flake bump

Merge branch 'master' of ssh://ssh.nx2.site:50022/nx2/dotfiles
new ppl pw
2025-01-04 13:54:13 +01:00 · 2025-01-04 13:53:51 +01:00 · 2025-01-02 21:44:37 +01:00 · 2025-01-02 21:44:27 +01:00 · 2025-01-02 21:44:15 +01:00 · 2025-01-02 21:43:20 +01:00
9 changed files with 121 additions and 65 deletions
--- a/configuration.nix
+++ b/configuration.nix
@@ -1,4 +1,4 @@
-{ pkgs, inputs, lib, host, ... }:
+{ pkgs, inputs, host, ... }:
 {
  imports = ([
    inputs.sops-nix.nixosModules.sops
@@ -43,6 +43,8 @@
    ./system-modules/postgres.nix
    ./system-modules/nx2site/proxy.nix
    ./system-modules/nx2site/gitea.nix
+    ./system-modules/nx2site/radicale.nix
+    # ./system-modules/nx2site/nextcloud.nix
    ./system-modules/nx2site/vaultwarden.nix
    ./system-modules/nx2site/paperless.nix
  ] else []);
--- a/flake.lock
+++ b/flake.lock
@@ -140,11 +140,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1733312601,
-        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
+        "lastModified": 1735774679,
+        "narHash": "sha256-soePLBazJk0qQdDVhdbM98vYdssfs3WFedcq+raipRI=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
+        "rev": "f2f7418ce0ab4a5309a4596161d154cfc877af66",
        "type": "github"
      },
      "original": {
@@ -279,11 +279,11 @@
        "zig": "zig"
      },
      "locked": {
-        "lastModified": 1735271978,
-        "narHash": "sha256-y6Ony5eq4F4E76Y2ZhALSEzBZ4GbGRVQIEScPieCDGI=",
+        "lastModified": 1735943291,
+        "narHash": "sha256-igXLrO0AtN7+k7VaR5zaHaPhDcS3go5NZr4liVqW9g4=",
        "owner": "ghostty-org",
        "repo": "ghostty",
-        "rev": "a8e5eef11cc67f87f445626f9ca2993373774bf8",
+        "rev": "1baf8928a0bd6ccc2f49e1e9478baab71d49a018",
        "type": "github"
      },
      "original": {
@@ -365,11 +365,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1734366194,
-        "narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=",
+        "lastModified": 1735344290,
+        "narHash": "sha256-oJDtWPH1oJT34RJK1FSWjwX4qcGOBRkcNQPD0EbSfNM=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f",
+        "rev": "613691f285dad87694c2ba1c9e6298d04736292d",
        "type": "github"
      },
      "original": {
@@ -453,11 +453,11 @@
        "xdph": "xdph"
      },
      "locked": {
-        "lastModified": 1735209119,
-        "narHash": "sha256-4KfccQtaeiu1A4Ck9XFKc+vzLWCs8HneLwE2YQT5ybc=",
+        "lastModified": 1735946701,
+        "narHash": "sha256-MpFsLND0kN2KQTulDXQCYZC1j2h6wWMJdq6SQ5riJ5M=",
        "ref": "refs/heads/main",
-        "rev": "e75e2cdac79417ffdbbbe903f72668953483a4e7",
-        "revCount": 5589,
+        "rev": "60f069d54015fec66e63f1ff7e6ff26ddb349976",
+        "revCount": 5625,
        "submodules": true,
        "type": "git",
        "url": "https://github.com/hyprwm/Hyprland"
@@ -485,11 +485,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1735295819,
-        "narHash": "sha256-iHDDF1kj+wX7fHGTgKaM6rli6+O8mVFNmpypo+SgnNs=",
+        "lastModified": 1735838245,
+        "narHash": "sha256-dA2s+KFo6+TmYtQoXWfxQ8XukN6JQ0I0VoraG9zD7/I=",
        "owner": "hyprwm",
        "repo": "hyprland-plugins",
-        "rev": "a41bcdccac7d3fe220b3a8519633f0a812da3439",
+        "rev": "920af33577a889772e96a067130252df5674ca8a",
