diff --git a/modules/nixos/services/ai/default.nix b/modules/nixos/services/ai/default.nix index d644088..6c31c94 100755 --- a/modules/nixos/services/ai/default.nix +++ b/modules/nixos/services/ai/default.nix @@ -27,7 +27,7 @@ in }; services.llama-cpp = { - enable = false; + enable = true; port = 8127; host = "0.0.0.0"; openFirewall = true; @@ -46,6 +46,7 @@ in services.open-webui = { enable = true; + package = pkgs.stable.open-webui; host = "0.0.0.0"; port = 8888; openFirewall = true; diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index 359289a..fe44e8e 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -1,155 +1,32 @@ { - config, lib, - pkgs, + config, namespace, ... }: with lib; let cfg = config.${namespace}.services.nextcloud; - - adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path; - secretsFile = config.sops.secrets."jallen-nas/nextcloud/smtp_settings".path; - jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path; - hostAddress = "10.0.1.3"; - nextcloudPortExtHttp = 9988; - nextcloudPortExtHttps = 9943; - onlyofficePortExt = 9943; in { imports = [ ./options.nix ]; - config = mkIf cfg.enable { - services.nginx.virtualHosts."cloud.mjallen.dev".listen = [ - { - addr = "0.0.0.0"; - port = nextcloudPortExtHttp; - } + virtualisation.oci-containers.containers."${cfg.name}" = { + autoStart = cfg.autoStart; + image = cfg.image; + ports = [ + "${cfg.port}:443" ]; - - # Create required users and groups - users.users.nextcloud = { - isSystemUser = lib.mkForce true; - isNormalUser = lib.mkForce false; - group = "nextcloud"; - }; - - users.groups = { - nextcloud = { }; - downloads = { }; - }; - - services = { - opencloud = { - enable = true; - url = "https://10.0.1.3:9988"; - address = "0.0.0.0"; - port = nextcloudPortExtHttp; - stateDir = "/media/nas/main/nix-app-data/opencloud"; - }; - - onlyoffice = { - enable = false; - port = onlyofficePortExt; - hostname = "office.mjallen.dev"; - jwtSecretFile = jwtSecretFile; - }; - - nextcloud = { - enable = false; - package = pkgs.nextcloud32; - home = "/media/nas/main/nix-app-data/nextcloud"; - database.createLocally = true; - hostName = "cloud.mjallen.dev"; - appstoreEnable = false; - caching.redis = true; - configureRedis = true; - enableImagemagick = true; - https = true; - secretFile = secretsFile; - - extraApps = { - inherit (pkgs.nextcloud32Packages.apps) - # app_api - # bookmarks - mail - calendar - contacts - integration_openai - integration_paperless - # maps - # oidc_login - onlyoffice - previewgenerator - recognize - # richdocuments - user_oidc - ; - - # inherit - # nextcloudPhotos - # nextcloudPdfViewer - # nextcloudAssist - # ; - }; - - config = { - adminuser = "mjallen"; - adminpassFile = adminpass; - dbhost = "localhost"; - dbtype = "pgsql"; - dbname = "nextcloud"; - dbuser = "nextcloud"; - }; - settings = { - log_type = "syslog"; - syslog_tag = "nextcloud"; - logfile = ""; - loglevel = 3; - allow_local_remote_servers = true; - upgrade.disable-web = false; - datadirectory = "/media/nas/main/nextcloud"; - trusted_domains = [ - "${hostAddress}:${toString nextcloudPortExtHttp}" - "${hostAddress}:${toString nextcloudPortExtHttps}" - # "${localAddress}:80" - # "${localAddress}:8080" - # "${localAddress}:443" - "cloud.mjallen.dev" - ]; - opcache.interned_strings_buffer = 16; - trusted_proxies = [ hostAddress ]; - maintenance_window_start = 6; - default_phone_region = "US"; - enable_previews = true; - enabledPreviewProviders = [ - "OC\\Preview\\PNG" - "OC\\Preview\\JPEG" - "OC\\Preview\\GIF" - "OC\\Preview\\BMP" - "OC\\Preview\\XBitmap" - "OC\\Preview\\MP3" - "OC\\Preview\\TXT" - "OC\\Preview\\MarkDown" - "OC\\Preview\\OpenDocument" - "OC\\Preview\\Krita" - "OC\\Preview\\HEIC" - "OC\\Preview\\Movie" - "OC\\Preview\\MSOffice2003" - "OC\\Preview\\MSOffice2007" - "OC\\Preview\\MSOfficeDoc" - ]; - installed = true; - user_oidc = { - auto_provision = false; - soft_auto_provision = false; - allow_multiple_user_backends = false; # auto redirect to authentik for login - }; - - social_login_auto_redirect = true; - }; - }; + volumes = [ + "${cfg.configPath}:/config" + "${cfg.dataPath}:/data" + "/run/postgresql:/run/postgresql" + ]; + environmentFiles = [ ]; + environment = { + PUID = cfg.puid; + PGID = cfg.pgid; + TZ = cfg.timeZone; }; }; } diff --git a/modules/nixos/services/nextcloud/default.nix.bak b/modules/nixos/services/nextcloud/default.nix.bak new file mode 100644 index 0000000..c16c900 --- /dev/null +++ b/modules/nixos/services/nextcloud/default.nix.bak @@ -0,0 +1,167 @@ +{ + config, + lib, + pkgs, + namespace, + ... +}: +with lib; +let + cfg = config.${namespace}.services.nextcloud; + + adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path; + secretsFile = config.sops.secrets."jallen-nas/nextcloud/smtp_settings".path; + jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path; + nextcloudUserId = config.users.users.nix-apps.uid; + nextcloudGroupId = config.users.groups.jallen-nas.gid; + hostAddress = "10.0.1.3"; + nextcloudPortExtHttp = 9988; + nextcloudPortExtHttps = 9943; + onlyofficePortExt = 9943; + + nextcloudPhotos = pkgs.${namespace}.nextcloud-app-photos; + nextcloudPdfViewer = pkgs.${namespace}.nextcloud-app-pdfviewer; + nextcloudAssist = pkgs.${namespace}.nextcloud-app-assistant; +in +{ + imports = [ ./options.nix ]; + + config = mkIf cfg.enable { + services.nginx.virtualHosts."cloud.mjallen.dev".listen = [ { addr = "0.0.0.0"; port = nextcloudPortExtHttp; } ]; + + # Create required users and groups + users.users.nextcloud = { + isSystemUser = lib.mkForce true; + isNormalUser = lib.mkForce false; + group = "nextcloud"; + }; + + users.groups = { + nextcloud = { }; + downloads = { }; + }; + + services = { + + ocis = { + enable = false; + configDir = "/media/nas/main/nix-app-data/ocis"; + address = "0.0.0.0"; + port = 9988; + environment = { + OCIS_URL = "https://localhost:9200"; + }; + }; + + opencloud = { + enable = false; + url = "https://10.0.1.3:9988"; + address = "0.0.0.0"; + port = nextcloudPortExtHttp; + stateDir = "/media/nas/main/nix-app-data/opencloud"; + }; + + onlyoffice = { + enable = false; + port = onlyofficePortExt; + hostname = "office.mjallen.dev"; + jwtSecretFile = jwtSecretFile; + }; + + nextcloud = { + enable = true; + package = pkgs.nextcloud32; + home = "/media/nas/main/nix-app-data/nextcloud"; + database.createLocally = true; + hostName = "cloud.mjallen.dev"; + appstoreEnable = false; + caching.redis = true; + configureRedis = true; + enableImagemagick = true; + https = true; + secretFile = secretsFile; + + extraApps = { + inherit (pkgs.nextcloud32Packages.apps) + # app_api + # bookmarks + mail + calendar + contacts + integration_openai + integration_paperless + # maps + # oidc_login + onlyoffice + previewgenerator + # recognize + # richdocuments + user_oidc + ; + + # inherit + # nextcloudPhotos + # nextcloudPdfViewer + # nextcloudAssist + # ; + }; + + config = { + adminuser = "mjallen"; + adminpassFile = adminpass; + dbhost = "localhost"; + dbtype = "pgsql"; + dbname = "nextcloud"; + dbuser = "nextcloud"; + }; + settings = { + log_type = "syslog"; + syslog_tag = "nextcloud"; + logfile = ""; + loglevel = 3; + allow_local_remote_servers = true; + upgrade.disable-web = false; + datadirectory = "/media/nas/main/nextcloud"; + trusted_domains = [ + "${hostAddress}:${toString nextcloudPortExtHttp}" + "${hostAddress}:${toString nextcloudPortExtHttps}" + # "${localAddress}:80" + # "${localAddress}:8080" + # "${localAddress}:443" + "cloud.mjallen.dev" + ]; + opcache.interned_strings_buffer = 16; + trusted_proxies = [ hostAddress ]; + maintenance_window_start = 6; + default_phone_region = "US"; + enable_previews = true; + enabledPreviewProviders = [ + "OC\\Preview\\PNG" + "OC\\Preview\\JPEG" + "OC\\Preview\\GIF" + "OC\\Preview\\BMP" + "OC\\Preview\\XBitmap" + "OC\\Preview\\MP3" + "OC\\Preview\\TXT" + "OC\\Preview\\MarkDown" + "OC\\Preview\\OpenDocument" + "OC\\Preview\\Krita" + "OC\\Preview\\HEIC" + "OC\\Preview\\Movie" + "OC\\Preview\\MSOffice2003" + "OC\\Preview\\MSOffice2007" + "OC\\Preview\\MSOfficeDoc" + ]; + installed = false; + user_oidc = { + auto_provision = false; + soft_auto_provision = false; + allow_multiple_user_backends = false; # auto redirect to authentik for login + }; + + social_login_auto_redirect = true; + }; + }; + }; + }; +} diff --git a/modules/nixos/services/nextcloud/options.nix b/modules/nixos/services/nextcloud/options.nix index bb90614..c619e17 100644 --- a/modules/nixos/services/nextcloud/options.nix +++ b/modules/nixos/services/nextcloud/options.nix @@ -1,7 +1,28 @@ { lib, namespace, ... }: with lib; +let + inherit (lib.${namespace}) mkOpt mkBoolOpt; +in { options.${namespace}.services.nextcloud = { enable = mkEnableOption "enable nextcloud"; + + autoStart = mkBoolOpt true "autostart container"; + + port = mkOpt types.str "9988" "https port"; + + name = mkOpt types.str "nextcloud" "container name"; + + image = mkOpt types.str "lscr.io/linuxserver/nextcloud" ""; + + configPath = mkOpt types.str "/media/nas/main/nix-app-data/nextcloud/config" ""; + + dataPath = mkOpt types.str "/media/nas/main/nextcloud" ""; + + puid = mkOpt types.str "911" "puid"; + + pgid = mkOpt types.str "1000" "pgid"; + + timeZone = mkOpt types.str "America/Chicago" "container tz"; }; } diff --git a/modules/nixos/services/onlyoffice/default.nix b/modules/nixos/services/onlyoffice/default.nix new file mode 100644 index 0000000..c831fc4 --- /dev/null +++ b/modules/nixos/services/onlyoffice/default.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + namespace, + ... +}: +let + + cfg = config.${namespace}.services.onlyoffice; + + jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path; +in +{ + options.${namespace}.services.onlyoffice = { + enable = lib.mkEnableOption ""; + }; + + config = lib.mkIf cfg.enable { + #services.nginx.virtualHosts."office.mjallen.dev".listen = [ { addr = "0.0.0.0"; port = 9943; } ]; + services.onlyoffice = { + enable = true; + port = 9943; + hostname = "office.mjallen.dev"; + jwtSecretFile = jwtSecretFile; + }; + }; +} diff --git a/modules/nixos/services/owncloud/default.nix b/modules/nixos/services/owncloud/default.nix new file mode 100755 index 0000000..dd5eeb0 --- /dev/null +++ b/modules/nixos/services/owncloud/default.nix @@ -0,0 +1,85 @@ +{ + lib, + config, + namespace, + ... +}: +with lib; +let + cfg = config.${namespace}.services.ocis; +in +{ + options.