Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nextcloud

Browse Source
This commit is contained in:
blaknull
2024-11-12 09:10:04 -06:00
parent f1a1e11992
commit 6f9706d8f2
9 changed files with 119 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
flake.lock generated
View File

@@ -274,11 +274,11 @@
"locked": { "locked": {
"lastModified": 1, "lastModified": 1,
"narHash": "sha256-sdsD7OzeWyBdSRpf90GeDM/xCoNIdAVh1OsPnqLdlkU=", "narHash": "sha256-sdsD7OzeWyBdSRpf90GeDM/xCoNIdAVh1OsPnqLdlkU=",
"path": "/nix/store/qzwsi8yafmx6fwb6pkj8mnv09jxpmq10-source/external", "path": "/nix/store/fzn4is98a0rrszcmm6vgz4f4j31sby2v-source/external",
"type": "path" "type": "path"
}, },
"original": { "original": {
"path": "/nix/store/qzwsi8yafmx6fwb6pkj8mnv09jxpmq10-source/external", "path": "/nix/store/fzn4is98a0rrszcmm6vgz4f4j31sby2v-source/external",
"type": "path" "type": "path"
} }
}, },
@@ -1384,12 +1384,12 @@
}, },
"locked": { "locked": {
"lastModified": 1, "lastModified": 1,
"narHash": "sha256-swUtIf1jN3XSE4xExChj4M5rBWCSs08qqxXsJu1tZYs=", "narHash": "sha256-mrfMvef+tOYMK35horTWF43tQpES1zI7hb5RbzN3oIk=",
"path": "/nix/store/3nayfrr03wsxjgyamh8g8p96ixdvmd73-source/home-manager", "path": "/nix/store/i9xr2hp5qs0ds8alz0r0b1vjzgxgf2vs-source/home-manager",
"type": "path" "type": "path"
}, },
"original": { "original": {
"path": "/nix/store/3nayfrr03wsxjgyamh8g8p96ixdvmd73-source/home-manager", "path": "/nix/store/i9xr2hp5qs0ds8alz0r0b1vjzgxgf2vs-source/home-manager",
"type": "path" "type": "path"
} }
}, },
@@ -1946,12 +1946,12 @@
}, },
"locked": { "locked": {
"lastModified": 1, "lastModified": 1,
"narHash": "sha256-c5NG8DPgBUepMNi5yxYaIBPVUpgWseGBgfbIsdZtuD4=", "narHash": "sha256-bdsn3cBMySV5RHcYNRe3gp7PWEv6Y8dg9EgLUQU+1os=",
"path": "/nix/store/kxnjw6wlqhd0hx55p09q934dss8kibqy-source/packages", "path": "/nix/store/nbdr1yhyl2hy67anrvpfjp377anrd38q-source/packages",
"type": "path" "type": "path"
}, },
"original": { "original": {
"path": "/nix/store/kxnjw6wlqhd0hx55p09q934dss8kibqy-source/packages", "path": "/nix/store/nbdr1yhyl2hy67anrvpfjp377anrd38q-source/packages",
"type": "path" "type": "path"
} }
}, },
@@ -2051,11 +2051,11 @@
"locked": { "locked": {
"lastModified": 1, "lastModified": 1,
"narHash": "sha256-5gepalTSnDyC1WW11Gp75FAPeex5V9M0xOUn9amViyw=", "narHash": "sha256-5gepalTSnDyC1WW11Gp75FAPeex5V9M0xOUn9amViyw=",
"path": "/nix/store/kxnjw6wlqhd0hx55p09q934dss8kibqy-source/programs", "path": "/nix/store/nbdr1yhyl2hy67anrvpfjp377anrd38q-source/programs",
"type": "path" "type": "path"
}, },
"original": { "original": {
"path": "/nix/store/kxnjw6wlqhd0hx55p09q934dss8kibqy-source/programs", "path": "/nix/store/nbdr1yhyl2hy67anrvpfjp377anrd38q-source/programs",
"type": "path" "type": "path"
} }
}, },
@@ -2066,11 +2066,11 @@
"locked": { "locked": {
"lastModified": 1, "lastModified": 1,
"narHash": "sha256-HAuZ9X84fuwUcit6NWUoJCjHj+29nST/YN6Rs8JQugY=", "narHash": "sha256-HAuZ9X84fuwUcit6NWUoJCjHj+29nST/YN6Rs8JQugY=",
"path": "/nix/store/cys6k1rm3riwhaiwf0fx7jvfq4dm0yn5-source/programs", "path": "/nix/store/bj77knasy2hbj35s703i2wb6kb8a53np-source/programs",
"type": "path" "type": "path"
}, },
"original": { "original": {
"path": "/nix/store/cys6k1rm3riwhaiwf0fx7jvfq4dm0yn5-source/programs", "path": "/nix/store/bj77knasy2hbj35s703i2wb6kb8a53np-source/programs",
"type": "path" "type": "path"
} }
}, },
@@ -2142,11 +2142,11 @@
"locked": { "locked": {
"lastModified": 1, "lastModified": 1,
"narHash": "sha256-0Ztx5DVQ2I7hvCK/qjGa4XTdRgbzM8rhf19m0al8lVM=", "narHash": "sha256-0Ztx5DVQ2I7hvCK/qjGa4XTdRgbzM8rhf19m0al8lVM=",
"path": "/nix/store/cys6k1rm3riwhaiwf0fx7jvfq4dm0yn5-source/services/sddm", "path": "/nix/store/bj77knasy2hbj35s703i2wb6kb8a53np-source/services/sddm",
"type": "path" "type": "path"
}, },
"original": { "original": {
"path": "/nix/store/cys6k1rm3riwhaiwf0fx7jvfq4dm0yn5-source/services/sddm", "path": "/nix/store/bj77knasy2hbj35s703i2wb6kb8a53np-source/services/sddm",
"type": "path" "type": "path"
} }
}, },
@@ -2213,12 +2213,12 @@
}, },
"locked": { "locked": {
"lastModified": 1, "lastModified": 1,
"narHash": "sha256-+lpkyF/b2w9P0vWDZdkv42PIlOxICLWdCms+U9HkH+4=", "narHash": "sha256-CvWcEd6AhbWJueaGBWuloqDST+vGH1vCb2YIdN1r6ys=",
"path": "/nix/store/3nayfrr03wsxjgyamh8g8p96ixdvmd73-source/system-config", "path": "/nix/store/i9xr2hp5qs0ds8alz0r0b1vjzgxgf2vs-source/system-config",
"type": "path" "type": "path"
}, },
"original": { "original": {
"path": "/nix/store/3nayfrr03wsxjgyamh8g8p96ixdvmd73-source/system-config", "path": "/nix/store/i9xr2hp5qs0ds8alz0r0b1vjzgxgf2vs-source/system-config",
"type": "path" "type": "path"
} }
}, },

