diff --git a/modules/nixos/services/caddy/default.nix b/modules/nixos/services/caddy/default.nix index 67c525d..bd45cde 100644 --- a/modules/nixos/services/caddy/default.nix +++ b/modules/nixos/services/caddy/default.nix @@ -53,6 +53,18 @@ let reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.attic.port} } + @cloud host cloud.mjallen.dev + handle @cloud { + reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.nextcloud.port} { + header_up Host {upstream_hostport} + } + + header { + Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" + X-Robots-Tag "noindex, nofollow" + } + } + @gitea host gitea.mjallen.dev handle @gitea { reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.gitea.port} diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index c0b49dc..d1e7e12 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -1,6 +1,7 @@ { lib, config, + pkgs, namespace, ... }: @@ -11,26 +12,97 @@ let nextcloudConfig = lib.${namespace}.mkModule { inherit config name; - serviceName = "podman-${name}"; - description = "nextcloud"; + serviceName = "nextcloud"; + description = "Nextcloud - Secure file sync and sharing platform"; options = { }; + moduleConfig = { - virtualisation.oci-containers.containers."${name}" = { - autoStart = true; - image = "lscr.io/linuxserver/nextcloud"; - ports = [ - "${toString cfg.port}:443" - ]; - volumes = [ - "${cfg.configDir}/nextcloud:/config" - "${cfg.dataDir}/nextcloud:/data" - "/run/postgresql:/run/postgresql" - ]; - environmentFiles = [ ]; - environment = { - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; + # Setup the native NixOS Nextcloud service + services.nextcloud = { + enable = true; + package = pkgs.nextcloud32; + hostName = "cloud.mjallen.dev"; + home = "${cfg.configDir}/nextcloud"; + datadir = "${cfg.dataDir}/nextcloud"; + configureRedis = true; + enableImagemagick = true; + appstoreEnable = true; + + # Use PostgreSQL for database + config = { + dbtype = "pgsql"; + dbname = "nextcloud"; + dbuser = "nextcloud"; + dbhost = "/run/postgresql"; # Socket directory + # dbpassFile = config.sops.secrets."jallen-nas/nextcloud/dbpassword".path; + adminuser = "mjallen"; + adminpassFile = config.sops.secrets."matt_password".path; + }; + + # PHP settings + phpOptions = lib.mkOverride 90 { + memory_limit = "512M"; + upload_max_filesize = "10G"; + post_max_size = "10G"; + output_buffering = "0"; + "opcache.interned_strings_buffer" = "16"; + "opcache.max_accelerated_files" = "10000"; + "opcache.memory_consumption" = "128"; + "opcache.save_comments" = "1"; + "opcache.revalidate_freq" = "1"; + }; + + # Configure caching for better performance + caching = { + apcu = true; + redis = true; + memcached = false; + }; + + # Auto-update apps + autoUpdateApps = { + enable = false; + startAt = "05:00:00"; + }; + + # Configure HTTPS if enabled + https = false; + + settings = { + default_phone_region = "US"; + trusted_proxies = [ "10.0.1.3" ]; + trusted_domains = [ + "cloud.mjallen.dev" + "10.0.1.3:${toString cfg.port}" + ]; + enabledPreviewProviders = [ + "OC\\Preview\\PNG" + "OC\\Preview\\JPEG" + "OC\\Preview\\GIF" + "OC\\Preview\\BMP" + "OC\\Preview\\XBitmap" + "OC\\Preview\\Krita" + "OC\\Preview\\WebP" + "OC\\Preview\\MarkDown" + "OC\\Preview\\TXT" + "OC\\Preview\\OpenDocument" + ]; + }; + }; + + users.users.nextcloud.isSystemUser = lib.mkForce true; + users.users.nextcloud.isNormalUser = lib.mkForce false; + users.groups.nextcloud = {}; + + # Configure web server + services.nginx = { + enable = true; + virtualHosts.