${namespace}.services.ocis = { + enable = mkEnableOption "ownCloud Infinite Scale docker service"; + + autoStart = mkOption { + type = types.bool; + default = true; + }; + + httpPort = mkOption { + type = types.str; + default = "9988"; + }; + + name = mkOption { + type = types.str; + default = "ocis"; + }; + + image = mkOption { + type = types.str; + default = "owncloud/ocis"; + }; + + dataPath = mkOption { + type = types.str; + default = "/media/nas/main/ocis"; + }; + + configPath = mkOption { + type = types.str; + default = "/media/nas/main/nix-app-data/ocis"; + }; + + puid = mkOption { + type = types.str; + default = "911"; + }; + + pgid = mkOption { + type = types.str; + default = "1000"; + }; + + timeZone = mkOption { + type = types.str; + default = "America/Chicago"; + }; + }; + + config = mkIf cfg.enable { + virtualisation.oci-containers.containers."${cfg.name}" = { + autoStart = cfg.autoStart; + image = cfg.image; + ports = [ "${cfg.httpPort}:9200" ]; + volumes = [ + "${cfg.configPath}:/etc/ocis" + "${cfg.dataPath}:/var/lib/ocis" + ]; + environmentFiles = [ ]; + environment = { + OCIS_INSECURE = "true"; + PROXY_HTTP_ADDR = "0.0.0.0:9200"; + OCIS_URL = "https://10.0.1.3:9988"; + OCIS_ADMIN_PASSWORD = "BogieDudie1"; + OCIS_LDAP_BIND_PASSWORD = "BogieDudie1"; + PROXY_OIDC_CLIENT_SECRET = "BogieDudie1"; + IDM_ADMIN_PASSWORD = "BogieDudie1"; + PUID = cfg.puid; + PGID = cfg.pgid; + TZ = cfg.timeZone; + }; + }; + }; +} diff --git a/modules/nixos/services/owncloud/options.nix b/modules/nixos/services/owncloud/options.nix new file mode 100755 index 0000000..953cd05 --- /dev/null +++ b/modules/nixos/services/owncloud/options.nix @@ -0,0 +1,47 @@ +{ lib, namespace, ... }: +with lib; +{ + options.${namespace}.services.free-games-claimer = { + enable = mkEnableOption "free-games-claimer docker service"; + + autoStart = mkOption { + type = types.bool; + default = true; + }; + + httpPort = mkOption { + type = types.str; + default = "6080"; + }; + + name = mkOption { + type = types.str; + default = "free-games-claimer"; + }; + + image = mkOption { + type = types.str; + default = "ghcr.io/vogler/free-games-claimer"; + }; + + dataPath = mkOption { + type = types.str; + default = "/media/nas/main/nix-app-data/free-games-claimer"; + }; + + puid = mkOption { + type = types.str; + default = "911"; + }; + + pgid = mkOption { + type = types.str; + default = "1000"; + }; + + timeZone = mkOption { + type = types.str; + default = "America/Chicago"; + }; + }; +} diff --git a/systems/x86_64-linux/jallen-nas/apps.nix b/systems/x86_64-linux/jallen-nas/apps.nix index 8a08dff..d520d31 100755 --- a/systems/x86_64-linux/jallen-nas/apps.nix +++ b/systems/x86_64-linux/jallen-nas/apps.nix @@ -11,6 +11,7 @@ }; lubelogger.enable = true; nextcloud.enable = true; + onlyoffice.enable = true; ai.enable = true; paperless.enable = true; traefik.enable = true; @@ -32,6 +33,8 @@ }; }; + ocis.enable = false; + arrs = { enable = true; localAddress = "10.0.1.51"; diff --git a/systems/x86_64-linux/jallen-nas/default.nix b/systems/x86_64-linux/jallen-nas/default.nix index d5a44e6..4c36346 100755 --- a/systems/x86_64-linux/jallen-nas/default.nix +++ b/systems/x86_64-linux/jallen-nas/default.nix @@ -82,6 +82,12 @@ in group = "crowdsec"; mode = "u=rwx,g=rwx,o=rx"; } + { + directory = "/var/lib/nextcloud"; + user = "nextcloud"; + group = "nextcloud"; + mode = "u=rwx,g=rwx,o=rx"; + } { directory = "/plugins-storage"; user = "traefik"; @@ -150,6 +156,7 @@ in 5432 3001 3333 + 5201 # iperf ]; allowedUDPPorts = config.${namespace}.network.firewall.allowedTCPPorts; };