Merge branch 'master' of ssh://ssh.nx2.site:50022/nx2/dotfiles

2025-01-19 22:09:08 +01:00
parent 9612646c55 94559de7ae
commit 5e34285db2
12 changed files with 236 additions and 123 deletions
--- a/system-modules/boot.nix
+++ b/system-modules/boot.nix
@@ -118,6 +118,7 @@ in
          efiSupport = true;
        };
      };
+      kernelPackages = pkgs-unstable.linuxPackages_6_11;
    };
  };
 }
--- a/system-modules/calendar.nix
+++ b/system-modules/calendar.nix
@@ -0,0 +1,5 @@
+{ ... }:
+{
+  programs.dconf.enable = true;
+  services.gnome.evolution-data-server.enable = true;
+}
--- a/system-modules/nx2site/nextcloud.nix
+++ b/system-modules/nx2site/nextcloud.nix
@@ -0,0 +1,26 @@
+{ config, domain, ... }:
+{
+  sops.secrets = { 
+    "nx2site/nextcloud/admin-pass" = { owner = "nextcloud"; };
+    "nx2site/nextcloud/db-pass" = { owner = "nextcloud"; };
+    # "nx2site/nextcloud/users-pass/nx2" = { owner = "nextcloud"; };
+  };
+
+  services = {
+    nextcloud = {
+      enable = true;
+      hostName = "nc.${domain}";
+      https = true;
+      configureRedis = true;
+      config = {
+        adminpassFile = config.sops.secrets."nx2site/nextcloud/admin-pass".path;
+        adminuser = "nx2";
+
+        dbtype = "pgsql";
+        # dbhost = config.services.postgresql.settings.port; # using usix socket
+        dbname = "nextcloud";
+        dbpassFile = config.sops.secrets."nx2site/nextcloud/db-pass".path;
+      };
+    };
+  };
+}
--- a/system-modules/nx2site/proxy.nix
+++ b/system-modules/nx2site/proxy.nix
@@ -136,6 +136,13 @@
        listen = dl;
        locations = { "/" = { proxyPass = "http://127.0.0.1:8441"; }; }; 
      };
+      "dav.${domain}" = lib.mkIf config.services.radicale.enable (vh // {
+        listen = dl;
+        locations = { "/" = { proxyPass = "http://127.0.0.1:5232"; }; }; 
+      });
+      "nc.${domain}" = vh // {
+        # directly to nc 
+      };
      "~^(.*).${domain}$" = {
        listen = dl;
        root = "/var/nginx/webroot";
--- a/system-modules/nx2site/radicale.nix
+++ b/system-modules/nx2site/radicale.nix
@@ -1,18 +1,28 @@
 { config, domain, ... }:
 {
  sops.secrets = { 
-    "nx2site/radicale-htpasswd" = {};
+    "nx2site/radicale-htpasswd" = {
+      owner = "radicale";
+    };
  };

  services = {
    radicale = {
-      server.hosts = let 
-        port = builtins.toString 5232;
-      in [ "192.168.178.32:${port}" ];
-      auth = {
-        type = "htpasswd";
-        htpasswd_filename = config.sops.secrets."nx2site/radicale-htpasswd".path;
-        htpasswd_encryption = "bcrypt";
+      # is run by user radicale
+      enable = true;
+      settings = {
+        server.hosts = let 
+          port = builtins.toString 5232;
+        in [ 
+          "0.0.0.0:${port}"
+          "${domain}:${port}"
+          # "192.168.178.32:${port}"
+        ];
+        auth = {
+          type = "htpasswd";
+          htpasswd_filename = config.sops.secrets."nx2site/radicale-htpasswd".path;
+          htpasswd_encryption = "bcrypt";
+        };
      };
    };
  };
--- a/system-modules/postgres.nix
+++ b/system-modules/postgres.nix
@@ -26,6 +26,7 @@
 			ensureDatabases = [
 				"gitea"
 				"vaultwarden"
+				"nextcloud"
 			];
 			settings = {
 				port = 5432; # default
@@ -44,6 +45,10 @@
 					name = "vaultwarden";
 					ensureDBOwnership = true;
 				}
+				{
+					name = "nextcloud";
+					ensureDBOwnership = true;
+				}
 			];
 		};
 		postgresqlBackup = {
--- a/system-modules/users.nix
+++ b/system-modules/users.nix
@@ -22,6 +22,8 @@
      "nginx" 
      "adbusers" 
      "postgres"
+      "radicale"
+      "nextcloud"
    ];
    useDefaultShell = true;
    openssh.authorizedKeys.keys = [