many cleanup, secrets, onlyoffice
This commit is contained in:
mjallen18
@@ -31,8 +31,6 @@ in
|
||||
efi.canTouchEfiVariables = lib.mkForce false;
|
||||
};
|
||||
|
||||
apps.discover-wrapped.enable = lib.mkDefault false;
|
||||
|
||||
boot.extraModprobeConfig = ''
|
||||
options hid_apple iso_layout=0
|
||||
'';
|
||||
|
||||
@@ -4,7 +4,6 @@
|
||||
|
||||
|
||||
home-manager.users.matt = import ./home.nix;
|
||||
apps.discover-wrapped.enable = false;
|
||||
|
||||
services = {
|
||||
xserver = {
|
||||
|
||||
@@ -14,31 +14,14 @@
|
||||
../../modules
|
||||
|
||||
./apps/netdata
|
||||
./apps/collabora
|
||||
];
|
||||
|
||||
nas-apps = {
|
||||
|
||||
collabora = {
|
||||
enable = false;
|
||||
environmentFiles = [ config.sops.secrets."jallen-nas/collabora".path ];
|
||||
};
|
||||
|
||||
free-games-claimer.enable = true;
|
||||
|
||||
jackett.enable = false;
|
||||
|
||||
manyfold.enable = true;
|
||||
|
||||
mariadb = {
|
||||
enable = false;
|
||||
environmentFiles = [
|
||||
config.sops.secrets."jallen-nas/mariadb/db_pass".path
|
||||
config.sops.secrets."jallen-nas/mariadb/root_pass".path
|
||||
];
|
||||
};
|
||||
|
||||
mongodb.enable = true;
|
||||
|
||||
netbootxyz = {
|
||||
enable = true;
|
||||
@@ -46,12 +29,12 @@
|
||||
port2 = "4080";
|
||||
};
|
||||
|
||||
open-webui.enable = false;
|
||||
|
||||
paperless-ai.enable = true;
|
||||
|
||||
tdarr.enable = true;
|
||||
|
||||
your_spotify.enable = true;
|
||||
# spotify cancelled, data still in db
|
||||
your_spotify.enable = false;
|
||||
mongodb.enable = false;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,26 +0,0 @@
|
||||
{ config, ... }:
|
||||
{
|
||||
virtualisation.oci-containers.containers.onlyoffice = {
|
||||
image = "onlyoffice/documentserver:latest";
|
||||
ports = ["9980:80"];
|
||||
environment = {
|
||||
USE_UNAUTHORIZED_STORAGE = "true";
|
||||
};
|
||||
|
||||
environmentFiles = [
|
||||
config.sops.secrets."jallen-nas/onlyoffice-key".path
|
||||
];
|
||||
};
|
||||
# services.collabora-online = {
|
||||
# enable = false;
|
||||
# port = 9980;
|
||||
# };
|
||||
|
||||
# services.onlyoffice = {
|
||||
# enable = true;
|
||||
# port = 9980;
|
||||
# hostname = "office.mjallen.dev";
|
||||
# };
|
||||
# users.users.onlyoffice.isSystemUser = true;
|
||||
# users.users.onlyoffice.isNormalUser = false;
|
||||
}
|
||||
@@ -2,6 +2,7 @@
|
||||
let
|
||||
adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path;
|
||||
secretsFile = config.sops.secrets."jallen-nas/nextcloud/smtp_settings".path;
|
||||
jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path;
|
||||
nextcloudUserId = config.users.users.nix-apps.uid;
|
||||
nextcloudGroupId = config.users.groups.jallen-nas.gid;
|
||||
nextcloudPackage = pkgs.unstable.nextcloud31;
|
||||
@@ -19,6 +20,12 @@ in
|
||||
isReadOnly = true;
|
||||
mountPoint = "/run/secrets/jallen-nas/nextcloud";
|
||||
};
|
||||
|
||||
secrets2 = {
|
||||
hostPath = "/run/secrets/jallen-nas/onlyoffice-key";
|
||||
isReadOnly = true;
|
||||
mountPoint = "/run/secrets/jallen-nas/onlyoffice-key";
|
||||
};
|
||||
|
||||
data = {
|
||||
hostPath = "/media/nas/main/nextcloud";
|
||||
@@ -32,11 +39,11 @@ in
|
||||
mountPoint = "/var/lib/nextcloud";
|
||||
};
|
||||
|
||||
# "/var/lib/onlyoffice" = {
|
||||
# hostPath = "/media/nas/ssd/nix-app-data/onlyoffice";
|
||||
# isReadOnly = false;
|
||||
# mountPoint = "/var/lib/onlyoffice";
|
||||
# };
|
||||
"/var/lib/onlyoffice" = {
|
||||
hostPath = "/media/nas/ssd/nix-app-data/onlyoffice";
|
||||
isReadOnly = false;
|
||||
mountPoint = "/var/lib/onlyoffice";
|
||||
};
|
||||
};
|
||||
|
||||
config =
|
||||
@@ -108,11 +115,19 @@ in
|
||||
user_oidc = {
|
||||
auto_provision = false;
|
||||
soft_auto_provision = false;
|
||||
allow_multiple_user_backends = false; # auto redirect to authentik for login