1
home-manager/packages/default.nix
View File

@@ -52,6 +52,7 @@
cava cava
android-tools android-tools
neovim-remote neovim-remote
handbrake
(pkgs.python311.withPackages pypkgs) (pkgs.python311.withPackages pypkgs)

12
system-config/configuration/homebox/default.nix
View File

@@ -88,9 +88,9 @@
networking = { networking = {
hostName = "homebox"; hostName = "homebox";
nameservers = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ]; nameservers = [ "127.0.0.1" ];
networkmanager.enable = true; networkmanager.enable = true;
firewall.allowedTCPPorts = [ 22 80 443 9000 ]; firewall.allowedTCPPorts = [ 22 80 443 9000 8080 ];
hosts = { hosts = {
"192.168.100.11" = [ "blunkall.us" "*.blunkall.us" "*.local.blunkall.us" ]; "192.168.100.11" = [ "blunkall.us" "*.blunkall.us" "*.local.blunkall.us" ];
}; };
@@ -191,7 +191,13 @@
"authentik/pass" = {}; "authentik/pass" = {};
"authentik/secret_key" = {}; "authentik/secret_key" = {};
"pihole/pass" = {}; "pihole/pass" = {};
"gitlab/db_pass" = {};
"gitlab/root_pass" = {};
"nextcloud/pass" = {};
}; };
}; };
@@ -251,6 +257,8 @@
pihole.enable = true; pihole.enable = true;
nextcloud.enable = true;
gitlab.enable = false; gitlab.enable = false;
}; };
}; };

