cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

feat(nextcloud): finishing touches and other chores

Browse Source
This commit is contained in:
cnst
2025-09-21 10:28:54 +02:00
parent c63daec95c
commit f861d363ca
7 changed files with 42 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
domainhash.txt Normal file
View File

@@ -0,0 +1 @@
9077b11e97e76528abc8

2
hosts/sobotka/server.nix
View File

@@ -15,7 +15,7 @@
unbound = { unbound = {
enable = true; enable = true;
}; };
caddy = { acme = {
enable = true; enable = true;
}; };
homepage-dashboard = { homepage-dashboard = {

5
hosts/ziggy/server.nix
View File

@@ -1,5 +1,4 @@
{ config, ... }: {config, ...}: {
{
server = { server = {
enable = true; enable = true;
email = "adam@cnst.dev"; email = "adam@cnst.dev";
@@ -12,7 +11,7 @@
unbound = { unbound = {
enable = true; enable = true;
}; };
caddy = { acme = {
enable = true; enable = true;
}; };
homepage-dashboard = { homepage-dashboard = {

2
modules/default.nix
View File

@@ -123,7 +123,7 @@
server = { server = {
imports = [ imports = [
./server ./server
./server/caddy ./server/acme
./server/fail2ban ./server/fail2ban
./server/homepage-dashboard ./server/homepage-dashboard
./server/nextcloud ./server/nextcloud

19
modules/server/caddy/default.nix → modules/server/acme/default.nix
View File

@@ -4,7 +4,7 @@
... ...
}: let }: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.server.caddy; cfg = config.server.acme;
getCloudflareCredentials = hostname: getCloudflareCredentials = hostname:
if hostname == "ziggy" if hostname == "ziggy"
@@ -14,7 +14,7 @@
else throw "Unknown hostname: ${hostname}"; else throw "Unknown hostname: ${hostname}";
in { in {
options = { options = {
server.caddy.enable = mkEnableOption "Enables caddy"; server.acme.enable = mkEnableOption "Enables ACME";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
networking.firewall = let networking.firewall = let
@@ -40,13 +40,13 @@ in {
environmentFile = getCloudflareCredentials config.networking.hostName; environmentFile = getCloudflareCredentials config.networking.hostName;
}; };
certs.${config.server.domainPublic} = { certs.${config.server.domainPublic} = {
reloadServices = ["caddy.service"]; reloadServices = ["nginx.service"];
domain = "${config.server.domainPublic}"; domain = "${config.server.domainPublic}";
extraDomainNames = ["*.${config.server.domainPublic}"]; extraDomainNames = ["*.${config.server.domainPublic}"];
dnsProvider = "cloudflare"; dnsProvider = "cloudflare";
dnsResolver = "1.1.1.1:53"; dnsResolver = "1.1.1.1:53";
dnsPropagationCheck = true; dnsPropagationCheck = true;
group = config.services.caddy.group; group = config.services.nginx.group;
environmentFile = getCloudflareCredentials config.networking.hostName; environmentFile = getCloudflareCredentials config.networking.hostName;
}; };
}; };
@@ -67,17 +67,6 @@ in {
redir https://{host}{uri} redir https://{host}{uri}
''; '';
}; };
"http://${config.server.domainPublic}" = {
extraConfig = ''
redir https://{host}{uri}
'';
};
"http://*.${config.server.domainPublic}" = {
extraConfig = ''
redir https://{host}{uri}
'';
};
}; };
}; };
}; };

12
modules/server/default.nix
View File

@@ -102,17 +102,5 @@ in {
]; ];
}; };
}; };
systemd.services.hd-idle = {
description = "External HD spin down daemon";
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "simple";
ExecStart = let
idleTime = toString 900;
hardDriveParameter = lib.strings.concatMapStringsSep " " (x: "-a ${x} -i ${idleTime}") hardDrives;
in "${pkgs.hd-idle}/bin/hd-idle -i 0 ${hardDriveParameter}";
};
};
}; };
} }

47
modules/server/nextcloud/default.nix
View File

@@ -57,12 +57,6 @@ in {
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.nginx.virtualHosts."nextcloud".listen = [
{
addr = "127.0.0.1";
port = 8083;
}
];
services.cloudflared = { services.cloudflared = {
enable = true; enable = true;
tunnels.${cfg.cloudflared.tunnelId} = { tunnels.${cfg.cloudflared.tunnelId} = {
@@ -89,22 +83,21 @@ in {
caching = { caching = {
redis = true; redis = true;
}; };
occ = { phpOptions = {
maintenance = "install"; "opcache.jit" = "tracing";
"opcache.jit_buffer_size" = "100M";
"opcache.interned_strings_buffer" = "16";
"opcache.max_accelerated_files" = "10000";
"opcache.memory_consumption" = "1280";
}; };
database.createLocally = true;
maxUploadSize = "50G"; maxUploadSize = "50G";
settings = { settings = {
maintenance_window_start = "1";
trusted_proxies = ["127.0.0.1"]; trusted_proxies = ["127.0.0.1"];
trusted_domains = ["cloud.${srv.domainPublic}" "192.168.88.14"]; trusted_domains = ["cloud.${srv.domainPublic}"];
overwriteprotocol = "https"; overwriteprotocol = "https";
overwritehost = "cloud.${srv.domainPublic}"; overwritehost = "cloud.${srv.domainPublic}";
overwrite.cli.url = "https://cloud.${srv.domainPublic}"; overwrite.cli.url = "https://cloud.${srv.domainPublic}";
# mail_smtpmode = "sendmail";
# mail_sendmailmode = "pipe";
# user_oidc = {
# allow_multiple_user_backends = 0;
# };
forwarded_for_headers = [ forwarded_for_headers = [
"HTTP_CF_CONNECTING_IP" "HTTP_CF_CONNECTING_IP"
]; ];
@@ -131,12 +124,32 @@ in {
adminpassFile = cfg.adminpassFile; adminpassFile = cfg.adminpassFile;
}; };
}; };
services.caddy.virtualHosts."${srv.domainPublic}" = { services = {
nginx = {
virtualHosts.nextcloud = {
useACMEHost = srv.domainPublic; useACMEHost = srv.domainPublic;
listen = [
{
addr = "127.0.0.1";
port = 8083;
}
];
extraConfig = '' extraConfig = ''
reverse_proxy http://127.0.0.1:8083 add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains;";
access_log /var/log/nginx/nextcloud.access.log;
error_log /var/log/nginx/nextcloud.error.log;
''; '';
}; };
};
};
server.postgresql.databases = [ server.postgresql.databases = [
{ {
database = "nextcloud"; database = "nextcloud";