        "type": "github"
      },
      "original": {
@@ -510,11 +510,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1728345020,
-        "narHash": "sha256-xGbkc7U/Roe0/Cv3iKlzijIaFBNguasI31ynL2IlEoM=",
+        "lastModified": 1735734474,
+        "narHash": "sha256-9OV4lOqrEJVLdOrpNN/9msNwAhI6FQTu4N7fufilG08=",
        "owner": "hyprwm",
        "repo": "hyprland-protocols",
-        "rev": "a7c183800e74f337753de186522b9017a07a8cee",
+        "rev": "271df559dd30e4bc5ec6af02d017ac0aaabd63a7",
        "type": "github"
      },
      "original": {
@@ -587,11 +587,11 @@
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
-        "lastModified": 1732716575,
-        "narHash": "sha256-OvFJCj52HuXxRrcCXrieIoiOzbeYFvDXNO8SndFiyAE=",
+        "lastModified": 1735862179,
+        "narHash": "sha256-s0Sr9t2Mu7tV1+nWm/I0BarfAwgMdtSelMXE0UHhfZw=",
        "owner": "h3rmt",
        "repo": "hyprswitch",
-        "rev": "2b77dbcb422123dfce9bb82d698649e9757f35e0",
+        "rev": "0afa2f8e8295952942ae7259c8bc5830befe9dc6",
        "type": "github"
      },
      "original": {
@@ -613,11 +613,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1734796073,
-        "narHash": "sha256-TnuKsa8OHrSJEmHm3TLGOWbPNA1gRjmZLsRzKrCqOsg=",
+        "lastModified": 1735316583,
+        "narHash": "sha256-AiiUwHWHfEdpFzXy7l1x3zInCUa1xcRMrbZ1XRSkzwU=",
        "owner": "hyprwm",
        "repo": "hyprutils",
-        "rev": "c3331116ebd0b71df5ae8c6efe9a7f94148b03bf",
+        "rev": "8f15d45b120b33712f6db477fe5ffb18034d0ea8",
        "type": "github"
      },
      "original": {
@@ -678,11 +678,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1734649271,
-        "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=",
+        "lastModified": 1735291276,
+        "narHash": "sha256-NYVcA06+blsLG6wpAbSPTCyLvxD/92Hy4vlY9WxFI1M=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507",
+        "rev": "634fd46801442d760e09493a794c4f15db2d0cbb",
        "type": "github"
      },
      "original": {
@@ -694,11 +694,11 @@
    },
    "nixpkgs-latest": {
      "locked": {
-        "lastModified": 1735297674,
-        "narHash": "sha256-yhczVSNtAqhqXt98OEqhMESBUI5nxhXGv5OvEehIuGE=",
+        "lastModified": 1735994357,
+        "narHash": "sha256-I41lP5N2rrROxlJ5hlv8LR8TpcvZ9P7LfzBGNZSKGpc=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "8d86075fcb37f3bac822923a5adc63e3f6bdfb70",
+        "rev": "a8f36e39dcd9ac6f76c9ca5a9856401fd322d464",
        "type": "github"
      },
      "original": {
@@ -710,14 +710,14 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1733096140,
-        "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=",
+        "lastModified": 1735774519,
+        "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=",
        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
+        "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
      },
      "original": {
        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
+        "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
      }
    },
    "nixpkgs-stable": {
@@ -786,11 +786,11 @@
    },
    "nixpkgs-unstable_2": {
      "locked": {
-        "lastModified": 1734649271,
-        "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=",
