fix

2025-11-16 19:22:39 -06:00
parent 2a77d233f9
commit 6dc81d0cbf
9 changed files with 375 additions and 140 deletions
--- a/modules/nixos/services/ai/default.nix
+++ b/modules/nixos/services/ai/default.nix
@@ -27,7 +27,7 @@ in
    };
    services.llama-cpp = {
-      enable = false;
+      enable = true;
      port = 8127;
      host = "0.0.0.0";
      openFirewall = true;
@@ -46,6 +46,7 @@ in
    services.open-webui = {
      enable = true;
      package = pkgs.stable.open-webui;
      host = "0.0.0.0";
      port = 8888;
      openFirewall = true;
--- a/modules/nixos/services/nextcloud/default.nix
+++ b/modules/nixos/services/nextcloud/default.nix
@@ -1,155 +1,32 @@
 {
  config,
  lib,
-  pkgs,
+  config,
  namespace,
  ...
 }:
 with lib;
 let
  cfg = config.${namespace}.services.nextcloud;
  adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path;
  secretsFile = config.sops.secrets."jallen-nas/nextcloud/smtp_settings".path;
  jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path;
  hostAddress = "10.0.1.3";
  nextcloudPortExtHttp = 9988;
  nextcloudPortExtHttps = 9943;
  onlyofficePortExt = 9943;
 in
 {
  imports = [ ./options.nix ];
-  config = mkIf cfg.enable {
+  virtualisation.oci-containers.containers."${cfg.name}" = {
-    services.nginx.virtualHosts."cloud.mjallen.dev".listen = [
+    autoStart = cfg.autoStart;
-      {
+    image = cfg.image;
-        addr = "0.0.0.0";
+    ports = [
-        port = nextcloudPortExtHttp;
+      "${cfg.port}:443"
      }
    ];
-
+    volumes = [
-    # Create required users and groups
+      "${cfg.configPath}:/config"
-    users.users.nextcloud = {
+      "${cfg.dataPath}:/data"
-      isSystemUser = lib.mkForce true;
+      "/run/postgresql:/run/postgresql"
-      isNormalUser = lib.mkForce false;
+    ];
-      group = "nextcloud";
+    environmentFiles = [ ];
-    };
+    environment = {
-
+      PUID = cfg.puid;
-    users.groups = {
+      PGID = cfg.pgid;
-      nextcloud = { };
+      TZ = cfg.timeZone;
      downloads = { };
    };
    services = {
      opencloud = {
        enable = true;
        url = "https://10.0.1.3:9988";
        address = "0.0.0.0";
        port = nextcloudPortExtHttp;
        stateDir = "/media/nas/main/nix-app-data/opencloud";
      };
      onlyoffice = {
        enable = false;
        port = onlyofficePortExt;
        hostname = "office.mjallen.dev";
        jwtSecretFile = jwtSecretFile;
      };
      nextcloud = {
        enable = false;
        package = pkgs.nextcloud32;
        home = "/media/nas/main/nix-app-data/nextcloud";
        database.createLocally = true;
        hostName = "cloud.mjallen.dev";
        appstoreEnable = false;
        caching.redis = true;
        configureRedis = true;
        enableImagemagick = true;
        https = true;
        secretFile = secretsFile;
        extraApps = {
          inherit (pkgs.nextcloud32Packages.apps)
            # app_api
            # bookmarks
            mail
            calendar
            contacts
            integration_openai
            integration_paperless
            # maps
            # oidc_login
            onlyoffice
            previewgenerator
            recognize
            # richdocuments
            user_oidc
            ;
          # inherit
          #   nextcloudPhotos
          #   nextcloudPdfViewer
          #   nextcloudAssist
          # ;
        };
        config = {
          adminuser = "mjallen";
          adminpassFile = adminpass;
          dbhost = "localhost";
          dbtype = "pgsql";
          dbname = "nextcloud";
          dbuser = "nextcloud";
        };
        settings = {
          log_type = "syslog";
          syslog_tag = "nextcloud";
          logfile = "";
          loglevel = 3;
          allow_local_remote_servers = true;
          upgrade.disable-web = false;
          datadirectory = "/media/nas/main/nextcloud";
          trusted_domains = [
