mirror of
https://github.com/anotherhadi/nixy.git
synced 2026-04-02 11:12:09 +02:00
Hadi
@@ -9,9 +9,10 @@
|
|||||||
../../nixos/tailscale.nix
|
../../nixos/tailscale.nix
|
||||||
|
|
||||||
../../server-modules/ssh.nix
|
../../server-modules/ssh.nix
|
||||||
# ../../server-modules/bitwarden.nix
|
../../server-modules/bitwarden.nix
|
||||||
../../server-modules/firewall.nix
|
../../server-modules/firewall.nix
|
||||||
../../server-modules/nginx.nix
|
../../server-modules/nginx.nix
|
||||||
|
../../server-modules/nextcloud.nix
|
||||||
|
|
||||||
# You should let those lines as is
|
# You should let those lines as is
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
|||||||
@@ -13,7 +13,8 @@
|
|||||||
path = "/home/hadi/.ssh/github";
|
path = "/home/hadi/.ssh/github";
|
||||||
mode = "0600";
|
mode = "0600";
|
||||||
};
|
};
|
||||||
# cloudflare-dns-token = { path = "/etc/cloudflare/dnskey.txt"; };
|
cloudflare-dns-token = { path = "/etc/cloudflare/dnskey.txt"; };
|
||||||
|
nextcloud-pwd = { path = "/etc/nextcloud/pwd.txt"; };
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,34 +1,26 @@
|
|||||||
{ config, ... }:
|
{ config, ... }:
|
||||||
let domain = "vault.hadi.diy";
|
let domain = "vault.hadi.diy";
|
||||||
in {
|
in {
|
||||||
services.vaultwarden = {
|
services = {
|
||||||
enable = true;
|
vaultwarden = {
|
||||||
config = {
|
enable = true;
|
||||||
DOMAIN = "https://" + domain;
|
config = {
|
||||||
SIGNUPS_ALLOWED = true;
|
DOMAIN = "https://" + domain;
|
||||||
ROCKET_ADDRESS = "127.0.0.1";
|
SIGNUPS_ALLOWED = true;
|
||||||
ROCKET_PORT = 8222;
|
ROCKET_ADDRESS = "127.0.0.1";
|
||||||
ROCKET_LOG = "critical";
|
ROCKET_PORT = 8222;
|
||||||
|
ROCKET_LOG = "critical";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
|
||||||
services.nginx.virtualHosts."${domain}" = {
|
nginx.virtualHosts."${domain}" = {
|
||||||
useACMEHost = "hadi.diy";
|
useACMEHost = "hadi.diy";
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:${
|
proxyPass = "http://127.0.0.1:${
|
||||||
toString config.services.vaultwarden.config.ROCKET_PORT
|
toString config.services.vaultwarden.config.ROCKET_PORT
|
||||||
}";
|
}";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme.certs."hadi.diy" = {
|
|
||||||
domain = "hadi.diy";
|
|
||||||
extraDomainNames = [ "*.hadi.diy" ];
|
|
||||||
group = "nginx";
|
|
||||||
|
|
||||||
dnsProvider = "cloudflare";
|
|
||||||
dnsPropagationCheck = true;
|
|
||||||
credentialsFile = config.sops.secrets.cloudflare-dns-token.path;
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|||||||
50
server-modules/nextcloud.nix
Normal file
50
server-modules/nextcloud.nix
Normal file
@@ -0,0 +1,50 @@
|
|||||||
|
{ pkgs, config, ... }:
|
||||||
|
let domain = "cloud.hadi.diy";
|
||||||
|
in {
|
||||||
|
services = {
|
||||||
|
nginx.virtualHosts = {
|
||||||
|
"${domain}" = {
|
||||||
|
# DNS-01 challenge
|
||||||
|
useACMEHost = "hadi.diy";
|
||||||
|
forceSSL = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
nextcloud = {
|
||||||
|
enable = true;
|
||||||
|
hostName = domain;
|
||||||
|
package = pkgs.nextcloud31;
|
||||||
|
database.createLocally = true;
|
||||||
|
configureRedis = true;
|
||||||
|
maxUploadSize = "16G";
|
||||||
|
https = true;
|
||||||
|
autoUpdateApps.enable = true;
|
||||||
|
settings = {
|
||||||
|
trusted_domains = [ domain ];
|
||||||
|
default_phone_region = "FR";
|
||||||
|
overwriteprotocol = "https";
|
||||||
|
};
|
||||||
|
extraAppsEnable = true;
|
||||||
|
extraApps = with config.services.nextcloud.package.packages.apps; {
|
||||||
|
# List of apps we want to install and are already packaged in
|
||||||
|
# https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
|
||||||
|
# inherit calendar contacts notes onlyoffice tasks cookbook qownnotesapi;
|
||||||
|
inherit cookbook;
|
||||||
|
# Custom app example.
|
||||||
|
# socialsharing_telegram = pkgs.fetchNextcloudApp rec {
|
||||||
|
# url =
|
||||||
|
# "https://github.com/nextcloud-releases/socialsharing/releases/download/v3.0.1/socialsharing_telegram-v3.0.1.tar.gz";
|
||||||
|
# license = "agpl3";
|
||||||
|
# sha256 = "sha256-8XyOslMmzxmX2QsVzYzIJKNw6rVWJ7uDhU1jaKJ0Q8k=";
|
||||||
|
# };
|
||||||
|
};
|
||||||
|
config = {
|
||||||
|
dbtype = "pgsql";
|
||||||
|
adminuser = "hadi";
|
||||||
|
adminpassFile = config.sops.secrets.nextcloud-pwd.path;
|
||||||
|
};
|
||||||
|
# Suggested by Nextcloud's health check.
|
||||||
|
phpOptions."opcache.interned_strings_buffer" = "16";
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
}
|
||||||
@@ -6,5 +6,16 @@
|
|||||||
defaults.email = config.var.git.email;
|
defaults.email = config.var.git.email;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
security.acme.certs."hadi.diy" = {
|
||||||
|
domain = "hadi.diy";
|
||||||
|
extraDomainNames = [ "*.hadi.diy" ];
|
||||||
|
group = "nginx";
|
||||||
|
|
||||||
|
dnsProvider = "cloudflare";
|
||||||
|
dnsPropagationCheck = true;
|
||||||
|
credentialsFile = config.sops.secrets.cloudflare-dns-token.path;
|
||||||
|
};
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
networking.firewall.allowedUDPPorts = [ 80 443 ];
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user