From 9410b323bf822b7e597a9d64e0c27cd3040e5a1b Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Thu, 8 Aug 2024 10:52:21 -0500 Subject: [PATCH] fix update --- flake.lock | 6 +-- hosts/nas/filesystems.nix | 9 +++++ hosts/nas/sops.nix | 10 +++++ modules/apps/nextcloud/default.nix | 1 - modules/apps/nextcloud/default2.nix | 60 +++++++++++++++++++++++++++++ secrets/secrets.yaml | 8 +++- share/known-hosts.nix | 19 +++++++++ 7 files changed, 107 insertions(+), 6 deletions(-) create mode 100644 modules/apps/nextcloud/default2.nix create mode 100644 share/known-hosts.nix diff --git a/flake.lock b/flake.lock index 549a1a9..60fa004 100644 --- a/flake.lock +++ b/flake.lock @@ -53,11 +53,11 @@ "yafas": "yafas" }, "locked": { - "lastModified": 1723121942, - "narHash": "sha256-OfowhlEBPCNcaw1RaC9AuW8bc2Ee2NMngjU8dOljtoU=", + "lastModified": 1723131830, + "narHash": "sha256-H9Q2y1RJ1ixXvyK6clZ84QXHhLvGzMPOPyBg30sqhmE=", "owner": "chaotic-cx", "repo": "nyx", - "rev": "d266429873c2a75c25eb629448d64387c7e1af22", + "rev": "c662fc42ab949b183c166d49efc7823509b20c75", "type": "github" }, "original": { diff --git a/hosts/nas/filesystems.nix b/hosts/nas/filesystems.nix index 97d0833..8e8979d 100644 --- a/hosts/nas/filesystems.nix +++ b/hosts/nas/filesystems.nix @@ -156,6 +156,15 @@ in ++ defaultOptions; }; + # fileSystems."/media/nas/junk/nextcloud-backup" = { + # device = "/dev/disk/by-uuid/11948951106919390044"; + # fsType = "btrfs"; + # options = [ + # "subvol=nextcloud-backup" + # ] + # ++ defaultOptions; + # }; + # fileSystems."/media/nas/main/vms" = { # device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; # fsType = "btrfs"; diff --git a/hosts/nas/sops.nix b/hosts/nas/sops.nix index d16b302..8caa3f9 100644 --- a/hosts/nas/sops.nix +++ b/hosts/nas/sops.nix @@ -20,4 +20,14 @@ sops.secrets."jallen-nas/mariadb/root_pass" = { restartUnits = [ "podman-mariadb.service" ]; }; + + sops.secrets."jallen-nas/nextcloud/dbpassword" = { + # restartUnits = [ "podman-nextcloud.service" ]; + }; + sops.secrets."jallen-nas/nextcloud/adminpassword" = { + # restartUnits = [ "podman-nextcloud.service" ]; + }; + sops.secrets."jallen-nas/nextcloud/smtppassword" = { + # restartUnits = [ "nextcloud.service" ]; + }; } \ No newline at end of file diff --git a/modules/apps/nextcloud/default.nix b/modules/apps/nextcloud/default.nix index 24d4e55..c5de897 100644 --- a/modules/apps/nextcloud/default.nix +++ b/modules/apps/nextcloud/default.nix @@ -1,6 +1,5 @@ { lib, - pkgs, config, ... }: diff --git a/modules/apps/nextcloud/default2.nix b/modules/apps/nextcloud/default2.nix new file mode 100644 index 0000000..cad30d7 --- /dev/null +++ b/modules/apps/nextcloud/default2.nix @@ -0,0 +1,60 @@ +{ + config, + ... +}: +{ + services.nextcloud = { + enable = true; + homeDir = "/media/nas/ssd/nix-app-data/nextcloud"; # ??? + dataDir = "/media/nas/main/nextcloud"; # ??? + caching.redis = true; + configureRedis = true; + appstore.enable = true; + + config = { + adminuser = "mjallen"; + adminpassFile = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path; + dbhost = "10.0.1.18:3306"; + dbtype = "mysql"; + dbname = "jallen_nextcloud"; + dbuser = "nextcloud"; + dbpassFile = config.sops.secrets."jallen-nas/nextcloud/dbpassword".path; + }; + + settings = { + trusted_domains = [ + "10.0.1.18:9943" + "cloud.mjallen.dev" + ]; + trusted_proxies = [ + "10.0.1.18" + ]; + maintenance_window_start = 6; + default_phone_region = "US"; + mail_from_address = "matt.l.jallen"; + mail_smtpmode = "smtp"; + mail_sendmailmode = "smtp"; + mail_domain = "gmail.com"; + mail_smtpauth = 1; + mail_smtpname = "matt.l.jallen"; + mail_smtppassword = builtins.readFile config.sops.secrets."jallen-nas/nextcloud/dbpassword".path;# ??? + mail_smtpsecure = "ssl"; + mail_smtphost = "smtp.gmail.com"; + mail_smtpport = 465; + enable_previews = true; + enabledPreviewProviders = [ + "OC\\Preview\\PNG" + "OC\\Preview\\JPEG" + "OC\\Preview\\GIF" + "OC\\Preview\\BMP" + "OC\\Preview\\XBitmap" + "OC\\Preview\\MP3" + "OC\\Preview\\TXT" + "OC\\Preview\\MarkDown" + "OC\\Preview\\OpenDocument" + "OC\\Preview\\Krita" + "OC\\Preview\\HEIC" + ]; + }; + }; +} \ No newline at end of file diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 1792935..685dece 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -7,6 +7,10 @@ jallen-nas: root_pass: ENC[AES256_GCM,data:YLPfEG4/6FeCnrKdfXv9z4hHwtpM/KtBCYqlm4IUvA==,iv:pc9Ljasy76bfkmFRJ4M+wfEtjXBUD7Kb0S0WQZhCmOs=,tag:Wk/7gpKidirhRqw4+Pu96g==,type:str] db_pass: ENC[AES256_GCM,data:zC+BPQ5EvQAyK/ZSReBmuOtluYg4ZePKA7U=,iv:WarwZCPlpcLMjZLCs1SjKE9vZ1udZ13aNuziX2ReHJo=,tag:oT8slCgO8w8Iam2Of4HyfA==,type:str] redis_nextcloud: ENC[AES256_GCM,data:BIQOGBdYh5KefMk=,iv:jeVj1PZG0RsCwal0zMg4zT16r23tCWcfRVGg4kdqdQo=,tag:VfPR6ygR1CeT0RU+DVM0pA==,type:str] + nextcloud: + dbpassword: ENC[AES256_GCM,data:Xu92h2psR4jAJDM=,iv:UsJD1zq9Uy0Exxk58nkyPGyI8m2BOuvr2DK843h5pSk=,tag:k4MvHT8BoahCf9ZxQw8ovA==,type:str] + adminpassword: ENC[AES256_GCM,data:y4PXSbrAAw3A6cg=,iv:10Dm3IYqKJz2FNRteauuYSKXCHE2IKHv4ytidUvblXA=,tag:OAsZ69s4g2p0JEenLbkXdA==,type:str] + smtppassword: ENC[AES256_GCM,data:AIn3HJ3oX90nzcmSLSIeizqL1w==,iv:EyIgk3mxJ1Pn9Gff6ia6c2ekreSFGUWDbLrtC/meMyI=,tag:LvkT98sSOVDV+mxMyJKnbQ==,type:str] desktop: matt_password: ENC[AES256_GCM,data:z/Jjzr+/PREpNEQsAVl4soeKAwW3sdteIqjhZT2txQDiR0FvGvEBoE/aYCM9NS7XSCgTeTuOqgBGfq4xDLc5/ZBAl7KoGHmKIQ==,iv:qVONkw8PDI2ydqybqGIU2XFq4+qC1BeXnfwxbxbWBww=,tag:eYOD2EoBn9XMiYOaBDFlRw==,type:str] sops: @@ -42,8 +46,8 @@ sops: UGhsN2N0Mjl3UEJvUVlGRlJiN05WaUkKW37lU4G4CLTo6JoHC2OyhKsG/FuO+BiN pzlVJwzRnmAqwklRbc6RMbQLl2EQrp6KQcgYsUxCMH9OQ/9WJ98dxQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-07T21:24:21Z" - mac: ENC[AES256_GCM,data:79381C9vRsWWD5MNmsqjm86/KqvXmOvCzcpN0bvBtu3jHr1EOPmWwmstfnsZiRLo1r9SxJECyuYsrRilpPY1yorURipp3vGtHRVKLb1YZmN1LtoA0yVAPD49YACGTWU4ogdiRkrfAqDfI9sRshHK98axHv72Q7FZJFnsJ6QpPak=,iv:hFtp5t+m9Hsh5zUsA3RA7uTPJ5fEZ7PD04gBfAq0dYA=,tag:tK3zCY3YWEurDIkegH+U2g==,type:str] + lastmodified: "2024-08-08T02:00:25Z" + mac: ENC[AES256_GCM,data:IVfBgo6DeJ4WPwF5Uzol1F/ORaWehP6Ax5NvBInQAelHV3wLWIwj+BnPqtJfWIHdUxNqPZCOmEjZ4DskYRAvxWvF+GyOJZ34tkxBMkASl76l9OmCf2KZtGERyUI+JmDh3qJ1K6KP6Mc/3p0xketrndm1mz42lc42VsL6Id2NUcY=,iv:+XiyBL5slouhfK4iOhS51IoWthdsEZ6HYJd8nHlCLT4=,tag:jZ2ISWYE/aA0OF6IORgVZQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/share/known-hosts.nix b/share/known-hosts.nix new file mode 100644 index 0000000..63049ea --- /dev/null +++ b/share/known-hosts.nix @@ -0,0 +1,19 @@ +{ + ... +}: +{ + programs.ssh.knownHosts = { + jallen-mac = { + hostNames = [ "mattjallen@MacBook-Pro.local" ]; + publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs="; + }; + jallen-pc-windows = { + hostNames = [ "mattl@Jallen-PC" ]; + publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s="; + }; + jallen-pc-nixos = { + hostNames = [ "matt@matt-nixos" ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov"; + }; + }; +} \ No newline at end of file