${config.services.nextcloud.hostName} = { + listen = [{ + addr = "0.0.0.0"; + port = cfg.port; + ssl = false; + }]; }; }; }; @@ -38,4 +110,4 @@ let in { imports = [ nextcloudConfig ]; -} +} \ No newline at end of file diff --git a/modules/nixos/services/opencloud/default.nix b/modules/nixos/services/opencloud/default.nix index da172ac..fbd083b 100644 --- a/modules/nixos/services/opencloud/default.nix +++ b/modules/nixos/services/opencloud/default.nix @@ -1,6 +1,7 @@ { config, lib, + pkgs, namespace, ... }: @@ -9,12 +10,92 @@ let name = "opencloud"; cfg = config.${namespace}.services.${name}; + # # Create an environment file from the configuration + # envFile = pkgs.writeText "opencloud-environment" '' + # OC_JWT_SECRET=${config.sops.placeholder."jallen-nas/onlyoffice-key"} + # OC_TRANSFER_SECRET=${config.sops.placeholder."jallen-nas/onlyoffice-key"} + # OC_MACHINE_AUTH_API_KEY=${config.sops.placeholder."jallen-nas/onlyoffice-key"} + + # OC_ADD_RUN_SERVICES=collaboration,app-provider + # OC_REVA_GATEWAY=eu.opencloud.api.gateway + # APP_PROVIDER_WOPI_APP_NAME=Collabora + # APP_PROVIDER_ENABLE=true + # APP_PROVIDER_SERVICE_NAME=app-provider-collabora + # COLLABORATION_APP_NAME=Collabora + # COLLABORATION_APP_PRODUCT=Collabora + # COLLABORATION_WOPI_DISCOVERY_URL=https://office.mjallen.dev/hosting/discovery + # COLLABORATION_WOPI_SRC=https://office.mjallen.dev + # OC_COLLABORATION_WOPI_URL=https://office.mjallen.dev + # COLLABORATION_APP_ADDR=https://office.mjallen.dev + # COLLABORATION_APP_INSECURE=false + # COLLABORATION_APP_PROOF_DISABLE=true + # COLLABORATION_WOPI_SHORTTOKENS=false + # MICRO_REGISTRY=nats-js-kv + # MICRO_REGISTRY_ADDRESS=127.0.0.1:9233 + # OC_SYSTEM_USER_ID=${cfg.puid} + + # OC_LOG_LEVEL=info + + # APP_PROVIDER_PROVIDERS=collabora + + # APP_PROVIDER_COLLABORA_NAME=Collabora + # APP_PROVIDER_COLLABORA_PRODUCT=Collabora Online + + # APP_PROVIDER_COLLABORA_ADDR=https://office.mjallen.dev + # APP_PROVIDER_COLLABORA_ICON=https://office.mjallen.dev/favicon.ico + + # APP_PROVIDER_COLLABORA_MIME_TYPES=application/vnd.openxmlformats-officedocument.wordprocessingml.document application/vnd.openxmlformats-officedocument.spreadsheetml.sheet application/vnd.openxmlformats-officedocument.presentationml.presentation application/msword application/vnd.ms-excel application/vnd.ms-powerpoint text/plain + + # NATS_NATS_HOST=${cfg.listenAddress} + # GATEWAY_GRPC_ADDR=${cfg.listenAddress}:9142 + + # OC_DB_TYPE=postgres + # OC_DB_HOST=10.0.1.3 + # OC_DB_PORT=5432 + # OC_DB_USER=opencloud + # OC_DB_NAME=opencloud + + # OC_INSECURE=true + # PROXY_TLS=false + # PROXY_HTTP_ADDR=${cfg.listenAddress}:9200 + # OC_URL=https://cloud.mjallen.dev + # OC_PUBLIC_URL=https://cloud.mjallen.dev + # PUID=${cfg.puid} + # PGID=${cfg.pgid} + # TZ=${cfg.timeZone} + # ''; + opencloudConfig = lib.${namespace}.mkModule { inherit config name; - serviceName = "podman-${name}"; - description = "opencloud"; + serviceName = "opencloud"; + description = "OpenCloud - Secure and private file sharing and storage"; options = { }; + moduleConfig = { + services.opencloud = { + enable = true; + url = "https://cloud.mjallen.dev"; + address = cfg.listenAddress; + port = cfg.port; + stateDir = "${cfg.configDir}/opencloud"; + environment = { + PROXY_TLS = "false"; # disable https when behind reverse-proxy + INITIAL_ADMIN_PASSWORD = "BogieDudie1"; + OC_DB_TYPE = "postgres"; + OC_DB_HOST = "10.0.1.3"; + OC_DB_PORT = "5432"; + OC_DB_USER = "opencloud"; + OC_DB_NAME = "opencloud"; + OC_INSECURE = "true"; + OC_LOG_LEVEL = "debug"; + + # PROXY_TLS = "false"; + # PROXY_HTTP_ADDR= "${cfg.listenAddress}:9200"; + # OC_URL = "https://cloud.mjallen.dev" + # OC_PUBLIC_URL = "https://cloud.mjallen.dev" + }; + }; + # Create the secret template sops.templates = { "opencloud.env" = { content = '' @@ -24,80 +105,15 @@ let ''; }; }; - virtualisation.oci-containers.containers.opencloud = { - autoStart = true; - image = "opencloudeu/opencloud-rolling"; - ports = [ - "${toString cfg.port}:9200" - ]; - volumes = [ - "${cfg.dataDir}/opencloud:/var/lib/opencloud" - "${cfg.configDir}/opencloud:/etc/opencloud" - ]; - environmentFiles = [ config.sops.templates."opencloud.env".path ]; - environment = { - OC_ADD_RUN_SERVICES = "collaboration,app-provider"; - OC_REVA_GATEWAY = "eu.opencloud.api.gateway"; - APP_PROVIDER_WOPI_APP_NAME = "Collabora"; - APP_PROVIDER_ENABLE = "true"; - APP_PROVIDER_SERVICE_NAME = "app-provider-collabora"; - COLLABORATION_APP_NAME = "Collabora"; - COLLABORATION_APP_PRODUCT = "Collabora"; - COLLABORATION_WOPI_DISCOVERY_URL = "https://office.mjallen.dev/hosting/discovery"; - COLLABORATION_WOPI_SRC = "https://office.mjallen.dev"; - OC_COLLABORATION_WOPI_URL = "https://office.mjallen.dev"; - COLLABORATION_APP_ADDR = "https://office.mjallen.dev"; - COLLABORATION_APP_INSECURE = "false"; - COLLABORATION_APP_PROOF_DISABLE = "true"; - COLLABORATION_WOPI_SHORTTOKENS = "false"; - # COLLABORATION_GRPC_ADDR = "${cfg.listenAddress}:9301"; - # COLLABORATION_HTTP_ADDR = "${cfg.listenAddress}:9200"; - MICRO_REGISTRY = "nats-js-kv"; - MICRO_REGISTRY_ADDRESS = "127.0.0.1:9233"; - OC_SYSTEM_USER_ID = cfg.puid; - OC_LOG_LEVEL = "info"; - - APP_PROVIDER_PROVIDERS = "collabora"; - - APP_PROVIDER_COLLABORA_NAME = "Collabora"; - APP_PROVIDER_COLLABORA_PRODUCT = "Collabora Online"; - - APP_PROVIDER_COLLABORA_ADDR = "https://office.mjallen.dev"; - APP_PROVIDER_COLLABORA_ICON = "https://office.mjallen.dev/favicon.ico"; - - APP_PROVIDER_COLLABORA_MIME_TYPES = '' - application/vnd.openxmlformats-officedocument.wordprocessingml.document - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet - application/vnd.openxmlformats-officedocument.presentationml.presentation - application/msword - application/vnd.ms-excel - application/vnd.ms-powerpoint - text/plain - ''; - - NATS_NATS_HOST = cfg.listenAddress; - GATEWAY_GRPC_ADDR = "${cfg.listenAddress}:9142"; - - OC_DB_TYPE = "postgres"; - OC_DB_HOST = "10.0.1.3"; - OC_DB_PORT = "5432"; - OC_DB_USER = "opencloud"; - OC_DB_NAME = "opencloud"; - - OC_INSECURE = "true"; - PROXY_TLS = "false"; - PROXY_HTTP_ADDR = "${cfg.listenAddress}:9200"; - OC_URL = "https://cloud.mjallen.dev"; - OC_PUBLIC_URL = "https://cloud.mjallen.dev"; - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; - }; - }; + # # Create directories + # systemd.tmpfiles.rules = [ + # "d '${cfg.dataDir}/opencloud' 0750 ${cfg.user} ${cfg.group} - -" + # "d '${cfg.configDir}/opencloud' 0750 ${cfg.user} ${cfg.group} - -" + # ]; }; }; in { imports = [ opencloudConfig ]; -} +} \ No newline at end of file diff --git a/systems/x86_64-linux/jallen-nas/apps.nix b/systems/x86_64-linux/jallen-nas/apps.nix index 118b3ca..51fc1cf 100755 --- a/systems/x86_64-linux/jallen-nas/apps.nix +++ b/systems/x86_64-linux/jallen-nas/apps.nix @@ -147,7 +147,7 @@ in port = 4000; }; nextcloud = { - enable = false; + enable = true; port = 9988; }; ntfy = {