From dcab6464493258f7d2b159bc3dc7d9d2c662bca1 Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Tue, 25 Mar 2025 17:29:04 -0500 Subject: [PATCH] many cleanup, secrets, onlyoffice --- README.md | 8 +- flake.lock | 301 ++++++++++++++++++---- hosts/mac-nixos/configuration.nix | 2 - hosts/mac-nixos/gnome/default.nix | 1 - hosts/nas/apps.nix | 23 +- hosts/nas/apps/collabora/default.nix | 26 -- hosts/nas/apps/nextcloud/default.nix | 38 ++- hosts/nas/apps/traefik/default.nix | 10 +- hosts/nas/networking.nix | 3 +- hosts/nas/services.nix | 4 +- hosts/nas/sops.nix | 12 +- modules/apps/collabora/default.nix | 38 --- modules/apps/collabora/options.nix | 72 ------ modules/apps/deluge/default.nix | 39 --- modules/apps/deluge/options.nix | 72 ------ modules/apps/discover-wrapped/default.nix | 28 -- modules/apps/discover-wrapped/options.nix | 7 - modules/apps/jackett/default.nix | 25 -- modules/apps/jackett/options.nix | 52 ---- modules/apps/mariadb/default.nix | 27 -- modules/apps/mariadb/options.nix | 62 ----- modules/apps/ollama/default.nix | 26 -- modules/apps/ollama/options.nix | 47 ---- modules/apps/open-webui/default.nix | 35 --- modules/apps/open-webui/options.nix | 52 ---- modules/default.nix | 5 - modules/samba/default-unstable.nix | 73 ------ modules/samba/default.nix | 18 -- secrets/secrets.yaml | 7 +- 29 files changed, 299 insertions(+), 814 deletions(-) delete mode 100755 hosts/nas/apps/collabora/default.nix delete mode 100755 modules/apps/collabora/default.nix delete mode 100755 modules/apps/collabora/options.nix delete mode 100755 modules/apps/deluge/default.nix delete mode 100755 modules/apps/deluge/options.nix delete mode 100755 modules/apps/discover-wrapped/default.nix delete mode 100755 modules/apps/discover-wrapped/options.nix delete mode 100755 modules/apps/jackett/default.nix delete mode 100755 modules/apps/jackett/options.nix delete mode 100755 modules/apps/mariadb/default.nix delete mode 100755 modules/apps/mariadb/options.nix delete mode 100755 modules/apps/ollama/default.nix delete mode 100755 modules/apps/ollama/options.nix delete mode 100755 modules/apps/open-webui/default.nix delete mode 100755 modules/apps/open-webui/options.nix delete mode 100755 modules/samba/default-unstable.nix diff --git a/README.md b/README.md index e976ba1..604771a 100755 --- a/README.md +++ b/README.md @@ -16,9 +16,6 @@ * [specialisations.hyprland](./hosts/desktop/hyprland) * [specialisations.gnome](./hosts/desktop/gnome) * [specialisations.cosmic](./hosts/desktop/cosmic) -* cachix - * [cachix.nix](./cachix/cachix.nix) - * [nix-community.nix](./cachix/nix-community.nix) ### NAS * [boot.nix](./hosts/nas/boot.nix) @@ -34,9 +31,6 @@ * [samba](./modules/samba) * nas-apps * [arrs](./hosts/nas/apps/arrs/default.nix) - * [collabora](./modules/apps/collabora) - * [deluge](./modules/apps/deluge) - * [discover-wrapped](./modules/apps/discover-wrapped) * [free-games-claimer](./modules/apps/free-games-claimer) * [jackett](./modules/apps/jackett) * [jellyfin](./hosts/nas/apps/jellyfin/default.nix) @@ -44,7 +38,7 @@ * [jackett](./modules/apps/manyfold) * [mariadb](./modules/apps/mariadb) * [mealie](./modules/apps/mealie) - * [nextcloud](./hosts/nas/apps/nextcloud/default.nix) + * [nextcloud+onlyoffice](./hosts/nas/apps/nextcloud/default.nix) * [ollama](./hosts/nas/apps/ollama/default.nix) * [paperless](./hosts/nas/apps/paperless/default.nix) * [tdarr](./modules/apps/tdarr) diff --git a/flake.lock b/flake.lock index 0ced173..50b032d 100755 --- a/flake.lock +++ b/flake.lock @@ -47,6 +47,21 @@ "type": "github" } }, + "crane_3": { + "locked": { + "lastModified": 1731098351, + "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=", + "owner": "ipetkov", + "repo": "crane", + "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "desktop-chaotic": { "inputs": { "fenix": "fenix", @@ -70,28 +85,6 @@ "type": "github" } }, - "desktop-cosmic": { - "inputs": { - "flake-compat": "flake-compat", - "nixpkgs": [ - "desktop-nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1742395601, - "narHash": "sha256-WSoI4R/pY/8AY5ulSn03nry9KFGBGFRFcXjhBYYRYtI=", - "owner": "lilyinstarlight", - "repo": "nixos-cosmic", - "rev": "7f8e9de5c8494d209bd618dad4ad81e98b19fabc", - "type": "github" - }, - "original": { - "owner": "lilyinstarlight", - "repo": "nixos-cosmic", - "type": "github" - } - }, "desktop-home-manager": { "inputs": { "nixpkgs": [ @@ -130,7 +123,7 @@ "desktop-lanzaboote": { "inputs": { "crane": "crane", - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat", "flake-parts": "flake-parts", "nixpkgs": [ "desktop-nixpkgs" @@ -273,22 +266,6 @@ } }, "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1717312683, - "narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=", - "owner": "nix-community", - "repo": "flake-compat", - "rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { "flake": false, "locked": { "lastModified": 1696426674, @@ -304,7 +281,7 @@ "type": "github" } }, - "flake-compat_3": { + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1733328505, @@ -320,6 +297,22 @@ "type": "github" } }, + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1717312683, + "narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=", + "owner": "nix-community", + "repo": "flake-compat", + "rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "flake-compat", + "type": "github" + } + }, "flake-compat_4": { "flake": false, "locked": { @@ -336,6 +329,22 @@ "type": "github" } }, + "flake-compat_5": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -376,6 +385,27 @@ } }, "flake-parts_3": { + "inputs": { + "nixpkgs-lib": [ + "nas-lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "steamdeck-lanzaboote", @@ -485,6 +515,28 @@ } }, "gitignore_2": { + "inputs": { + "nixpkgs": [ + "nas-lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_3": { "inputs": { "nixpkgs": [ "steamdeck-lanzaboote", @@ -621,7 +673,7 @@ "nas-authentik-nix": { "inputs": { "authentik-src": "authentik-src", - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_2", "flake-parts": "flake-parts_2", "flake-utils": "flake-utils", "napalm": "napalm", @@ -645,6 +697,29 @@ "type": "github" } }, + "nas-cosmic": { + "inputs": { + "flake-compat": "flake-compat_3", + "nixpkgs": [ + "nas-nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_2", + "rust-overlay": "rust-overlay_2" + }, + "locked": { + "lastModified": 1742863891, + "narHash": "sha256-/mGCIxO7zlWCHOZLaOMRoJgSLpIav0PBKWG3BQddElw=", + "owner": "lilyinstarlight", + "repo": "nixos-cosmic", + "rev": "366999efebcad2165f472ef93e9c996693bda75d", + "type": "github" + }, + "original": { + "owner": "lilyinstarlight", + "repo": "nixos-cosmic", + "type": "github" + } + }, "nas-crowdsec": { "inputs": { "flake-utils": "flake-utils_2", @@ -701,6 +776,32 @@ "type": "github" } }, + "nas-lanzaboote": { + "inputs": { + "crane": "crane_2", + "flake-compat": "flake-compat_4", + "flake-parts": "flake-parts_3", + "nixpkgs": [ + "nas-nixpkgs" + ], + "pre-commit-hooks-nix": "pre-commit-hooks-nix_2", + "rust-overlay": "rust-overlay_3" + }, + "locked": { + "lastModified": 1737639419, + "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "v0.4.2", + "repo": "lanzaboote", + "type": "github" + } + }, "nas-nixos-hardware": { "locked": { "lastModified": 1742376361, @@ -893,11 +994,27 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1742268799, - "narHash": "sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic=", + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "da044451c6a70518db5b730fe277b70f494188f1", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { + "locked": { + "lastModified": 1742512142, + "narHash": "sha256-8XfURTDxOm6+33swQJu/hx6xw1Tznl8vJJN5HwVqckg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7105ae3957700a9646cc4b766f5815b23ed0c682", "type": "github" }, "original": { @@ -907,7 +1024,7 @@ "type": "github" } }, - "nixpkgs-stable_2": { + "nixpkgs-stable_3": { "locked": { "lastModified": 1730741070, "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", @@ -923,7 +1040,7 @@ "type": "github" } }, - "nixpkgs-stable_3": { + "nixpkgs-stable_4": { "locked": { "lastModified": 1742268799, "narHash": "sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic=", @@ -939,7 +1056,7 @@ "type": "github" } }, - "nixpkgs-stable_4": { + "nixpkgs-stable_5": { "locked": { "lastModified": 1730741070, "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", @@ -1116,7 +1233,7 @@ "desktop-lanzaboote", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_2" + "nixpkgs-stable": "nixpkgs-stable" }, "locked": { "lastModified": 1731363552, @@ -1135,15 +1252,42 @@ "pre-commit-hooks-nix_2": { "inputs": { "flake-compat": [ - "steamdeck-lanzaboote", + "nas-lanzaboote", "flake-compat" ], "gitignore": "gitignore_2", + "nixpkgs": [ + "nas-lanzaboote", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_3" + }, + "locked": { + "lastModified": 1731363552, + "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks-nix_3": { + "inputs": { + "flake-compat": [ + "steamdeck-lanzaboote", + "flake-compat" + ], + "gitignore": "gitignore_3", "nixpkgs": [ "steamdeck-lanzaboote", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_4" + "nixpkgs-stable": "nixpkgs-stable_5" }, "locked": { "lastModified": 1731363552, @@ -1162,7 +1306,6 @@ "root": { "inputs": { "desktop-chaotic": "desktop-chaotic", - "desktop-cosmic": "desktop-cosmic", "desktop-home-manager": "desktop-home-manager", "desktop-impermanence": "desktop-impermanence", "desktop-lanzaboote": "desktop-lanzaboote", @@ -1171,14 +1314,16 @@ "desktop-sops-nix": "desktop-sops-nix", "desktop-steam-rom-manager": "desktop-steam-rom-manager", "nas-authentik-nix": "nas-authentik-nix", + "nas-cosmic": "nas-cosmic", "nas-crowdsec": "nas-crowdsec", "nas-home-manager": "nas-home-manager", "nas-impermanence": "nas-impermanence", + "nas-lanzaboote": "nas-lanzaboote", "nas-nixos-hardware": "nas-nixos-hardware", "nas-nixpkgs": "nas-nixpkgs", "nas-sops-nix": "nas-sops-nix", "nix-darwin": "nix-darwin", - "nixpkgs-stable": "nixpkgs-stable_3", + "nixpkgs-stable": "nixpkgs-stable_4", "nixpkgs-unstable": "nixpkgs-unstable", "pi4-home-manager": "pi4-home-manager", "pi4-impermanence": "pi4-impermanence", @@ -1252,6 +1397,48 @@ } }, "rust-overlay_2": { + "inputs": { + "nixpkgs": [ + "nas-cosmic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1742437918, + "narHash": "sha256-Vflb6KJVDikFcM9E231mRN88uk4+jo7BWtaaQMifthI=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "f03085549609e49c7bcbbee86a1949057d087199", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_3": { + "inputs": { + "nixpkgs": [ + "nas-lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1731897198, + "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_4": { "inputs": { "nixpkgs": [ "steamdeck-lanzaboote", @@ -1353,14 +1540,14 @@ }, "steamdeck-lanzaboote": { "inputs": { - "crane": "crane_2", - "flake-compat": "flake-compat_4", - "flake-parts": "flake-parts_3", + "crane": "crane_3", + "flake-compat": "flake-compat_5", + "flake-parts": "flake-parts_4", "nixpkgs": [ "steamdeck-nixpkgs" ], - "pre-commit-hooks-nix": "pre-commit-hooks-nix_2", - "rust-overlay": "rust-overlay_2" + "pre-commit-hooks-nix": "pre-commit-hooks-nix_3", + "rust-overlay": "rust-overlay_4" }, "locked": { "lastModified": 1737639419, diff --git a/hosts/mac-nixos/configuration.nix b/hosts/mac-nixos/configuration.nix index e491e8d..69f431d 100755 --- a/hosts/mac-nixos/configuration.nix +++ b/hosts/mac-nixos/configuration.nix @@ -31,8 +31,6 @@ in efi.canTouchEfiVariables = lib.mkForce false; }; - apps.discover-wrapped.enable = lib.mkDefault false; - boot.extraModprobeConfig = '' options hid_apple iso_layout=0 ''; diff --git a/hosts/mac-nixos/gnome/default.nix b/hosts/mac-nixos/gnome/default.nix index ef4e7cb..3800456 100755 --- a/hosts/mac-nixos/gnome/default.nix +++ b/hosts/mac-nixos/gnome/default.nix @@ -4,7 +4,6 @@ home-manager.users.matt = import ./home.nix; - apps.discover-wrapped.enable = false; services = { xserver = { diff --git a/hosts/nas/apps.nix b/hosts/nas/apps.nix index 2edd65e..5452fec 100755 --- a/hosts/nas/apps.nix +++ b/hosts/nas/apps.nix @@ -14,31 +14,14 @@ ../../modules ./apps/netdata - ./apps/collabora ]; nas-apps = { - collabora = { - enable = false; - environmentFiles = [ config.sops.secrets."jallen-nas/collabora".path ]; - }; - free-games-claimer.enable = true; - jackett.enable = false; - manyfold.enable = true; - mariadb = { - enable = false; - environmentFiles = [ - config.sops.secrets."jallen-nas/mariadb/db_pass".path - config.sops.secrets."jallen-nas/mariadb/root_pass".path - ]; - }; - - mongodb.enable = true; netbootxyz = { enable = true; @@ -46,12 +29,12 @@ port2 = "4080"; }; - open-webui.enable = false; - paperless-ai.enable = true; tdarr.enable = true; - your_spotify.enable = true; + # spotify cancelled, data still in db + your_spotify.enable = false; + mongodb.enable = false; }; } diff --git a/hosts/nas/apps/collabora/default.nix b/hosts/nas/apps/collabora/default.nix deleted file mode 100755 index 14b4455..0000000 --- a/hosts/nas/apps/collabora/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, ... }: -{ - virtualisation.oci-containers.containers.onlyoffice = { - image = "onlyoffice/documentserver:latest"; - ports = ["9980:80"]; - environment = { - USE_UNAUTHORIZED_STORAGE = "true"; - }; - - environmentFiles = [ - config.sops.secrets."jallen-nas/onlyoffice-key".path - ]; - }; - # services.collabora-online = { - # enable = false; - # port = 9980; - # }; - - # services.onlyoffice = { - # enable = true; - # port = 9980; - # hostname = "office.mjallen.dev"; - # }; - # users.users.onlyoffice.isSystemUser = true; - # users.users.onlyoffice.isNormalUser = false; -} diff --git a/hosts/nas/apps/nextcloud/default.nix b/hosts/nas/apps/nextcloud/default.nix index 244f65a..9260a18 100755 --- a/hosts/nas/apps/nextcloud/default.nix +++ b/hosts/nas/apps/nextcloud/default.nix @@ -2,6 +2,7 @@ let adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path; secretsFile = config.sops.secrets."jallen-nas/nextcloud/smtp_settings".path; + jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path; nextcloudUserId = config.users.users.nix-apps.uid; nextcloudGroupId = config.users.groups.jallen-nas.gid; nextcloudPackage = pkgs.unstable.nextcloud31; @@ -19,6 +20,12 @@ in isReadOnly = true; mountPoint = "/run/secrets/jallen-nas/nextcloud"; }; + + secrets2 = { + hostPath = "/run/secrets/jallen-nas/onlyoffice-key"; + isReadOnly = true; + mountPoint = "/run/secrets/jallen-nas/onlyoffice-key"; + }; data = { hostPath = "/media/nas/main/nextcloud"; @@ -32,11 +39,11 @@ in mountPoint = "/var/lib/nextcloud"; }; - # "/var/lib/onlyoffice" = { - # hostPath = "/media/nas/ssd/nix-app-data/onlyoffice"; - # isReadOnly = false; - # mountPoint = "/var/lib/onlyoffice"; - # }; + "/var/lib/onlyoffice" = { + hostPath = "/media/nas/ssd/nix-app-data/onlyoffice"; + isReadOnly = false; + mountPoint = "/var/lib/onlyoffice"; + }; }; config = @@ -108,11 +115,19 @@ in user_oidc = { auto_provision = false; soft_auto_provision = false; + allow_multiple_user_backends = false; # auto redirect to authentik for login }; }; }; }; + services.onlyoffice = { + enable = true; + port = 