new ppl pw

6 11
radicale
2025-01-02 21:44:37 +01:00 · 2025-01-02 21:44:27 +01:00 · 2025-01-02 21:44:15 +01:00 · 2025-01-02 21:43:20 +01:00
8 changed files with 68 additions and 12 deletions
--- a/configuration.nix
+++ b/configuration.nix
@@ -1,4 +1,4 @@
-{ pkgs, inputs, lib, host, ... }:
+{ pkgs, inputs, host, ... }:
 {
  imports = ([
    inputs.sops-nix.nixosModules.sops
@@ -43,6 +43,8 @@
    ./system-modules/postgres.nix
    ./system-modules/nx2site/proxy.nix
    ./system-modules/nx2site/gitea.nix
    ./system-modules/nx2site/radicale.nix
    # ./system-modules/nx2site/nextcloud.nix
    ./system-modules/nx2site/vaultwarden.nix
    ./system-modules/nx2site/paperless.nix
  ] else []);
--- a/sops-secrets.yaml
+++ b/sops-secrets.yaml
--- a/system-modules/boot.nix
+++ b/system-modules/boot.nix
@@ -118,6 +118,7 @@ in
          efiSupport = true;
        };
      };
      kernelPackages = pkgs-unstable.linuxPackages_6_11;
    };
  };
 }
--- a/system-modules/nx2site/nextcloud.nix
+++ b/system-modules/nx2site/nextcloud.nix
@@ -0,0 +1,26 @@
 { config, domain, ... }:
 {
  sops.secrets = { 
    "nx2site/nextcloud/admin-pass" = { owner = "nextcloud"; };
    "nx2site/nextcloud/db-pass" = { owner = "nextcloud"; };
    # "nx2site/nextcloud/users-pass/nx2" = { owner = "nextcloud"; };
  };
  services = {
    nextcloud = {
      enable = true;
      hostName = "nc.${domain}";
      https = true;
      configureRedis = true;
      config = {
        adminpassFile = config.sops.secrets."nx2site/nextcloud/admin-pass".path;
        adminuser = "nx2";
        dbtype = "pgsql";
        # dbhost = config.services.postgresql.settings.port; # using usix socket
        dbname = "nextcloud";
        dbpassFile = config.sops.secrets."nx2site/nextcloud/db-pass".path;
      };
    };
  };
 }
--- a/system-modules/nx2site/proxy.nix
+++ b/system-modules/nx2site/proxy.nix
@@ -136,6 +136,13 @@
        listen = dl;
        locations = { "/" = { proxyPass = "http://127.0.0.1:8441"; }; }; 
      };
      "dav.${domain}" = lib.mkIf config.services.radicale.enable (vh // {
        listen = dl;
        locations = { "/" = { proxyPass = "http://127.0.0.1:5232"; }; }; 
      });
      "nc.${domain}" = vh // {
        # directly to nc 
      };
      "~^(.*).${domain}$" = {
        listen = dl;
        root = "/var/nginx/webroot";
--- a/system-modules/nx2site/radicale.nix
+++ b/system-modules/nx2site/radicale.nix
@@ -1,14 +1,23 @@
 { config, domain, ... }:
 {
  sops.secrets = { 
-    "nx2site/radicale-htpasswd" = {};
+    "nx2site/radicale-htpasswd" = {
      owner = "radicale";
    };
  };
  services = {
    radicale = {
      # is run by user radicale
      enable = true;
      settings = {
        server.hosts = let 
          port = builtins.toString 5232;
-      in [ "192.168.178.32:${port}" ];
+        in [ 
          "0.0.0.0:${port}"
          "${domain}:${port}"
          # "192.168.178.32:${port}"
        ];
        auth = {
          type = "htpasswd";
          htpasswd_filename = config.sops.secrets."nx2site/radicale-htpasswd".path;
@@ -16,4 +25,5 @@
        };
      };
    };
  };
 }
--- a/system-modules/postgres.nix
+++ b/system-modules/postgres.nix
@@ -26,6 +26,7 @@
 			ensureDatabases = [
 				"gitea"
 				"vaultwarden"
 				"nextcloud"
 			];
 			settings = {
 				port = 5432; # default
@@ -44,6 +45,10 @@
 					name = "vaultwarden";
 					ensureDBOwnership = true;
 				}
 				{
 					name = "nextcloud";
 					ensureDBOwnership = true;
 				}
 			];
 		};
 		postgresqlBackup = {
--- a/system-modules/users.nix
+++ b/system-modules/users.nix
@@ -20,6 +20,8 @@
      "nginx" 
      "adbusers" 
      "postgres"
      "radicale"
      "nextcloud"
    ];
    useDefaultShell = true;
    openssh.authorizedKeys.keys = [
Author	SHA1	Message	Date
Lennart J. Kurzweg (Nx2)	6f5f70f439	new ppl pw	2025-01-02 21:44:37 +01:00
Lennart J. Kurzweg (Nx2)	d40175d4a5	6 11	2025-01-02 21:44:27 +01:00
Lennart J. Kurzweg (Nx2)	34eba60193	radicale	2025-01-02 21:44:15 +01:00
Lennart J. Kurzweg (Nx2)	57230a32c3	nextcloud (deactivated)	2025-01-02 21:43:20 +01:00