            "${hostAddress}:${toString nextcloudPortExtHttp}"
            "${hostAddress}:${toString nextcloudPortExtHttps}"
            # "${localAddress}:80"
            # "${localAddress}:8080"
            # "${localAddress}:443"
            "cloud.mjallen.dev"
          ];
          opcache.interned_strings_buffer = 16;
          trusted_proxies = [ hostAddress ];
          maintenance_window_start = 6;
          default_phone_region = "US";
          enable_previews = true;
          enabledPreviewProviders = [
            "OC\\Preview\\PNG"
            "OC\\Preview\\JPEG"
            "OC\\Preview\\GIF"
            "OC\\Preview\\BMP"
            "OC\\Preview\\XBitmap"
            "OC\\Preview\\MP3"
            "OC\\Preview\\TXT"
            "OC\\Preview\\MarkDown"
            "OC\\Preview\\OpenDocument"
            "OC\\Preview\\Krita"
            "OC\\Preview\\HEIC"
            "OC\\Preview\\Movie"
            "OC\\Preview\\MSOffice2003"
            "OC\\Preview\\MSOffice2007"
            "OC\\Preview\\MSOfficeDoc"
          ];
          installed = true;
          user_oidc = {
            auto_provision = false;
            soft_auto_provision = false;
            allow_multiple_user_backends = false; # auto redirect to authentik for login
          };
          social_login_auto_redirect = true;
        };
      };
    };
  };
 }
--- a/modules/nixos/services/nextcloud/default.nix.bak
+++ b/modules/nixos/services/nextcloud/default.nix.bak
@@ -0,0 +1,167 @@
 {
  config,
  lib,
  pkgs,
  namespace,
  ...
 }:
 with lib;
 let
  cfg = config.${namespace}.services.nextcloud;
  adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path;
  secretsFile = config.sops.secrets."jallen-nas/nextcloud/smtp_settings".path;
  jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path;
  nextcloudUserId = config.users.users.nix-apps.uid;
  nextcloudGroupId = config.users.groups.jallen-nas.gid;
  hostAddress = "10.0.1.3";
  nextcloudPortExtHttp = 9988;
  nextcloudPortExtHttps = 9943;
  onlyofficePortExt = 9943;
  nextcloudPhotos = pkgs.${namespace}.nextcloud-app-photos;
  nextcloudPdfViewer = pkgs.${namespace}.nextcloud-app-pdfviewer;
  nextcloudAssist = pkgs.${namespace}.nextcloud-app-assistant;
 in
 {
  imports = [ ./options.nix ];
  config = mkIf cfg.enable {
    services.nginx.virtualHosts."cloud.mjallen.dev".listen = [ { addr = "0.0.0.0"; port = nextcloudPortExtHttp; } ];
    # Create required users and groups
    users.users.nextcloud = {
      isSystemUser = lib.mkForce true;
      isNormalUser = lib.mkForce false;
      group = "nextcloud";
    };
    users.groups = {
      nextcloud = { };
      downloads = { };
    };
    services = {
      ocis = {
        enable = false;
        configDir = "/media/nas/main/nix-app-data/ocis";
        address = "0.0.0.0";
        port = 9988;
        environment = {
            OCIS_URL = "https://localhost:9200";
        };
      };
      opencloud = {
        enable = false;
        url = "https://10.0.1.3:9988";
        address = "0.0.0.0";
        port = nextcloudPortExtHttp;
        stateDir = "/media/nas/main/nix-app-data/opencloud";
      };
      onlyoffice = {
        enable = false;
        port = onlyofficePortExt;
        hostname = "office.mjallen.dev";
        jwtSecretFile = jwtSecretFile;
      };
      nextcloud = {
        enable = true;
        package = pkgs.nextcloud32;
        home = "/media/nas/main/nix-app-data/nextcloud";
        database.createLocally = true;
        hostName = "cloud.mjallen.dev";
        appstoreEnable = false;
        caching.redis = true;
        configureRedis = true;
        enableImagemagick = true;
        https = true;
        secretFile = secretsFile;
        extraApps = {
          inherit (pkgs.nextcloud32Packages.apps)
            # app_api
            # bookmarks
            mail
            calendar
            contacts
            integration_openai
