fern/flock
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: fern:fb2de49fd16570b4b6f7f737b4487985ae14fed6
Branches Tags
fern:main
fern:testing
...
compare: fern:7ffe1dad52e09af37c5e7dffc94661934579958a
Branches Tags
fern:testing
fern:main

3 commits
fb2de49fd1 ... 7ffe1dad52

Author SHA1 Message Date
Fern Garden
7ffe1dad52 Enable nextcloud 2025-08-20 08:13:09 +08:00
Fern Garden
dbdd5ba47d Update secrets 2025-08-20 08:13:06 +08:00
Fern Garden
6347e2e620 Nextcloud LXC 2025-08-19 22:20:24 +08:00
5 changed files with 73 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

14
.sops.yaml
View file

@ -1,13 +1,11 @@
keys: keys:
- &admin_fern age1n9q3cspp4a6qvjv9xaf00e5d5za3d8upz4akj2fh6zt5ly3ahans3vpx5x - &muskduck age1f99k8ujf9gt9zhzyqquhuv38znwjtv2cf42s0sf3h0waa5gwxsvscd2rvw
- &admin_ornithologist age1t4cmsp8ge42cftxne6vjxt255tsfe6aga4r35gev647f3yuvwvkqyetenv - &firefox-syncserver age1hrvts2jkdclk3f9atjry7chuakt5n9qmlwfwsdlcnmc88ld3ysuqz6ejge
- &server_firefox-syncserver age1hrvts2jkdclk3f9atjry7chuakt5n9qmlwfwsdlcnmc88ld3ysuqz6ejge - &nextcloud age1vkup37w26905wzmjnjxryfzga7f72dzhuay45uuhqvntj3gajydsnukxv7
- &server_nextcloud age1fn3y3km7wuftvrc2ds78ceu2wfrya0l5up0gshhnyhrq7gyglu0s2j8mpm
creation_rules: creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups: key_groups:
- age: - age:
- *admin_fern - *muskduck
- *admin_ornithologist - *firefox-syncserver
- *server_firefox-syncserver - *nextcloud
- *server_nextcloud

8
flake.lock generated
View file

@ -412,11 +412,11 @@
"secrets": { "secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1753192971, "lastModified": 1755613196,
"narHash": "sha256-+Gg9j2Un6wEtut8uXtfiya+QeL+EMWzR+/xWXDR8fVg=", "narHash": "sha256-nHR8//I5cMjWbDvlBk4HNE3wb0l+M4y5Xx8cwehJlE0=",
"ref": "main", "ref": "main",
"rev": "3caaec2bd7cd7d1feb244e00ca4664dabb8a0495", "rev": "026300d70aff95c9b3514e9922979ae0340b6d6a",
"revCount": 4, "revCount": 5,
"type": "git", "type": "git",
"url": "ssh://git@docker.local:222/fern/secrets" "url": "ssh://git@docker.local:222/fern/secrets"
}, },

5
flake.nix
View file

@ -98,5 +98,10 @@
(mkHost "firefox-syncserver" { (mkHost "firefox-syncserver" {
suite = "server/lxc"; suite = "server/lxc";
}) })
# Container running Nextcloud.
(mkHost "nextcloud" {
suite = "server/lxc";
})
]; ];
} }

57
hosts/nextcloud/default.nix Normal file
View file

@ -0,0 +1,57 @@
{
config,
pkgs,
secrets,
...
}: {
# Import secrets.
sops = {
age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
defaultSopsFile = "${secrets}/sops.yaml";
secrets."nextcloud/admin_pass" = {};
};
# Enable Nextcloud.
services.nextcloud = {
enable = true;
package = pkgs.nextcloud31;
hostName = "localhost";
database.createLocally = true;
appstoreEnable = false;
autoUpdateApps.enable = true;
extraApps = with config.services.nextcloud.package.packages.apps; {
inherit calendar contacts dav_push gpoddersync notify_push user_oidc;
};
settings = {
trusted_domains = ["cloud.ferngarden.net" "10.0.1.107"];
trusted_proxies = [
"::1"
"127.0.0.1"
"10.0.1.102" # reverse proxy
];
log_type = "file";
default_phone_region = "AU";
maintenance_window_start = 1;
};
config = {
dbtype = "pgsql";
adminuser = "fern";
adminpassFile = config.sops.secrets."nextcloud/admin_pass".path;
};
phpOptions."opcache.interned_strings_buffer" = "64";
notify_push = {
enable = true;
};
};
# Open required ports for Nextcloud.
networking.firewall.allowedTCPPorts = [
80
443
];
}

1
suites/desktop/default.nix
View file

@ -265,6 +265,7 @@ with lib; {
gnomeExtensions.color-picker gnomeExtensions.color-picker
gnomeExtensions.rounded-window-corners-reborn gnomeExtensions.rounded-window-corners-reborn
gnomeExtensions.smile-complementary-extension gnomeExtensions.smile-complementary-extension
inkscape
jellyfin-media-player jellyfin-media-player
libreoffice libreoffice
minipro minipro