9
system-config/configuration/homebox/secrets/secrets.yaml
View File

@@ -5,6 +5,11 @@ authentik:
secret_key: ENC[AES256_GCM,data:tIWDGtB/z7Ysizz9FPQJe2EeSTAxDPkeHJnaDfytDvbqvRaiCgg7qGpEF6hAQFdZ,iv:gloup5aI0qY+SYJt8V6lvUdE+18IWH09BXtz8dRi6JE=,tag:vFwF9h1Rsa/X1bjvdSRSfQ==,type:str] secret_key: ENC[AES256_GCM,data:tIWDGtB/z7Ysizz9FPQJe2EeSTAxDPkeHJnaDfytDvbqvRaiCgg7qGpEF6hAQFdZ,iv:gloup5aI0qY+SYJt8V6lvUdE+18IWH09BXtz8dRi6JE=,tag:vFwF9h1Rsa/X1bjvdSRSfQ==,type:str]
pihole: pihole:
pass: ENC[AES256_GCM,data:hintZA==,iv:HA5K8mHYlLtf5s8iaLI/QRolYgcKwG8DWCH+LXnWI4k=,tag:DlnXxG0n9dBVpk2kILlPKg==,type:str] pass: ENC[AES256_GCM,data:hintZA==,iv:HA5K8mHYlLtf5s8iaLI/QRolYgcKwG8DWCH+LXnWI4k=,tag:DlnXxG0n9dBVpk2kILlPKg==,type:str]
gitlab:
db_pass: ""
root_pass: ""
nextcloud:
pass: ENC[AES256_GCM,data:U/VI/uHDT1a5O4iAHUVwsz/h,iv:W0hAXBddFKhXmDWHpCB2JhjPPTEGer7721WtIRxg4Zo=,tag:OE4wzibNaaXsbfFuk0dwTA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@@ -20,8 +25,8 @@ sops:
S0NMRGJSeks0Q0UrVnZmUVdyU2NqVm8KLu2kQpD1fJdU0fTdR9A2cTQzRp+waJ6M S0NMRGJSeks0Q0UrVnZmUVdyU2NqVm8KLu2kQpD1fJdU0fTdR9A2cTQzRp+waJ6M
8vA+E8xYb2U4d7m0YnwKkGzw0CBPb0BvdEgvWvqpFViftoDwRv5KGA== 8vA+E8xYb2U4d7m0YnwKkGzw0CBPb0BvdEgvWvqpFViftoDwRv5KGA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-11T17:49:35Z" lastmodified: "2024-11-12T14:28:49Z"
mac: ENC[AES256_GCM,data:sjv2jD36o02RWeuDcEnUbUGRiAVvH/Gv+TJw9sIydaMT3uSJklRZ3pct71NZQerxi0WLJLimjLJMJQjL65VzrCzA8oU1KT3cawUo1val3/9OUxcrFln9EOdm3569X4/iU+44cAn8Tz68kO2Cq4BxtyESMEpTv4WdKSCnAydZmTg=,iv:u7EHrQ4GfXIRzb0f0YN9a8J1HLEoHPNA7/mb2dh3hR4=,tag:PQOAqCF8fyjd26qsesC3gw==,type:str] mac: ENC[AES256_GCM,data:fXVSjqESPAREM5Iz3ZXS9stkYrXTeO4PR0lZuf8baR8OA9P07sQcPtq2parKL8RlALLcrdi3uqDJhv0Zw7mVwvnvzlgKsLssiz4U/N4zzIhwNXGvXccwKF4IEJD48/wRz31S87haIu0N8LHrV3LS++eZLnbWaqtVzuT39WxGUww=,iv:0QqLBKm3T+wCFgjFedViaCYBgBRKUkabqW6sv1OBSQE=,tag:ovUkgubwRfZnc94Ss4G2tA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