9980; + hostname = "office.mjallen.dev"; + jwtSecretFile = jwtSecretFile; + }; + # System packages environment.systemPackages = with pkgs; [ cudaPackages.cudnn @@ -121,7 +136,7 @@ in # libtensorflow-bin nextcloud31 nodejs - # onlyoffice-documentserver + onlyoffice-documentserver sqlite ]; @@ -132,9 +147,9 @@ in group = "nextcloud"; }; - # users.users.onlyoffice = { - # group = lib.mkForce "nextcloud"; - # }; + users.users.onlyoffice = { + group = lib.mkForce "nextcloud"; + }; users.groups = { nextcloud = { @@ -183,6 +198,7 @@ in allowedTCPPorts = [ 80 443 + 9980 ]; }; # Use systemd-resolved inside the container @@ -209,6 +225,10 @@ in destination = "10.0.2.18:8000"; sourcePort = 8000; } + { + destination = "10.0.2.18:9980"; + sourcePort = 9980; + } ]; }; }; diff --git a/hosts/nas/apps/traefik/default.nix b/hosts/nas/apps/traefik/default.nix index 247765f..51e4adc 100755 --- a/hosts/nas/apps/traefik/default.nix +++ b/hosts/nas/apps/traefik/default.nix @@ -4,7 +4,7 @@ let authUrl = "http://10.0.1.18:9000/outpost.goauthentik.io"; authentikUrl = "http://10.0.1.18:9000"; - collaboraUrl = "http://10.0.1.18:9980"; + onlyofficeUrl = "http://10.0.2.18:9980"; cloudUrl = "http://10.0.2.18:80"; jellyfinUrl = "http://10.0.1.18:8096"; jellyseerrUrl = "http://10.0.1.52:5055"; @@ -137,9 +137,9 @@ in url = authentikUrl; } ]; - collabora.loadBalancer.servers = [ + onlyoffice.loadBalancer.servers = [ { - url = collaboraUrl; + url = onlyofficeUrl; } ]; cloud.loadBalancer.servers = [ @@ -193,10 +193,10 @@ in service = "authentik"; tls.certResolver = "letsencrypt"; }; - collabora = { + onlyoffice = { entryPoints = [ "websecure" ]; rule = "Host(`office.${domain}`)"; - service = "collabora"; + service = "onlyoffice"; middlewares = "onlyoffice-websocket"; tls.certResolver = "letsencrypt"; }; diff --git a/hosts/nas/networking.nix b/hosts/nas/networking.nix index a38c16f..ca4174a 100755 --- a/hosts/nas/networking.nix +++ b/hosts/nas/networking.nix @@ -11,7 +11,8 @@ let 1143 10200 10300 - 8127 + 8127 + 9980 # onlyoffice ]; in { diff --git a/hosts/nas/services.nix b/hosts/nas/services.nix index b493ca2..d274b54 100755 --- a/hosts/nas/services.nix +++ b/hosts/nas/services.nix @@ -175,8 +175,8 @@ in authentik = { enable = true; - environmentFile = "/media/nas/ssd/nix-app-data/authentik/.env"; - + # environmentFile = "/media/nas/ssd/nix-app-data/authentik/.env"; + environmentFile = config.sops.secrets."jallen-nas/authentik-env".path; }; postgresql = { diff --git a/hosts/nas/sops.nix b/hosts/nas/sops.nix index 7d82efd..a237a4f 100755 --- a/hosts/nas/sops.nix +++ b/hosts/nas/sops.nix @@ -41,6 +41,9 @@ in "upsmon.service" ]; }; + "jallen-nas/authentik-env" = { + restartUnits = [ "authentik.service" ]; + }; "jallen-nas/collabora" = { restartUnits = [ "podman-collabora.service" ]; }; @@ -68,6 +71,12 @@ in group = config.users.users."${user}".group; restartUnits = [ "container@nextcloud.service" ]; }; + "jallen-nas/onlyoffice-key" = { + mode = "0650"; + owner = config.users.users."${user}".name; + group = config.users.users."${user}".group; + restartUnits = [ "container@nextcloud.service" ]; + }; "jallen-nas/manyfold/secretkeybase" = { restartUnits = [ "podman-manyfold.service" ]; }; @@ -95,9 +104,6 @@ in "jallen-nas/netdata-token" = { restartUnits = [ "netdata.service" ]; }; - "jallen-nas/onlyoffice-key" = { - restartUnits = [ "podman-onlyoffice.service" ]; - }; "jallen-nas/paperless/secret" = { restartUnits = [ "container@paperless.service" ]; }; diff --git a/modules/apps/collabora/default.nix b/modules/apps/collabora/default.nix deleted file mode 100755 index 0a8f620..0000000 --- a/modules/apps/collabora/default.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ lib, config, ... }: -with lib; -let - cfg = config.nas-apps.collabora; -in -{ - imports = [ ./options.nix ]; - - config = mkIf cfg.enable { - virtualisation.oci-containers.containers."${cfg.name}" = { - autoStart = cfg.autoStart; - image = cfg.image; - extraOptions = [ - "--cap-add=MKNOD" - "--privileged" - ]; - ports = [ "${cfg.port}:9980" ]; - volumes = [ - # ... - ]; - environmentFiles = cfg.environmentFiles; - environment = { - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; - username = cfg.username; - # password = cfg.password; # get from env file - domain = "office.mjallen.dev"; - aliasgroup1 = "https://cloud.mjallen.dev:443"; - aliasgroup2 = "https://cloud.mjallen.dev:443"; - # DONT_GEN_SSL_CERT = cfg.dontGenSslCert; - server_name = cfg.serverName; - dictionaries = cfg.dictionaries; - extra_params = cfg.extraParams; - }; - }; - }; -} diff --git a/modules/apps/collabora/options.nix b/modules/apps/collabora/options.nix deleted file mode 100755 index 74e5ee6..0000000 --- a/modules/apps/collabora/options.