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.onlyoffice = {
|
||||
enable = true;
|
||||
port = 9980;
|
||||
hostname = "office.mjallen.dev";
|
||||
jwtSecretFile = jwtSecretFile;
|
||||
};
|
||||
|
||||
# System packages
|
||||
environment.systemPackages = with pkgs; [
|
||||
cudaPackages.cudnn
|
||||
@@ -121,7 +136,7 @@ in
|
||||
# libtensorflow-bin
|
||||
nextcloud31
|
||||
nodejs
|
||||
# onlyoffice-documentserver
|
||||
onlyoffice-documentserver
|
||||
sqlite
|
||||
];
|
||||
|
||||
@@ -132,9 +147,9 @@ in
|
||||
group = "nextcloud";
|
||||
};
|
||||
|
||||
# users.users.onlyoffice = {
|
||||
# group = lib.mkForce "nextcloud";
|
||||
# };
|
||||
users.users.onlyoffice = {
|
||||
group = lib.mkForce "nextcloud";
|
||||
};
|
||||
|
||||
users.groups = {
|
||||
nextcloud = {
|
||||
@@ -183,6 +198,7 @@ in
|
||||
allowedTCPPorts = [
|
||||
80
|
||||
443
|
||||
9980
|
||||
];
|
||||
};
|
||||
# Use systemd-resolved inside the container
|
||||
@@ -209,6 +225,10 @@ in
|
||||
destination = "10.0.2.18:8000";
|
||||
sourcePort = 8000;
|
||||
}
|
||||
{
|
||||
destination = "10.0.2.18:9980";
|
||||
sourcePort = 9980;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
@@ -4,7 +4,7 @@ let
|
||||
|
||||
authUrl = "http://10.0.1.18:9000/outpost.goauthentik.io";
|
||||
authentikUrl = "http://10.0.1.18:9000";
|
||||
collaboraUrl = "http://10.0.1.18:9980";
|
||||
onlyofficeUrl = "http://10.0.2.18:9980";
|
||||
cloudUrl = "http://10.0.2.18:80";
|
||||
jellyfinUrl = "http://10.0.1.18:8096";
|
||||
jellyseerrUrl = "http://10.0.1.52:5055";
|
||||
@@ -137,9 +137,9 @@ in
|
||||
url = authentikUrl;
|
||||
}
|
||||
];
|
||||
collabora.loadBalancer.servers = [
|
||||
onlyoffice.loadBalancer.servers = [
|
||||
{
|
||||
url = collaboraUrl;
|
||||
url = onlyofficeUrl;
|
||||
}
|
||||
];
|
||||
cloud.loadBalancer.servers = [
|
||||
@@ -193,10 +193,10 @@ in
|
||||
service = "authentik";
|
||||
tls.certResolver = "letsencrypt";
|
||||
};
|
||||
collabora = {
|
||||
onlyoffice = {
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`office.${domain}`)";
|
||||
service = "collabora";
|
||||
service = "onlyoffice";
|
||||
middlewares = "onlyoffice-websocket";
|
||||
tls.certResolver = "letsencrypt";
|
||||
};
|
||||
|
||||
@@ -11,7 +11,8 @@ let
|
||||
1143
|
||||
10200
|
||||
10300
|
||||
8127
|
||||
8127
|
||||
9980 # onlyoffice
|
||||
];
|
||||
in
|
||||
{
|
||||
|
||||
@@ -175,8 +175,8 @@ in
|
||||
|
||||
authentik = {
|
||||
enable = true;
|
||||
environmentFile = "/media/nas/ssd/nix-app-data/authentik/.env";
|
||||
|
||||
# environmentFile = "/media/nas/ssd/nix-app-data/authentik/.env";
|
||||
environmentFile = config.sops.secrets."jallen-nas/authentik-env".path;
|
||||
};
|
||||
|
||||
postgresql = {
|
||||
|
||||
@@ -41,6 +41,9 @@ in
|
||||
"upsmon.service"
|
||||
];
|
||||
};
|
||||
"jallen-nas/authentik-env" = {
|
||||
restartUnits = [ "authentik.service" ];
|
||||
};
|
||||
"jallen-nas/collabora" = {
|
||||
restartUnits = [ "podman-collabora.service" ];
|
||||
};
|
||||
@@ -68,6 +71,12 @@ in
|
||||
group = config.users.users."${user}".group;
|
||||
restartUnits = [ "container@nextcloud.service" ];
|
||||
};
|
||||
"jallen-nas/onlyoffice-key" = {
|
||||
mode = "0650";
|
||||
owner = config.users.users."${user}".name;
|
||||
group = config.users.users."${user}".group;
|
||||
restartUnits = [ "container@nextcloud.service" ];
|
||||
};
|
||||
"jallen-nas/manyfold/secretkeybase" = {
|
||||
restartUnits = [ "podman-manyfold.service" ];
|
||||
};
|
||||
@@ -95,9 +104,6 @@ in
|
||||
"jallen-nas/netdata-token" = {
|
||||
restartUnits = [ "netdata.service" ];
|
||||
};
|
||||
"jallen-nas/onlyoffice-key" = {
|
||||
restartUnits = [ "podman-onlyoffice.service" ];
|
||||
};
|
||||
"jallen-nas/paperless/secret" = {
|
||||
restartUnits = [ "container@paperless.service" ];
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user