2
system-config/services/containers/default.nix
View File

@@ -3,10 +3,10 @@
imports = [ imports = [
./gitlab ./gitlab
./traefik ./traefik
# ./authentik-nix
./authentik ./authentik
./nginx ./nginx
./jellyfin ./jellyfin
./pihole ./pihole
./nextcloud
]; ];
} }

2
system-config/services/containers/gitlab/default.nix
View File

@@ -12,7 +12,7 @@
autoStart = true; autoStart = true;
privateNetwork = true; privateNetwork = true;
hostAddress = "192.168.100.10"; hostAddress = "192.168.100.10";
localAddress = "192.168.100."; localAddress = "192.168.100.16";
bindMounts = { bindMounts = {
"/etc/gitlab/data" = { "/etc/gitlab/data" = {
hostPath = "/ssd1/Gitlab/data"; hostPath = "/ssd1/Gitlab/data";

52
system-config/services/containers/nextcloud/default.nix Normal file
View File

@@ -0,0 +1,52 @@
{ config, lib, pkgs, ... }: {
options.sysconfig.opts.virtualization.nextcloud.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.opts.virtualization.nextcloud.enable {
sops.templates."nextcloud_pass.txt" = {
content = ''
${config.sops.placeholder."nextcloud/pass"}
'';
path = "/ssd1/Nextcloud/nextcloud_pass.txt";
};
containers.nextcloud = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.16";
bindMounts = {
"/var/lib/nextcloud" = {
hostPath = "/ssd1/Nextcloud";
isReadOnly = false;
};
};
config = {
services.nextcloud = {
enable = true;
package = pkgs.nextcloud30;
hostName = "localhost";
config.adminPassFile = "/var/lib/nextcloud/nextcloud_pass.txt";
dataDir = "/var/lib/nextcloud/data";
home = "/var/lib/nextcloud/nextcloud_home";
https = true;
maxUploadSize = "5G";
settings = {
overwriteprotocol = "https";
};
};
};
};
};
}

56
system-config/services/containers/pihole/default.nix
View File

@@ -25,61 +25,5 @@
${pkgs.docker-compose}/bin/docker-compose up ${pkgs.docker-compose}/bin/docker-compose up
''; '';
}; };
containers.unbound = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.15";
config = {
services.unbound = {
enable = true;
settings = {
server = {
interface = [ "127.0.0.1" ];
port = 5335;
do-ipv4 = "yes";
do-udp = "yes";
do-tcp = "yes";
do-ipv6 = "no";
perfer-ipv6 = "no";
harden-glue = "yes";
harden-dnssec-stripped = "yes";
use-caps-for-id = "no";
edns-buffer-size = 1232;
prefetch = "yes";
num-threads = 1;
so-rcvbuf = "1m";
private-address = [
"192.168.0.0/16"
"169.254.0.0/16"
"172.16.0.0/12"
"10.0.0.0/8"
"fd00::/8"
"fe80::/10"
];
};
};
};
};
};
}; };
} }