            integration_paperless
            # maps
            # oidc_login
            onlyoffice
            previewgenerator
            # recognize
            # richdocuments
            user_oidc
            ;
          # inherit
          #   nextcloudPhotos
          #   nextcloudPdfViewer
          #   nextcloudAssist
            # ;
        };
        config = {
          adminuser = "mjallen";
          adminpassFile = adminpass;
          dbhost = "localhost";
          dbtype = "pgsql";
          dbname = "nextcloud";
          dbuser = "nextcloud";
        };
        settings = {
          log_type = "syslog";
          syslog_tag = "nextcloud";
          logfile = "";
          loglevel = 3;
          allow_local_remote_servers = true;
          upgrade.disable-web = false;
          datadirectory = "/media/nas/main/nextcloud";
          trusted_domains = [
            "${hostAddress}:${toString nextcloudPortExtHttp}"
            "${hostAddress}:${toString nextcloudPortExtHttps}"
            # "${localAddress}:80"
            # "${localAddress}:8080"
            # "${localAddress}:443"
            "cloud.mjallen.dev"
          ];
          opcache.interned_strings_buffer = 16;
          trusted_proxies = [ hostAddress ];
          maintenance_window_start = 6;
          default_phone_region = "US";
          enable_previews = true;
          enabledPreviewProviders = [
            "OC\\Preview\\PNG"
            "OC\\Preview\\JPEG"
            "OC\\Preview\\GIF"
            "OC\\Preview\\BMP"
            "OC\\Preview\\XBitmap"
            "OC\\Preview\\MP3"
            "OC\\Preview\\TXT"
            "OC\\Preview\\MarkDown"
            "OC\\Preview\\OpenDocument"
            "OC\\Preview\\Krita"
            "OC\\Preview\\HEIC"
            "OC\\Preview\\Movie"
            "OC\\Preview\\MSOffice2003"
            "OC\\Preview\\MSOffice2007"
            "OC\\Preview\\MSOfficeDoc"
          ];
          installed = false;
          user_oidc = {
            auto_provision = false;
            soft_auto_provision = false;
            allow_multiple_user_backends = false; # auto redirect to authentik for login
          };
          social_login_auto_redirect = true;
        };
      };
    };
  };
 }
--- a/modules/nixos/services/nextcloud/options.nix
+++ b/modules/nixos/services/nextcloud/options.nix
@@ -1,7 +1,28 @@
 { lib, namespace, ... }:
 with lib;
 let
  inherit (lib.${namespace}) mkOpt mkBoolOpt;
 in
 {
  options.${namespace}.services.nextcloud = {
    enable = mkEnableOption "enable nextcloud";
    autoStart = mkBoolOpt true "autostart container";
    port = mkOpt types.str "9988" "https port";
    name = mkOpt types.str "nextcloud" "container name";
    image = mkOpt types.str "lscr.io/linuxserver/nextcloud" "";
    configPath = mkOpt types.str "/media/nas/main/nix-app-data/nextcloud/config" "";
    dataPath = mkOpt types.str "/media/nas/main/nextcloud" "";
    puid = mkOpt types.str "911" "puid";
    pgid = mkOpt types.str "1000" "pgid";
    timeZone = mkOpt types.str "America/Chicago" "container tz";
  };
 }
--- a/modules/nixos/services/onlyoffice/default.nix
+++ b/modules/nixos/services/onlyoffice/default.nix
@@ -0,0 +1,27 @@
 {
  config,
  lib,
  namespace,
  ...
 }:
 let
  cfg = config.${namespace}.services.onlyoffice;
  jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path;
 in
 {
  options.${namespace}.services.onlyoffice = {
    enable = lib.mkEnableOption "";
  };
  config = lib.mkIf cfg.enable {
    #services.nginx.virtualHosts."office.mjallen.dev".listen = [ { addr = "0.0.0.0"; port = 9943; } ];
    services.onlyoffice = {
      enable = true;
      port = 9943;
      hostname = "office.mjallen.dev";
      jwtSecretFile = jwtSecretFile;
    };
  };
 }
--- a/modules/nixos/services/owncloud/default.nix
+++ b/modules/nixos/services/owncloud/default.nix
@@ -0,0 +1,85 @@
 {
  lib,
  config,
  namespace,
  ...