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ lib, ... }: -with lib; -{ - options.nas-apps.collabora = { - enable = mkEnableOption "collabora docker service"; - - autoStart = mkOption { - type = types.bool; - default = true; - }; - - port = mkOption { - type = types.str; - default = "9980"; - }; - - name = mkOption { - type = types.str; - default = "collabora"; - }; - - image = mkOption { - type = types.str; - default = "collabora/code:24.04.5.1.1"; - }; - - puid = mkOption { - type = types.str; - default = "911"; - }; - - pgid = mkOption { - type = types.str; - default = "1000"; - }; - - timeZone = mkOption { - type = types.str; - default = "America/Chicago"; - }; - - username = mkOption { - type = types.str; - default = "mjallen"; - }; - - environmentFiles = mkOption { - type = with types; listOf path; - default = [ ]; - }; - - dontGenSslCert = mkOption { - type = types.str; - default = "1"; - }; - - serverName = mkOption { - type = types.str; - default = "office.mjallen.dev"; - }; - - dictionaries = mkOption { - type = types.str; - default = "de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"; - }; - - extraParams = mkOption { - type = types.str; - default = "--o:ssl.enable=false --o:ssl.termination=true --o:net.post_allow.host[0]=.+ --o:storage.wopi.host[0]=.+ --o:net.proto=IPv4"; - }; - }; -} diff --git a/modules/apps/deluge/default.nix b/modules/apps/deluge/default.nix deleted file mode 100755 index 8be550e..0000000 --- a/modules/apps/deluge/default.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ lib, config, ... }: -with lib; -let - cfg = config.nas-apps.deluge; -in -{ - imports = [ ./options.nix ]; - - config = mkIf cfg.enable { - - virtualisation.oci-containers.containers."${cfg.name}" = { - autoStart = cfg.autoStart; - image = cfg.image; - ports = [ - "${toString cfg.port1}:8112" - "${toString cfg.port2}:8118" - "${toString cfg.port3}:58846" - "${toString cfg.port4}:58966" - ]; - extraOptions = [ "--cap-add=NET_ADMIN" ]; - volumes = [ - "${cfg.configPath}:/config" - "${cfg.moviesPath}:/data/downloads" - "${cfg.tvPath}:/data/downloads-icomplete" - "/etc/localtime:/etc/localtime:ro" - ]; - environment = { - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; - VPN_ENABLED = "yes"; - VPN_PROV = "custom"; - VPN_CLIENT = "openvpn"; - LAN_NETWORK = "10.0.1.0/24"; - NAME_SERVERS = "1.1.1.1"; - }; - }; - }; -} diff --git a/modules/apps/deluge/options.nix b/modules/apps/deluge/options.nix deleted file mode 100755 index 6d6af1c..0000000 --- a/modules/apps/deluge/options.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ lib, ... }: -with lib; -{ - options.nas-apps.deluge = { - enable = mkEnableOption "deluge docker service"; - - autoStart = mkOption { - type = types.bool; - default = true; - }; - - name = mkOption { - type = types.str; - default = "deluge"; - }; - - port1 = mkOption { - type = types.str; - default = "8112"; - }; - - port2 = mkOption { - type = types.str; - default = "8118"; - }; - - port3 = mkOption { - type = types.str; - default = "58846"; - }; - - port4 = mkOption { - type = types.str; - default = "58966"; - }; - - image = mkOption { - type = types.str; - default = "binhex/arch-delugevpn"; - }; - - configPath = mkOption { - type = types.str; - default = "/media/nas/ssd/nix-app-data/deluge"; - }; - - moviesPath = mkOption { - type = types.str; - default = "/media/nas/ssd/ssd_app_data/downloads"; - }; - - tvPath = mkOption { - type = types.str; - default = "/media/nas/ssd/ssd_app_data/downloads-incomplete"; - }; - - puid = mkOption { - type = types.str; - default = "0"; - }; - - pgid = mkOption { - type = types.str; - default = "0"; - }; - - timeZone = mkOption { - type = types.str; - default = "America/Chicago"; - }; - }; -} diff --git a/modules/apps/discover-wrapped/default.nix b/modules/apps/discover-wrapped/default.nix deleted file mode 100755 index 1e99803..0000000 --- a/modules/apps/discover-wrapped/default.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -with lib; -let - cfg = config.apps.discover-wrapped; - - # discover-wrapper is needed as of 1/24/24 since PackageKit does not work correctly so this removes error messages. - discover-wrapped = pkgs.symlinkJoin { - name = "discover-flatpak-backend"; - paths = [ pkgs.libsForQt5.discover ]; - buildInputs = [ pkgs.makeWrapper ]; - postBuild = '' - wrapProgram $out/bin/plasma-discover --add-flags "--backends flatpak" - ''; - }; -in -{ - imports = [ ./options.nix ]; - - config = mkIf cfg.enable { - # Configure environment - environment.systemPackages = [ discover-wrapped ]; - }; -} diff --git a/modules/apps/discover-wrapped/options.nix b/modules/apps/discover-wrapped/options.nix deleted file mode 100755 index 335781c..0000000 --- a/modules/apps/discover-wrapped/options.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ lib, ... }: -with lib; -{ - options.apps.discover-wrapped = { - enable = mkEnableOption "enable discover with flatpak"; - }; -} diff --git a/modules/apps/jackett/default.nix b/modules/apps/jackett/default.nix deleted file mode 100755 index f9e7f1f..0000000 --- a/modules/apps/jackett/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ lib, config, ... }: -with lib; -let - cfg = config.nas-apps.jackett; -in -{ - imports = [ ./options.nix ]; - - config = mkIf cfg.enable { - virtualisation.oci-containers.containers."