fix

2025-11-16 19:22:39 -06:00
parent 2a77d233f9
commit 6dc81d0cbf
9 changed files with 375 additions and 140 deletions
--- a/modules/nixos/services/ai/default.nix
+++ b/modules/nixos/services/ai/default.nix
@@ -27,7 +27,7 @@ in
    };

    services.llama-cpp = {
-      enable = false;
+      enable = true;
      port = 8127;
      host = "0.0.0.0";
      openFirewall = true;
@@ -46,6 +46,7 @@ in

    services.open-webui = {
      enable = true;
+      package = pkgs.stable.open-webui;
      host = "0.0.0.0";
      port = 8888;
      openFirewall = true;
--- a/modules/nixos/services/nextcloud/default.nix
+++ b/modules/nixos/services/nextcloud/default.nix
@@ -1,155 +1,32 @@
 {
-  config,
  lib,
-  pkgs,
+  config,
  namespace,
  ...
 }:
 with lib;
 let
  cfg = config.${namespace}.services.nextcloud;
-
-  adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path;
-  secretsFile = config.sops.secrets."jallen-nas/nextcloud/smtp_settings".path;
-  jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path;
-  hostAddress = "10.0.1.3";
-  nextcloudPortExtHttp = 9988;
-  nextcloudPortExtHttps = 9943;
-  onlyofficePortExt = 9943;
 in
 {
  imports = [ ./options.nix ];

-  config = mkIf cfg.enable {
-    services.nginx.virtualHosts."cloud.mjallen.dev".listen = [
-      {
-        addr = "0.0.0.0";
-        port = nextcloudPortExtHttp;
-      }
+  virtualisation.oci-containers.containers."${cfg.name}" = {
+    autoStart = cfg.autoStart;
+    image = cfg.image;
+    ports = [
+      "${cfg.port}:443"
    ];
-
-    # Create required users and groups
-    users.users.nextcloud = {
-      isSystemUser = lib.mkForce true;
-      isNormalUser = lib.mkForce false;
-      group = "nextcloud";
-    };
-
-    users.groups = {
-      nextcloud = { };
-      downloads = { };
-    };
-
-    services = {
-      opencloud = {
-        enable = true;
-        url = "https://10.0.1.3:9988";
-        address = "0.0.0.0";
-        port = nextcloudPortExtHttp;
-        stateDir = "/media/nas/main/nix-app-data/opencloud";
-      };
-
-      onlyoffice = {
-        enable = false;
-        port = onlyofficePortExt;
-        hostname = "office.mjallen.dev";
-        jwtSecretFile = jwtSecretFile;
-      };
-
-      nextcloud = {
-        enable = false;
-        package = pkgs.nextcloud32;
-        home = "/media/nas/main/nix-app-data/nextcloud";
-        database.createLocally = true;
-        hostName = "cloud.mjallen.dev";
-        appstoreEnable = false;
-        caching.redis = true;
-        configureRedis = true;
-        enableImagemagick = true;
-        https = true;
-        secretFile = secretsFile;
-
-        extraApps = {
-          inherit (pkgs.nextcloud32Packages.apps)
-            # app_api
-            # bookmarks
-            mail
-            calendar
-            contacts
-            integration_openai
-            integration_paperless
-            # maps
-            # oidc_login
-            onlyoffice
-            previewgenerator
-            recognize
-            # richdocuments
-            user_oidc
-            ;
-
-          # inherit
-          #   nextcloudPhotos
-          #   nextcloudPdfViewer
-          #   nextcloudAssist
-          # ;
-        };
-
-        config = {
-          adminuser = "mjallen";
-          adminpassFile = adminpass;
-          dbhost = "localhost";
-          dbtype = "pgsql";
-          dbname = "nextcloud";
-          dbuser = "nextcloud";
-        };
-        settings = {
-          log_type = "syslog";
-          syslog_tag = "nextcloud";
-          logfile = "";
-          loglevel = 3;
-          allow_local_remote_servers = true;
-          upgrade.disable-web = false;
-          datadirectory = "/media/nas/main/nextcloud";
-          trusted_domains = [
-            "${hostAddress}:${toString nextcloudPortExtHttp}"
-            "${hostAddress}:${toString nextcloudPortExtHttps}"
-            # "${localAddress}:80"
-            # "${localAddress}:8080"
-            # "${localAddress}:443"
-            "cloud.mjallen.dev"