 }:
 with lib;
 let
  cfg = config.${namespace}.services.ocis;
 in
 {
  options.${namespace}.services.ocis = {
    enable = mkEnableOption "ownCloud Infinite Scale docker service";
    autoStart = mkOption {
      type = types.bool;
      default = true;
    };
    httpPort = mkOption {
      type = types.str;
      default = "9988";
    };
    name = mkOption {
      type = types.str;
      default = "ocis";
    };
    image = mkOption {
      type = types.str;
      default = "owncloud/ocis";
    };
    dataPath = mkOption {
      type = types.str;
      default = "/media/nas/main/ocis";
    };
    configPath = mkOption {
      type = types.str;
      default = "/media/nas/main/nix-app-data/ocis";
    };
    puid = mkOption {
      type = types.str;
      default = "911";
    };
    pgid = mkOption {
      type = types.str;
      default = "1000";
    };
    timeZone = mkOption {
      type = types.str;
      default = "America/Chicago";
    };
  };
  config = mkIf cfg.enable {
    virtualisation.oci-containers.containers."${cfg.name}" = {
      autoStart = cfg.autoStart;
      image = cfg.image;
      ports = [ "${cfg.httpPort}:9200" ];
      volumes = [
        "${cfg.configPath}:/etc/ocis"
        "${cfg.dataPath}:/var/lib/ocis"
      ];
      environmentFiles = [ ];
      environment = {
        OCIS_INSECURE = "true";
        PROXY_HTTP_ADDR = "0.0.0.0:9200";
        OCIS_URL = "https://10.0.1.3:9988";
        OCIS_ADMIN_PASSWORD = "BogieDudie1";
        OCIS_LDAP_BIND_PASSWORD = "BogieDudie1";
        PROXY_OIDC_CLIENT_SECRET = "BogieDudie1";
        IDM_ADMIN_PASSWORD = "BogieDudie1";
        PUID = cfg.puid;
        PGID = cfg.pgid;
        TZ = cfg.timeZone;
      };
    };
  };
 }
--- a/modules/nixos/services/owncloud/options.nix
+++ b/modules/nixos/services/owncloud/options.nix
@@ -0,0 +1,47 @@
 { lib, namespace, ... }:
 with lib;
 {
  options.${namespace}.services.free-games-claimer = {
    enable = mkEnableOption "free-games-claimer docker service";
    autoStart = mkOption {
      type = types.bool;
      default = true;
    };
    httpPort = mkOption {
      type = types.str;
      default = "6080";
    };
    name = mkOption {
      type = types.str;
      default = "free-games-claimer";
    };
    image = mkOption {
      type = types.str;
      default = "ghcr.io/vogler/free-games-claimer";
    };
    dataPath = mkOption {
      type = types.str;
      default = "/media/nas/main/nix-app-data/free-games-claimer";
    };
    puid = mkOption {
      type = types.str;
      default = "911";
    };
    pgid = mkOption {
      type = types.str;
      default = "1000";
    };
    timeZone = mkOption {
      type = types.str;
      default = "America/Chicago";
    };
  };
 }
--- a/systems/x86_64-linux/jallen-nas/apps.nix
+++ b/systems/x86_64-linux/jallen-nas/apps.nix
@@ -11,6 +11,7 @@
      };
      lubelogger.enable = true;
      nextcloud.enable = true;
      onlyoffice.enable = true;
      ai.enable = true;
      paperless.enable = true;
      traefik.enable = true;
@@ -32,6 +33,8 @@
        };
      };
      ocis.enable = false;
      arrs = {
        enable = true;
        localAddress = "10.0.1.51";
--- a/systems/x86_64-linux/jallen-nas/default.nix
+++ b/systems/x86_64-linux/jallen-nas/default.nix
@@ -82,6 +82,12 @@ in
          group = "crowdsec";
          mode = "u=rwx,g=rwx,o=rx";
        }
        {
          directory = "/var/lib/nextcloud";
          user = "nextcloud";
          group = "nextcloud";
          mode = "u=rwx,g=rwx,o=rx";
        }
        {
          directory = "/plugins-storage";
          user = "traefik";
@@ -150,6 +156,7 @@ in
          5432
          3001
          3333
          5201 # iperf
        ];
        allowedUDPPorts = config.${namespace}.network.firewall.allowedTCPPorts;
      };