${cfg.name}" = { - autoStart = cfg.autoStart; - image = cfg.image; - ports = [ "${cfg.port}:9117" ]; - volumes = [ - "${cfg.configPath}:/config" - "${cfg.downloadsPath}:/downloads" - ]; - environment = { - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; - }; - }; - }; -} diff --git a/modules/apps/jackett/options.nix b/modules/apps/jackett/options.nix deleted file mode 100755 index 5c60dfb..0000000 --- a/modules/apps/jackett/options.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ lib, ... }: -with lib; -{ - options.nas-apps.jackett = { - enable = mkEnableOption "jackett docker service"; - - autoStart = mkOption { - type = types.bool; - default = true; - }; - - port = mkOption { - type = types.str; - default = "9117"; - }; - - name = mkOption { - type = types.str; - default = "jackett"; - }; - - image = mkOption { - type = types.str; - default = "linuxserver/jackett"; - }; - - configPath = mkOption { - type = types.str; - default = "/media/nas/ssd/nix-app-data/jackett"; - }; - - downloadsPath = mkOption { - type = types.str; - default = "/media/nas/ssd/ssd_app_data/downloads"; - }; - - puid = mkOption { - type = types.str; - default = "911"; - }; - - pgid = mkOption { - type = types.str; - default = "1000"; - }; - - timeZone = mkOption { - type = types.str; - default = "America/Chicago"; - }; - }; -} diff --git a/modules/apps/mariadb/default.nix b/modules/apps/mariadb/default.nix deleted file mode 100755 index 356d5d4..0000000 --- a/modules/apps/mariadb/default.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ lib, config, ... }: -with lib; -let - cfg = config.nas-apps.mariadb; -in -{ - imports = [ ./options.nix ]; - - config = mkIf cfg.enable { - virtualisation.oci-containers.containers."${cfg.name}" = { - autoStart = cfg.autoStart; - image = cfg.image; - ports = [ "${cfg.port}:3306" ]; - volumes = [ "${cfg.configPath}:/config" ]; - environmentFiles = cfg.environmentFiles; - environment = { - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; - # MYSQL_ROOT_PASSWORD = cfg.rootPassword; # get from env file - MYSQL_DATABASE = cfg.databaseName; - MYSQL_USER = cfg.databaseUser; - # MYSQL_PASSWORD = cfg.databasePassword; # get from env file - }; - }; - }; -} diff --git a/modules/apps/mariadb/options.nix b/modules/apps/mariadb/options.nix deleted file mode 100755 index e7ace66..0000000 --- a/modules/apps/mariadb/options.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ lib, ... }: -with lib; -{ - options.nas-apps.mariadb = { - enable = mkEnableOption "mariadb docker service"; - - autoStart = mkOption { - type = types.bool; - default = true; - }; - - port = mkOption { - type = types.str; - default = "3306"; - }; - - name = mkOption { - type = types.str; - default = "mariadb"; - }; - - image = mkOption { - type = types.str; - default = "linuxserver/mariadb"; - }; - - configPath = mkOption { - type = types.str; - default = "/media/nas/ssd/mariadb"; - }; - - puid = mkOption { - type = types.str; - default = "911"; - }; - - pgid = mkOption { - type = types.str; - default = "1000"; - }; - - timeZone = mkOption { - type = types.str; - default = "America/Chicago"; - }; - - databaseName = mkOption { - type = types.str; - default = "jallen_nextcloud"; - }; - - databaseUser = mkOption { - type = types.str; - default = "nextcloud"; - }; - - environmentFiles = mkOption { - type = with types; listOf path; - default = [ ]; - }; - }; -} diff --git a/modules/apps/ollama/default.nix b/modules/apps/ollama/default.nix deleted file mode 100755 index f9c479d..0000000 --- a/modules/apps/ollama/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ lib, config, ... }: -with lib; -let - cfg = config.nas-apps.ollama; -in -{ - imports = [ ./options.nix ]; - - config = mkIf cfg.enable { - - virtualisation.oci-containers.containers.${cfg.name} = { - autoStart = true; - image = cfg.image; - extraOptions = [ "--device=nvidia.com/gpu=0" ]; - volumes = [ "${cfg.configPath}:/root/.ollama" ]; - ports = [ "${cfg.port}:11434" ]; - environment = { - NVIDIA_VISIBLE_DEVICES = "all"; - NVIDIA_DRIVER_CAPABILITIES = "all"; - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; - }; - }; - }; -} diff --git a/modules/apps/ollama/options.nix b/modules/apps/ollama/options.nix deleted file mode 100755 index 14cb2b1..0000000 --- a/modules/apps/ollama/options.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ lib, ... }: -with lib; -{ - options.nas-apps.ollama = { - enable = mkEnableOption "ollama docker service"; - - autoStart = mkOption { - type = types.bool; - default = true; - }; - - port = mkOption { - type = types.str; - default = "11434"; - }; - - name = mkOption { - type = types.str; - default = "ollama"; - }; - - image = mkOption { - type = types.str; - default = "ollama/ollama"; - }; - - configPath = mkOption { - type = types.str; - default = "/media/nas/ssd/nix-app-data/ollama"; - }; - - puid = mkOption { - type = types.str; - default = "911"; - }; - - pgid = mkOption { - type = types.str; - default = "1000"; - }; - - timeZone = mkOption { - type = types.str; - default = "America/Chicago"; - }; - }; -} diff --git a/modules/apps/open-webui/default.nix b/modules/apps/open-webui/default.nix deleted file mode 100755 index f2f769a..0000000 --- a/modules/apps/open-webui/default.