+        "lastModified": 1735834308,
+        "narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507",
+        "rev": "6df24922a1400241dae323af55f30e4318a6ca65",
        "type": "github"
      },
      "original": {
@@ -801,11 +801,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1711588226,
-        "narHash": "sha256-nd7goEu+nH/WZ/uCxvbWzSYqzZZn25kWTeKfANOhCjU=",
+        "lastModified": 1735831304,
+        "narHash": "sha256-92A/Zr8UzZzlFYmkgO3HAgX/Cr53eodgNyvJA+Ibkz0=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "7232f19f7fb710e3554cafaa9d8e93cff8273b59",
+        "rev": "0725951bfc4bbc2efff3a537837ca13159b4aec9",
        "type": "github"
      },
      "original": {
@@ -832,11 +832,11 @@
    },
    "nixpkgs_4": {
      "locked": {
-        "lastModified": 1735141468,
-        "narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
+        "lastModified": 1735922141,
+        "narHash": "sha256-vk0xwGZSlvZ/596yxOtsk4gxsIx2VemzdjiU8zhjgWw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
+        "rev": "d29ab98cd4a70a387b8ceea3e930b3340d41ac5a",
        "type": "github"
      },
      "original": {
@@ -1003,11 +1003,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1734546875,
-        "narHash": "sha256-6OvJbqQ6qPpNw3CA+W8Myo5aaLhIJY/nNFDk3zMXLfM=",
+        "lastModified": 1735844895,
+        "narHash": "sha256-CIRlqX9tBK2awJkmVu2cKuap/0QziDXStQZ/u/+e8Z4=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "ed091321f4dd88afc28b5b4456e0a15bd8374b4d",
+        "rev": "24d89184adf76d7ccc99e659dc5f3838efb5ee32",
        "type": "github"
      },
      "original": {
@@ -1154,11 +1154,11 @@
        "rust-overlay": "rust-overlay_2"
      },
      "locked": {
-        "lastModified": 1735141702,
-        "narHash": "sha256-iJ/my2mra0Ze4SegMoD+vJuKv1ikZiKTygA32/Qof9I=",
+        "lastModified": 1735863514,
+        "narHash": "sha256-9aoPsRhJ6Db2khf/wf+AlR+J1dlWLg5sFNMv3k5NPmg=",
        "owner": "sxyazi",
        "repo": "yazi",
-        "rev": "d754ac5dac10e7ad38243552711828ab1e9f25f4",
+        "rev": "7d993c1517cfeffa6938e8056431e235f2dee186",
        "type": "github"
      },
      "original": {
@@ -1178,11 +1178,11 @@
        "systems": "systems_6"
      },
      "locked": {
-        "lastModified": 1734294375,
-        "narHash": "sha256-Q9EyfyeNCVKObybaevMydHzoR3v1gARqVkwFKHKTH84=",
+        "lastModified": 1735511552,
+        "narHash": "sha256-SCa+e+Iw923KmC7UJR/v61GMfTILucgCpjxbsbjGBNg=",
        "owner": "lordkekz",
        "repo": "nix-yazi-plugins",
-        "rev": "5c42e2a33030c29801681102e89c8dc813e810aa",
+        "rev": "505536399cab575b3baa6cfb7bba39edfd38bf5d",
        "type": "github"
      },
      "original": {
--- a/sops-secrets.yaml
+++ b/sops-secrets.yaml
--- a/system-modules/boot.nix
+++ b/system-modules/boot.nix
@@ -118,6 +118,7 @@ in
          efiSupport = true;
        };
      };
+      kernelPackages = pkgs-unstable.linuxPackages_6_11;
    };
  };
 }
--- a/system-modules/nx2site/nextcloud.nix
+++ b/system-modules/nx2site/nextcloud.nix
@@ -0,0 +1,26 @@
+{ config, domain, ... }:
+{
+  sops.secrets = { 
+    "nx2site/nextcloud/admin-pass" = { owner = "nextcloud"; };
+    "nx2site/nextcloud/db-pass" = { owner = "nextcloud"; };
+    # "nx2site/nextcloud/users-pass/nx2" = { owner = "nextcloud"; };