70
system-config/services/containers/traefik/default.nix
View File

@@ -55,7 +55,6 @@
serversTransport.insecureSkipVerify = true; serversTransport.insecureSkipVerify = true;
api = { api = {
dashboard = true; dashboard = true;
insecure = true;
debug = true; debug = true;
}; };
global = { global = {
@@ -91,7 +90,7 @@
certResolver = "cloudflare"; certResolver = "cloudflare";
domains = { domains = {
main = "blunkall.us"; main = "blunkall.us";
sans = [ "*.blunkall.us" "blunkall.us" ]; sans = [ "*.local.blunkall.us" "*.blunkall.us" "blunkall.us" ];
}; };
}; };
}; };
@@ -132,68 +131,45 @@
middlewares = [ middlewares = [
"authentik" "authentik"
]; ];
/*tls = {
certResolver = "cloudflare";
domains = {
main = "blunkall.us";
sans = [ "*.blunkall.us" ];
};
};*/
}; };
jellyfin = { jellyfin = {
entryPoints = [ "localsecure" "websecure" ]; entryPoints = [ "localsecure" "websecure" ];
rule = "Host(`jellyfin.blunkall.us`)"; rule = "Host(`jellyfin.blunkall.us`)";
service = "jellyfin"; service = "jellyfin";
/*middlewares = [
"authentik"
];*/
/*tls = {
certResolver = "cloudflare";
domains = {
main = "blunkall.us";
sans = [ "*.blunkall.us" ];
};
};*/
}; };
auth = { auth = {
entryPoints = [ "localsecure" "websecure" ]; entryPoints = [ "localsecure" "websecure" ];
rule = "Host(`auth.blunkall.us`)"; rule = "Host(`auth.blunkall.us`)";
service = "authentik"; service = "authentik";
/*tls = {
certResolver = "cloudflare";
domains = {
main = "blunkall.us";
sans = [ "*.blunkall.us" ];
};
};*/
}; };
/*gitlab = { /*gitlab = {
entryPoints = [ "localsecure" "websecure" ]; entryPoints = [ "localsecure" "websecure" ];
rule = "Host(`gitlab.blunkall.us`)"; rule = "Host(`gitlab.blunkall.us`)";
service = "gitlab"; service = "gitlab";
tls = {
certResolver = "cloudflare";
domains = {
main = "blunkall.us";
sans = [ "*.blunkall.us" "*.local.blunkall.us" ];
};
};
};*/ };*/
/*local = { nextcloud = {
entryPoints = [ "localsecure" "websecure" ];
rule = "Host(`nextcloud.blunkall.us`)";
service = "nextcloud";
middlewares = [
"nextcloud_redirectregex"
];
};
traefik = {
entryPoints = [ "localsecure" ]; entryPoints = [ "localsecure" ];
rule = "Host(`traefik.local.blunkall.us`)"; rule = "Host(`traefik.local.blunkall.us`)";
service = "dashboard@internal"; service = "api@internal";
tls = {
certResolver = "cloudflare";
domains = {
main = "blunkall.us";
sans = [ "*.blunkall.us" "*.local.blunkall.us" ];
}; };
pihole = {
entryPoints = [ "localsecure" ];
rule = "Host(`pihole.local.blunkall.us`)";
service = "pihole";
}; };
};*/
}; };
middlewares = { middlewares = {
@@ -214,6 +190,12 @@
"X-authentik-meta-version" "X-authentik-meta-version"
]; ];
}; };
nextcloud_redirectregex.redirectregex = {
permanent = true;
regex = "https://(.*)/.well-known/(?:card|cal)dav";
replacement = "https://$${1}/remote.php/dav";
};
}; };
services = { services = {
@@ -224,12 +206,16 @@
jellyfin.loadBalancer.servers = [ { url = "http://192.168.100.14:8096"; } ]; jellyfin.loadBalancer.servers = [ { url = "http://192.168.100.14:8096"; } ];
authentik.loadBalancer.servers = [ { url = "http://192.168.100.10:9000"; } ]; authentik.loadBalancer.servers = [ { url = "http://192.168.100.10:9000"; } ];
pihole.loadBalancer.servers = [ { url = "http://192.168.100.10:8080"; } ];
nextcloud.loadBalancer.servers = [ { url = "http://192.168.100.16:80"; } ];
}; };
}; };
}; };
}; };
networking.firewall.allowedTCPPorts = [ 80 443 9080 9443 8080 ]; networking.firewall.allowedTCPPorts = [ 80 443 9080 9443 ];
networking.firewall.allowedUDPPorts = [ 80 443 ]; networking.firewall.allowedUDPPorts = [ 80 443 ];
system.stateVersion = "24.05"; system.stateVersion = "24.05";