-          ];
-          opcache.interned_strings_buffer = 16;
-          trusted_proxies = [ hostAddress ];
-          maintenance_window_start = 6;
-          default_phone_region = "US";
-          enable_previews = true;
-          enabledPreviewProviders = [
-            "OC\\Preview\\PNG"
-            "OC\\Preview\\JPEG"
-            "OC\\Preview\\GIF"
-            "OC\\Preview\\BMP"
-            "OC\\Preview\\XBitmap"
-            "OC\\Preview\\MP3"
-            "OC\\Preview\\TXT"
-            "OC\\Preview\\MarkDown"
-            "OC\\Preview\\OpenDocument"
-            "OC\\Preview\\Krita"
-            "OC\\Preview\\HEIC"
-            "OC\\Preview\\Movie"
-            "OC\\Preview\\MSOffice2003"
-            "OC\\Preview\\MSOffice2007"
-            "OC\\Preview\\MSOfficeDoc"
-          ];
-          installed = true;
-          user_oidc = {
-            auto_provision = false;
-            soft_auto_provision = false;
-            allow_multiple_user_backends = false; # auto redirect to authentik for login
-          };
-
-          social_login_auto_redirect = true;
-        };
-      };
+    volumes = [
+      "${cfg.configPath}:/config"
+      "${cfg.dataPath}:/data"
+      "/run/postgresql:/run/postgresql"
+    ];
+    environmentFiles = [ ];
+    environment = {
+      PUID = cfg.puid;
+      PGID = cfg.pgid;
+      TZ = cfg.timeZone;
    };
  };
 }
--- a/modules/nixos/services/nextcloud/default.nix.bak
+++ b/modules/nixos/services/nextcloud/default.nix.bak
@@ -0,0 +1,167 @@
+{
+  config,
+  lib,
+  pkgs,
+  namespace,
+  ...
+}:
+with lib;
+let
+  cfg = config.${namespace}.services.nextcloud;
+
+  adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path;
+  secretsFile = config.sops.secrets."jallen-nas/nextcloud/smtp_settings".path;
+  jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path;
+  nextcloudUserId = config.users.users.nix-apps.uid;
+  nextcloudGroupId = config.users.groups.jallen-nas.gid;
+  hostAddress = "10.0.1.3";
+  nextcloudPortExtHttp = 9988;
+  nextcloudPortExtHttps = 9943;
+  onlyofficePortExt = 9943;
+
+  nextcloudPhotos = pkgs.${namespace}.nextcloud-app-photos;
+  nextcloudPdfViewer = pkgs.${namespace}.nextcloud-app-pdfviewer;
+  nextcloudAssist = pkgs.${namespace}.nextcloud-app-assistant;
+in
+{
+  imports = [ ./options.nix ];
+
+  config = mkIf cfg.enable {
+    services.nginx.virtualHosts."cloud.mjallen.dev".listen = [ { addr = "0.0.0.0"; port = nextcloudPortExtHttp; } ];
+
+    # Create required users and groups
+    users.users.nextcloud = {
+      isSystemUser = lib.mkForce true;
+      isNormalUser = lib.mkForce false;
+      group = "nextcloud";
+    };
+
+    users.groups = {
+      nextcloud = { };
+      downloads = { };
+    };
+
+    services = {
+
+      ocis = {
+        enable = false;
+        configDir = "/media/nas/main/nix-app-data/ocis";
+        address = "0.0.0.0";
+        port = 9988;
+        environment = {
+            OCIS_URL = "https://localhost:9200";
+        };
+      };
+    
+      opencloud = {
+        enable = false;
+        url = "https://10.0.1.3:9988";
+        address = "0.0.0.0";
+        port = nextcloudPortExtHttp;
+        stateDir = "/media/nas/main/nix-app-data/opencloud";
+      };
+
+      onlyoffice = {
+        enable = false;
+        port = onlyofficePortExt;
+        hostname = "office.mjallen.dev";
+        jwtSecretFile = jwtSecretFile;
+      };
+
+      nextcloud = {
+        enable = true;
+        package = pkgs.nextcloud32;
+        home = "/media/nas/main/nix-app-data/nextcloud";
+        database.createLocally = true;
+        hostName = "cloud.mjallen.dev";
+        appstoreEnable = false;
+        caching.redis = true;
+        configureRedis = true;
+        enableImagemagick = true;
+        https = true;
+        secretFile = secretsFile;
+
+        extraApps = {
+          inherit (pkgs.nextcloud32Packages.apps)
+            # app_api
+            # bookmarks
+            mail
+            calendar
+            contacts
+            integration_openai