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ lib, config, ... }: -with lib; -let - cfg = config.nas-apps.open-webui; -in -{ - imports = [ ./options.nix ]; - - config = mkIf cfg.enable { - - virtualisation.oci-containers.containers.${cfg.name} = { - autoStart = true; - image = cfg.image; - extraOptions = [ "--device=nvidia.com/gpu=0" ]; - volumes = [ - "${cfg.configPath}:/app/backend/data" - "${cfg.ollamaPath}:/root/.ollama" - ]; - ports = [ "${cfg.port}:8080" ]; - environment = { - NVIDIA_VISIBLE_DEVICES = "all"; - NVIDIA_DRIVER_CAPABILITIES = "all"; - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; - OAUTH_CLIENT_ID = "P4YrtPrdwoQkwYs4e5AHQx7xiz4FV6OpT24rjqXa"; - OAUTH_CLIENT_SECRET = "XpZ1Y9RUMD6FVxBSxg8evHkRYuSUJ3saN99uCFfeNo4Z8vrmnqZBHJQzSSCFig1fgqEYCr3SmcOvCHGHUsz9FJT2aZFlZxKv6bZZpuMQYASHiQtuX2pTVEspiNab3129"; - OPENID_PROVIDER_URL = "https://authentik.mjallen.dev/application/o/chat/.well-known/openid-configuration"; - OPENID_PROVIDER_NAME = "authentik"; - ENABLE_OAUTH_SIGNUP = "true"; - OAUTH_MERGE_ACCOUNTS_BY_EMAIL = "true"; - }; - }; - }; -} diff --git a/modules/apps/open-webui/options.nix b/modules/apps/open-webui/options.nix deleted file mode 100755 index b5744c3..0000000 --- a/modules/apps/open-webui/options.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ lib, ... }: -with lib; -{ - options.nas-apps.open-webui = { - enable = mkEnableOption "open-webui docker service"; - - autoStart = mkOption { - type = types.bool; - default = true; - }; - - port = mkOption { - type = types.str; - default = "8888"; - }; - - name = mkOption { - type = types.str; - default = "open-webui"; - }; - - image = mkOption { - type = types.str; - default = "ghcr.io/open-webui/open-webui:ollama"; - }; - - configPath = mkOption { - type = types.str; - default = "/media/nas/ssd/nix-app-data/open-webui"; - }; - - ollamaPath = mkOption { - type = types.str; - default = "/media/nas/ssd/nix-app-data/ollama"; - }; - - puid = mkOption { - type = types.str; - default = "911"; - }; - - pgid = mkOption { - type = types.str; - default = "1000"; - }; - - timeZone = mkOption { - type = types.str; - default = "America/Chicago"; - }; - }; -} diff --git a/modules/default.nix b/modules/default.nix index 3989c1f..1da2090 100755 --- a/modules/default.nix +++ b/modules/default.nix @@ -2,15 +2,10 @@ { imports = [ ./samba - ./apps/collabora - ./apps/discover-wrapped ./apps/free-games-claimer - ./apps/jackett ./apps/manyfold - ./apps/mariadb ./apps/mongodb ./apps/netbootxyz - ./apps/open-webui ./apps/tdarr ./apps/your-spotify ]; diff --git a/modules/samba/default-unstable.nix b/modules/samba/default-unstable.nix deleted file mode 100755 index a685559..0000000 --- a/modules/samba/default-unstable.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ lib, config, ... }: -with lib; -let - cfg = config.nas-samba; -in -{ - imports = [ ./options.nix ]; - - config = mkIf cfg.enable { - # make shares visible for Windows clients - services.samba-wsdd = { - enable = true; - openFirewall = true; - }; - - services.netatalk = { - enable = cfg.enableTimeMachine; - settings = { - time-machine = { - path = cfg.timeMachinePath; - "valid users" = "whoever"; - "time machine" = cfg.enableTimeMachine; - }; - }; - }; - - networking.firewall.enable = true; - networking.firewall.allowPing = true; - - services.samba = { - enable = true; - openFirewall = true; - # settings = { - # create-mode = 664; - # force directory mode = 2770 - # workgroup = WORKGROUP - # server string = jallen-nas - # netbios name = jallen-nas - # security = user - # #use sendfile = yes - # #max protocol = smb2 - # # note: localhost is the ipv6 localhost ::1 - # hosts allow = ${cfg.hostsAllow} 127.0.0.1 localhost - # hosts deny = 0.0.0.0/0 - # guest account = nobody - # map to guest = bad user - # usershare allow guests = yes - # }; - settings = - let - make = - name: share: - nameValuePair "${name}" { - path = share.sharePath; - public = if share.enableTimeMachine then "no" else "yes"; - private = if !share.public || share.enableTimeMachine then "yes" else "no"; - browseable = if share.browseable then "yes" else "no"; - writable = "yes"; - "force group" = "jallen-nas"; - "read only" = if share.readOnly then "yes" else "no"; - "guest ok" = if share.guestOk then "yes" else "no"; - "create mask" = share.createMask; - "directory mask" = share.directoryMask; - "fruit:aapl" = if share.enableTimeMachine then "yes" else "no"; - "fruit:time machine" = if share.enableTimeMachine then "yes" else "no"; - "vfs objects" = "catia fruit streams_xattr"; - "fruit:time machine max size" = share.timeMachineMaxSize; - }; - in - mapAttrs' make cfg.shares; - }; - }; -} diff --git a/modules/samba/default.nix b/modules/samba/default.nix index 6128b79..2c1263a 100755 --- a/modules/samba/default.nix +++ b/modules/samba/default.nix @@ -30,22 +30,6 @@ in services.samba = { enable = true; openFirewall = true; - # settings = { - # create-mode = 664; - # force directory mode = 2770 - # workgroup = WORKGROUP - # server string = jallen-nas - # netbios name = jallen-nas - # security = user - # #use sendfile = yes - # #max protocol = smb2 - # # note: localhost is the ipv6 localhost ::1 - # hosts allow = ${cfg.hostsAllow} 127.0.0.1 localhost - # hosts deny = 0.0.0.0/0 - # guest account = nobody - # map to guest = bad user - # usershare allow guests = yes - # }; settings = let make = @@ -53,7 +37,6 @@ in nameValuePair "${name}" { path = share.sharePath; public = if share.enableTimeMachine then "no" else "yes"; - private = if !share.public || share.enableTimeMachine then "yes" else "no"; browseable = if share.browseable then "yes" else "no"; writable = "yes"; "force group" = "jallen-nas"; @@ -65,7 +48,6 @@ in "fruit:time machine" = if share.enableTimeMachine then "yes" else "no"; "vfs objects" = "catia fruit streams_xattr"; "fruit:time machine max size" = share.timeMachineMaxSize; - # "smbd profiling level" = "on"; }; in mapAttrs' make cfg.shares; diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 9c2e611..6a5b04b 100755 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -3,6 +3,7 @@ wifi: ENC[AES256_GCM,data:Rs+4Km4DogO7XatA,iv:JUv9HkNWsv/l4Fli5sFeUeYuWG1Yju95G5 jallen-nas: admin_password: ENC[AES256_GCM,data:RGb0UQkLhqfBWflIc5r8yWgYvc0EZuM49uhnXH1r6o9d7Ya7eAoTn2DHdWmYnd9/LpTXPmLF07Nf8s1+/odYx8RBmaji56yWbQ==,iv:dGlvZtZFB8jsI33Qkmmb3iHTXqpVWfbd0EfNK0uX3i4=,tag:z6THeY0UmG64VwOdwnL/AA==,type:str] ups_password: ENC[AES256_GCM,data:yHCwM7XbbhQZwxE=,iv:m4dD6VlrplHbZB5hnV1fk5N8IOsc+fA5qhTcrqiTxDM=,tag:41EaB9z2jlNTfPw5wlWQ3g==,type:str] + authentik-env: ENC[AES256_GCM,data:5VLJg1RZM7L0uF97nVhhbp8kDFCFyaa0NdVb21lyn5J4NYN/BsoNXEiC0IR9pXjIVd5ogpm5BhKgtsQeSmXfOHAr+acbcwtJQ9U9Cvn4iaq4jJ4LcKMCMrLOiIe1zcqorPIiUXrQ2xX04k83m9KPKAEXyYiwIbmCQI7knd9f3S7q8cnTMT6oCcLenZFXL3fVgpAU+NOpbYeByXdZ/TLXN92qImcRTZ4lIaG6fkqhzzrgO2mp6DL8Tc+Y22k5EU+69GzWcMSENMhPhMXDZd87R6l0VZc77BRecV6X1qlhjYiCbAffgJrcjZWZvHJRtYazR+mGONXlmORiRGGUDhgXYIWeOkZnL6HESkvph3G9VLS4fU2J/v9kF3MrnSbWWFMvU8nca/JrDxxfcIschGcWQ9PM33MR+3ScY4hma8kro73qNhgaiutWa/txLxxMOuiTxKxU88PN2lfp5c3O8MIj4/mRnCnu7QwmTG99Iga1xzaoI5nTP9xqGevSidoJ61s2J6Nm6aFi7OjUW+sG4HUd4Bj9D6Yhatn8UtggMIBAcjo8kcluXTjtse2mfEheQnl+OvJYgYLT4m/+O9HALbdEIXdRvUR6QLIO3ADSFAfGNKr0qgNGN+8ixnWywsclnb+ZI4TYnB4gJVs3VV3wNP0UOnZLtEtK9luDZHVTU914uBuZxzh54cdcy+I99dfuIX7YOIu75gOy4yRnu9qygyXS9/xKldFjpVN+YZ2SWj06aTWXg5LghqRSW8oAURoJxqvEHQ8=,iv:u9e/8M5LuUxq9guYAotWiq5sUQvIFwHifHTyRvMqhoE=,tag:woEsW51e7LDQImLnQPjqAw==,type:str] collabora: ENC[AES256_GCM,data:A01H7FzgSplAEn0dsENgllyWza4=,iv:L9bPHKdeIHn7caYn78XOkdmuSk1RIuSVcIW5HFQL8PY=,tag:h0kiClGAwGB6iP327flWew==,type:str] mariadb: root_pass: ENC[AES256_GCM,data:YLPfEG4/6FeCnrKdfXv9z4hHwtpM/KtBCYqlm4IUvA==,iv:pc9Ljasy76bfkmFRJ4M+wfEtjXBUD7Kb0S0WQZhCmOs=,tag:Wk/7gpKidirhRqw4+Pu96g==,type:str] @@ -12,7 +13,7 @@ jallen-nas: dbpassword: ENC[AES256_GCM,data:Xu92h2psR4jAJDM=,iv:UsJD1zq9Uy0Exxk58nkyPGyI8m2BOuvr2DK843h5pSk=,tag:k4MvHT8BoahCf9ZxQw8ovA==,type:str] adminpassword: ENC[AES256_GCM,data:y4PXSbrAAw3A6cg=,iv:10Dm3IYqKJz2FNRteauuYSKXCHE2IKHv4ytidUvblXA=,tag:OAsZ69s4g2p0JEenLbkXdA==,type:str] smtp_settings: ENC[AES256_GCM,data:JCbXCQwJtTFgHeLTIJ2ZNWwOreZV3uKWl9qNvE9uQcOULToZDWLQoOGyuGzl7Xlb2yyLiaYYlOFRV9bbbfjBljz+4I9b6cw0dNdhaKg3CpUzdFqRq3dvi4zCy/HEf1Rp/ccU92JelYkfP9S3yNdYq3i+52kr98g5F722ktDC79RiRtJJ44CRff5NBYnDJdGa5OWBf7yPW/5xsX7oqaDI/3yzYTbPGImnQkYfG0GUFP3tRVul0EM++0UoOTcKXEUvolAc0Ij672ONYm+ZqJp8wckouZu2Gae1AK0DficffiZfy4jI1obJPPkQYzoPBWSr7UU9s8PC7zsx2o8OklWZu2LqFxzd1J59qCfIhHrbz2N8OeJhwD+nySrKj1jPdz5amXJT1b4xHE4/YJg7LJmsAYmbEH6OH4928CqYLLwJcaZeVZ6EmeDT,iv:GLy1n7lun9OaOgQJw607moJQwWf4PuD9kUONJOjXuXQ=,tag:AqRJnISyoRkA6I/prZoQpg==,type:str] - onlyoffice-key: ENC[AES256_GCM,data:htJ+CEyeHgdxbOGKT5SFPaQeFYw0vw==,iv:J/yl1vYx4As8TwpgNYkeiZZixXzHMFeF0/D3zY+MmIc=,tag:wdc8hRLs+qWpVhwGsvSqZg==,type:str] + onlyoffice-key: ENC[AES256_GCM,data:KEX5GfFJgQJulSI=,iv:5yss7JSyyvf2I5Mdn7iJsMBQps59XSEUzWdfyZ7WyLg=,tag:7i1Y3cx4QQzB5LjrfuhCKw==,type:str] manyfold: secretkeybase: ENC[AES256_GCM,data:b+fgTrtnZcp34DOQ0dtKc6bX6/dm9j0o3QJr,iv:e4hOwgTFCXVokGqhwKsYHt5IQgtaKcMmEqvDoMly5aI=,tag:E8gFiOuozA4T1mmcgXfbDg==,type:str] immich: @@ -144,8 +145,8 @@ sops: TWRvYVZ5eklJQU81SzBVZ1BBbENuTkEKwMTa1cAH3sNm2npVhQ/dDl5M7Q8T3vOx 9slEt5EVUgqaJVhVr9AM9aAhghWJa5i5+Eh628C6p53XFxrO+6zUYA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-21T02:08:05Z" - mac: ENC[AES256_GCM,data:SCRRxSx/vqoyCUz/ZqRkeukMBQGqkWbnXEqyRS755EQLUBoSOQl0wVb073VOHnX+DMBVljZUjYqvqG5Kunt88qR2bSMg3dc55lJZgDebvUzp1aKn6Xasf458qTvr9H7mUFFIioz/hTuNucwDlL4PaSDw3HItCifD+lvvhU6VGnI=,iv:6sVMivsXDSI9x8eo90v1VHNiV+qXAdwe3g+ZM/gDMRk=,tag:pVKG8caLQCCE46JRMxUv5w==,type:str] + lastmodified: "2025-03-25T22:09:20Z" + mac: ENC[AES256_GCM,data:H5gAX9yvLdIU26HvNLQ3TwZOEb/ZPII7Odl5R2Bm/UYZYr2Rsqwf9Rwqa1kvxwFBjgKkpepfb13Qr8rHyclCLqaf4sVyFnZiKyf3a5E88NS6LcVe9nBnwBH5U/ZuFBFT+5lKtd39nyOc/vMI45whnXxCx5kwHx6BEbXfk83ht7U=,iv:Onm6Rq16IWcU/0KA2++x+XFd7QSJbWnO6r+15ltKJIs=,tag:QGI4tbRVZpb9bKU35P5WQg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4