+  };
+
+  services = {
+    nextcloud = {
+      enable = true;
+      hostName = "nc.${domain}";
+      https = true;
+      configureRedis = true;
+      config = {
+        adminpassFile = config.sops.secrets."nx2site/nextcloud/admin-pass".path;
+        adminuser = "nx2";
+
+        dbtype = "pgsql";
+        # dbhost = config.services.postgresql.settings.port; # using usix socket
+        dbname = "nextcloud";
+        dbpassFile = config.sops.secrets."nx2site/nextcloud/db-pass".path;
+      };
+    };
+  };
+}
--- a/system-modules/nx2site/proxy.nix
+++ b/system-modules/nx2site/proxy.nix
@@ -136,6 +136,13 @@
        listen = dl;
        locations = { "/" = { proxyPass = "http://127.0.0.1:8441"; }; }; 
      };
+      "dav.${domain}" = lib.mkIf config.services.radicale.enable (vh // {
+        listen = dl;
+        locations = { "/" = { proxyPass = "http://127.0.0.1:5232"; }; }; 
+      });
+      "nc.${domain}" = vh // {
+        # directly to nc 
+      };
      "~^(.*).${domain}$" = {
        listen = dl;
        root = "/var/nginx/webroot";
--- a/system-modules/nx2site/radicale.nix
+++ b/system-modules/nx2site/radicale.nix
@@ -1,18 +1,28 @@
 { config, domain, ... }:
 {
  sops.secrets = { 
-    "nx2site/radicale-htpasswd" = {};
+    "nx2site/radicale-htpasswd" = {
+      owner = "radicale";
+    };
  };

  services = {
    radicale = {
-      server.hosts = let 
-        port = builtins.toString 5232;
-      in [ "192.168.178.32:${port}" ];
-      auth = {
-        type = "htpasswd";
-        htpasswd_filename = config.sops.secrets."nx2site/radicale-htpasswd".path;
-        htpasswd_encryption = "bcrypt";
+      # is run by user radicale
+      enable = true;
+      settings = {
+        server.hosts = let 
+          port = builtins.toString 5232;
+        in [ 
+          "0.0.0.0:${port}"
+          "${domain}:${port}"
+          # "192.168.178.32:${port}"
+        ];
+        auth = {
+          type = "htpasswd";
+          htpasswd_filename = config.sops.secrets."nx2site/radicale-htpasswd".path;
+          htpasswd_encryption = "bcrypt";
+        };
      };
    };
  };
--- a/system-modules/postgres.nix
+++ b/system-modules/postgres.nix
@@ -26,6 +26,7 @@
 			ensureDatabases = [
 				"gitea"
 				"vaultwarden"
+				"nextcloud"
 			];
 			settings = {
 				port = 5432; # default
@@ -44,6 +45,10 @@
 					name = "vaultwarden";
 					ensureDBOwnership = true;
 				}
+				{
+					name = "nextcloud";
+					ensureDBOwnership = true;
+				}
 			];
 		};
 		postgresqlBackup = {
--- a/system-modules/users.nix
+++ b/system-modules/users.nix
@@ -20,6 +20,8 @@
      "nginx" 
      "adbusers" 
      "postgres"
+      "radicale"
+      "nextcloud"
    ];
    useDefaultShell = true;
    openssh.authorizedKeys.keys = [
Author	SHA1	Message	Date
Lennart J. Kurzweg (Nx2)	e4d0326a74	flake bump	2025-01-04 13:54:13 +01:00
Lennart J. Kurzweg (Nx2)	8525adecf4	Merge branch 'master' of ssh://ssh.nx2.site:50022/nx2/dotfiles	2025-01-04 13:53:51 +01:00
Lennart J. Kurzweg (Nx2)	6f5f70f439	new ppl pw	2025-01-02 21:44:37 +01:00
Lennart J. Kurzweg (Nx2)	d40175d4a5	6 11	2025-01-02 21:44:27 +01:00
Lennart J. Kurzweg (Nx2)	34eba60193	radicale	2025-01-02 21:44:15 +01:00
Lennart J. Kurzweg (Nx2)	57230a32c3	nextcloud (deactivated)	2025-01-02 21:43:20 +01:00