+            integration_paperless
+            # maps
+            # oidc_login
+            onlyoffice
+            previewgenerator
+            # recognize
+            # richdocuments
+            user_oidc
+            ;
+
+          # inherit
+          #   nextcloudPhotos
+          #   nextcloudPdfViewer
+          #   nextcloudAssist
+            # ;
+        };
+
+        config = {
+          adminuser = "mjallen";
+          adminpassFile = adminpass;
+          dbhost = "localhost";
+          dbtype = "pgsql";
+          dbname = "nextcloud";
+          dbuser = "nextcloud";
+        };
+        settings = {
+          log_type = "syslog";
+          syslog_tag = "nextcloud";
+          logfile = "";
+          loglevel = 3;
+          allow_local_remote_servers = true;
+          upgrade.disable-web = false;
+          datadirectory = "/media/nas/main/nextcloud";
+          trusted_domains = [
+            "${hostAddress}:${toString nextcloudPortExtHttp}"
+            "${hostAddress}:${toString nextcloudPortExtHttps}"
+            # "${localAddress}:80"
+            # "${localAddress}:8080"
+            # "${localAddress}:443"
+            "cloud.mjallen.dev"
+          ];
+          opcache.interned_strings_buffer = 16;
+          trusted_proxies = [ hostAddress ];
+          maintenance_window_start = 6;
+          default_phone_region = "US";
+          enable_previews = true;
+          enabledPreviewProviders = [
+            "OC\\Preview\\PNG"
+            "OC\\Preview\\JPEG"
+            "OC\\Preview\\GIF"
+            "OC\\Preview\\BMP"
+            "OC\\Preview\\XBitmap"
+            "OC\\Preview\\MP3"
+            "OC\\Preview\\TXT"
+            "OC\\Preview\\MarkDown"
+            "OC\\Preview\\OpenDocument"
+            "OC\\Preview\\Krita"
+            "OC\\Preview\\HEIC"
+            "OC\\Preview\\Movie"
+            "OC\\Preview\\MSOffice2003"
+            "OC\\Preview\\MSOffice2007"
+            "OC\\Preview\\MSOfficeDoc"
+          ];
+          installed = false;
+          user_oidc = {
+            auto_provision = false;
+            soft_auto_provision = false;
+            allow_multiple_user_backends = false; # auto redirect to authentik for login
+          };
+
+          social_login_auto_redirect = true;
+        };
+      };
+    };
+  };
+}
--- a/modules/nixos/services/nextcloud/options.nix
+++ b/modules/nixos/services/nextcloud/options.nix
@@ -1,7 +1,28 @@
 { lib, namespace, ... }:
 with lib;
+let
+  inherit (lib.${namespace}) mkOpt mkBoolOpt;
+in
 {
  options.${namespace}.services.nextcloud = {
    enable = mkEnableOption "enable nextcloud";
+
+    autoStart = mkBoolOpt true "autostart container";
+
+    port = mkOpt types.str "9988" "https port";
+
+    name = mkOpt types.str "nextcloud" "container name";
+
+    image = mkOpt types.str "lscr.io/linuxserver/nextcloud" "";
+
+    configPath = mkOpt types.str "/media/nas/main/nix-app-data/nextcloud/config" "";
+
+    dataPath = mkOpt types.str "/media/nas/main/nextcloud" "";
+
+    puid = mkOpt types.str "911" "puid";
+
+    pgid = mkOpt types.str "1000" "pgid";
+
+    timeZone = mkOpt types.str "America/Chicago" "container tz";
  };
 }
--- a/modules/nixos/services/onlyoffice/default.nix
+++ b/modules/nixos/services/onlyoffice/default.nix
@@ -0,0 +1,27 @@
+{
+  config,
+  lib,
+  namespace,
+  ...
+}:
+let
+
+  cfg = config.${namespace}.services.onlyoffice;
+
+  jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path;
+in
+{
+  options.${namespace}.services.onlyoffice = {
+    enable = lib.mkEnableOption "";
+  };
+
+  config = lib.mkIf cfg.enable {
+    #services.nginx.virtualHosts."office.mjallen.dev".listen = [ { addr = "0.0.0.0"; port = 9943; } ];
+    services.onlyoffice = {
+      enable = true;
+      port = 9943;
+      hostname = "office.mjallen.dev";
+      jwtSecretFile = jwtSecretFile;
+    };
+  };
+}
--- a/modules/nixos/services/owncloud/default.nix
+++ b/modules/nixos/services/owncloud/default.nix
@@ -0,0 +1,85 @@
+{
+  lib,
+  config,
+  namespace,
+  ...
