diff --git a/hosts/kima/default.nix b/hosts/kima/default.nix index 3f51347d..538ecc29 100644 --- a/hosts/kima/default.nix +++ b/hosts/kima/default.nix @@ -46,8 +46,6 @@ in environment.variables = { NH_FLAKE = "/home/cnst/.nix-config"; GEMINI_API_KEY = config.age.secrets.gcapi.path; - QT_WAYLAND_DISABLE_WINDOWDECORATION = "1"; - NIXOS_OZONE_WL = "1"; }; # # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion diff --git a/hosts/sobotka/server.nix b/hosts/sobotka/server.nix index 850dcfa3..c848458b 100644 --- a/hosts/sobotka/server.nix +++ b/hosts/sobotka/server.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ server = { enable = true; email = "adam@cnst.dev"; @@ -52,6 +53,14 @@ credentialsFile = config.age.secrets.vaultwardenCloudflared.path; }; }; + nextcloud = { + enable = true; + url = "cloud.cnst.dev"; + cloudflared = { + tunnelId = "fdd98086-6a4c-44f2-bba0-eb86b833cce5"; + credentialsFile = config.age.secrets.nextcloudCloudflared.path; + }; + }; fail2ban = { enable = true; apiKeyFile = config.age.secrets.cloudflareFirewallApiKey.path; diff --git a/modules/home/programs/pkgs/default.nix b/modules/home/programs/pkgs/default.nix index 9eaab63d..ce067d67 100644 --- a/modules/home/programs/pkgs/default.nix +++ b/modules/home/programs/pkgs/default.nix @@ -92,7 +92,6 @@ in adwaita-icon-theme qt5.qtwayland qt6.qtwayland - wl-clipboard wpa_supplicant unrar material-icons diff --git a/modules/nixos/programs/niri/default.nix b/modules/nixos/programs/niri/default.nix index b10c6576..4a23d534 100644 --- a/modules/nixos/programs/niri/default.nix +++ b/modules/nixos/programs/niri/default.nix @@ -15,9 +15,17 @@ in }; config = mkIf cfg.enable { nixpkgs.overlays = [ inputs.niri.overlays.niri ]; - environment.systemPackages = with pkgs; [ - xwayland-satellite-unstable - ]; + environment = { + variables = { + NIXOS_OZONE_WL = "1"; + QT_WAYLAND_DISABLE_WINDOWDECORATION = "1"; + }; + systemPackages = with pkgs; [ + xwayland-satellite-unstable + wl-clipboard + wayland-utils + ]; + }; systemd.user.services.niri-flake-polkit.enable = false; programs.niri = { enable = true; diff --git a/modules/server/nextcloud/default.nix b/modules/server/nextcloud/default.nix new file mode 100644 index 00000000..4aa83ada --- /dev/null +++ b/modules/server/nextcloud/default.nix @@ -0,0 +1,138 @@ +{ + config, + pkgs, + lib, + ... +}: +let + unit = "nextcloud"; + cfg = config.server.${unit}; + srv = config.server; +in +{ + options.server.${unit} = { + enable = lib.mkEnableOption { + description = "Enable ${unit}"; + }; + adminUser = lib.mkOption { + type = lib.types.str; + default = "cnst"; + }; + adminPass = lib.mkOption { + type = lib.types.path; + }; + configDir = lib.mkOption { + type = lib.types.str; + default = "/var/lib/${unit}"; + }; + url = lib.mkOption { + type = lib.types.str; + default = "cloud.${srv.domain}"; + }; + homepage.name = lib.mkOption { + type = lib.types.str; + default = "Nextcloud"; + }; + homepage.description = lib.mkOption { + type = lib.types.str; + default = "A safe home for all your data"; + }; + homepage.icon = lib.mkOption { + type = lib.types.str; + default = "nextcloud.svg"; + }; + homepage.category = lib.mkOption { + type = lib.types.str; + default = "Services"; + }; + cloudflared = { + credentialsFile = lib.mkOption { + type = lib.types.str; + example = lib.literalExpression '' + pkgs.writeText "cloudflare-credentials.json" ''' + {"AccountTag":"secret"."TunnelSecret":"secret","TunnelID":"secret"} + ''' + ''; + }; + tunnelId = lib.mkOption { + type = lib.types.str; + example = "00000000-0000-0000-0000-000000000000"; + }; + }; + + }; + config = lib.mkIf cfg.enable { + server = { + postgresql.databases = [ + { + database = "nextcloud"; + } + ]; + fail2ban = lib.mkIf config.server.fail2ban.enable { + jails = { + nextcloud = { + serviceName = "phpfm-nextcloud"; + failRegex = "^.*Login failed:.*(Remote IP: ).*$"; + }; + }; + }; + }; + + services = { + cloudflared = { + enable = true; + tunnels.${cfg.cloudflared.tunnelId} = { + credentialsFile = cfg.cloudflared.credentialsFile; + default = "http_status:404"; + ingress."${cfg.url}".service = "http://127.0.0.1:8083"; + }; + }; + + ${unit} = { + enable = true; + package = pkgs.nextcloud31; + hostName = "nextcloud"; + configureRedis = true; + caching = { + redis = true; + }; + maxUploadSize = "50G"; + settings = { + trusted_proxies = [ "127.0.0.1" ]; + overwriteprotocol = "https"; + overwritehost = "cloud.${srv.domain}"; + overwrite.cli.url = "https://cloud.${srv.domain}"; + mail_smtpmode = "sendmail"; + mail_sendmailmode = "pipe"; + user_oidc = { + allow_multiple_user_backends = 0; + }; + forwarded_for_headers = [ + "HTTP_CF_CONNECTING_IP" + ]; + enabledPreviewProviders = [ + "OC\\Preview\\BMP" + "OC\\Preview\\GIF" + "OC\\Preview\\JPEG" + "OC\\Preview\\Krita" + "OC\\Preview\\MarkDown" + "OC\\Preview\\MP3" + "OC\\Preview\\OpenDocument" + "OC\\Preview\\PNG" + "OC\\Preview\\TXT" + "OC\\Preview\\XBitmap" + "OC\\Preview\\HEIC" + ]; + }; + config = { + dbtype = "pgsql"; + dbuser = "nextcloud"; + dbhost = "/run/postgresql"; + dbname = "nextcloud"; + adminuser = cfg.adminUser; + adminpassFile = cfg.adminPass; + }; + }; + }; + }; +}