; - # package = pkgs.nextcloud31; - # hostName = "localhost"; - # database.createLocally = true; - # appstoreEnable = false; - # autoUpdateApps.enable = true; - # - # extraApps = with config.services.nextcloud.package.packages.apps; { - # inherit bookmarks calendar contacts dav_push gpoddersync user_oidc; - # }; - # - # settings = { - # trusted_domains = ["cloud.ferngarden.net"]; - # trusted_proxies = ["10.0.1.102"]; - # log_type = "file"; - # default_phone_region = "AU"; - # }; - # - # config = { - # dbtype = "pgsql"; - # adminuser = "fern"; - # adminpassFile = config.sops.secrets."nextcloud/admin_pass".path; - # }; - # - # notify_push = { - # enable = true; - # }; - # }; - # - # # Open required ports for Nextcloud. - # networking.firewall.allowedTCPPorts = [ - # 80 - # 443 - # ]; + # Import secrets. + sops = { + age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + defaultSopsFile = "${secrets}/sops.yaml"; + secrets."nextcloud/admin_pass" = {}; + }; + + # Enable Nextcloud. + services.nextcloud = { + enable = true; + package = pkgs.nextcloud31; + hostName = "localhost"; + database.createLocally = true; + appstoreEnable = false; + autoUpdateApps.enable = true; + + extraApps = with config.services.nextcloud.package.packages.apps; { + inherit calendar contacts dav_push gpoddersync notify_push user_oidc; + }; + + settings = { + trusted_domains = ["cloud.ferngarden.net" "10.0.1.107"]; + trusted_proxies = [ + "::1" + "127.0.0.1" + "10.0.1.102" # reverse proxy + ]; + log_type = "file"; + default_phone_region = "AU"; + maintenance_window_start = 1; + }; + + config = { + dbtype = "pgsql"; + adminuser = "fern"; + adminpassFile = config.sops.secrets."nextcloud/admin_pass".path; + }; + + phpOptions."opcache.interned_strings_buffer" = "64"; + + notify_push = { + enable = true; + }; + }; + + # Open required ports for Nextcloud. + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; }