+}:
+with lib;
+let
+  cfg = config.${namespace}.services.ocis;
+in
+{
+  options.${namespace}.services.ocis = {
+    enable = mkEnableOption "ownCloud Infinite Scale docker service";
+
+    autoStart = mkOption {
+      type = types.bool;
+      default = true;
+    };
+
+    httpPort = mkOption {
+      type = types.str;
+      default = "9988";
+    };
+
+    name = mkOption {
+      type = types.str;
+      default = "ocis";
+    };
+
+    image = mkOption {
+      type = types.str;
+      default = "owncloud/ocis";
+    };
+
+    dataPath = mkOption {
+      type = types.str;
+      default = "/media/nas/main/ocis";
+    };
+
+    configPath = mkOption {
+      type = types.str;
+      default = "/media/nas/main/nix-app-data/ocis";
+    };
+
+    puid = mkOption {
+      type = types.str;
+      default = "911";
+    };
+
+    pgid = mkOption {
+      type = types.str;
+      default = "1000";
+    };
+
+    timeZone = mkOption {
+      type = types.str;
+      default = "America/Chicago";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    virtualisation.oci-containers.containers."${cfg.name}" = {
+      autoStart = cfg.autoStart;
+      image = cfg.image;
+      ports = [ "${cfg.httpPort}:9200" ];
+      volumes = [
+        "${cfg.configPath}:/etc/ocis"
+        "${cfg.dataPath}:/var/lib/ocis"
+      ];
+      environmentFiles = [ ];
+      environment = {
+        OCIS_INSECURE = "true";
+        PROXY_HTTP_ADDR = "0.0.0.0:9200";
+        OCIS_URL = "https://10.0.1.3:9988";
+        OCIS_ADMIN_PASSWORD = "BogieDudie1";
+        OCIS_LDAP_BIND_PASSWORD = "BogieDudie1";
+        PROXY_OIDC_CLIENT_SECRET = "BogieDudie1";
+        IDM_ADMIN_PASSWORD = "BogieDudie1";
+        PUID = cfg.puid;
+        PGID = cfg.pgid;
+        TZ = cfg.timeZone;
+      };
+    };
+  };
+}
--- a/modules/nixos/services/owncloud/options.nix
+++ b/modules/nixos/services/owncloud/options.nix
@@ -0,0 +1,47 @@
+{ lib, namespace, ... }:
+with lib;
+{
+  options.${namespace}.services.free-games-claimer = {
+    enable = mkEnableOption "free-games-claimer docker service";
+
+    autoStart = mkOption {
+      type = types.bool;
+      default = true;
+    };
+
+    httpPort = mkOption {
+      type = types.str;
+      default = "6080";
+    };
+
+    name = mkOption {
+      type = types.str;
+      default = "free-games-claimer";
+    };
+
+    image = mkOption {
+      type = types.str;
+      default = "ghcr.io/vogler/free-games-claimer";
+    };
+
+    dataPath = mkOption {
+      type = types.str;
+      default = "/media/nas/main/nix-app-data/free-games-claimer";
+    };
+
+    puid = mkOption {
+      type = types.str;
+      default = "911";
+    };
+
+    pgid = mkOption {
+      type = types.str;
+      default = "1000";
+    };
+
+    timeZone = mkOption {
+      type = types.str;
+      default = "America/Chicago";
+    };
+  };
+}
--- a/systems/x86_64-linux/jallen-nas/apps.nix
+++ b/systems/x86_64-linux/jallen-nas/apps.nix
@@ -11,6 +11,7 @@
      };
      lubelogger.enable = true;
      nextcloud.enable = true;
+      onlyoffice.enable = true;
      ai.enable = true;
      paperless.enable = true;
      traefik.enable = true;
@@ -32,6 +33,8 @@
        };
      };

+      ocis.enable = false;
+
      arrs = {
        enable = true;
        localAddress = "10.0.1.51";
--- a/systems/x86_64-linux/jallen-nas/default.nix
+++ b/systems/x86_64-linux/jallen-nas/default.nix
@@ -82,6 +82,12 @@ in
          group = "crowdsec";
          mode = "u=rwx,g=rwx,o=rx";
        }
+        {
+          directory = "/var/lib/nextcloud";
+          user = "nextcloud";
+          group = "nextcloud";
+          mode = "u=rwx,g=rwx,o=rx";
+        }
        {
          directory = "/plugins-storage";
          user = "traefik";
@@ -150,6 +156,7 @@ in
          5432
          3001
          3333
+          5201 # iperf
        ];
        allowedUDPPorts = config.${namespace}.network.firewall.allowedTCPPorts;
      };