feat: added nextcloud and opencloud to eris

modules/home/gui/apps/tools/espanso/config/url.nix

@@ -4,7 +4,7 @@ let
 in
 [
   (matchHelper ":dotfiles" "https://gitlab.com/upRootNutrition/dotfiles")
-  (matchHelper ":website" "https://${web.domains.url3}")
-  (matchHelper ":forgejo" "https://${forgejo.subdomain}.${web.domains.url3}")
-  (matchHelper ":mastodon" "https://${mastodon.subdomain}.${web.domains.url3}")
+  (matchHelper ":website" "https://${web.domains.url1}")
+  (matchHelper ":forgejo" "https://${forgejo.domains.url0}")
+  (matchHelper ":mastodon" "https://${mastodon.domains.url0}")
 ]

modules/nixos/default.nix

@@ -46,9 +46,9 @@ in
     ceres = {
       imports = builtins.attrValues {
         inherit (modules)
-          acme
+          acmeCeres
           audiobookshelf
-          caddy
+          caddyCeres
           comfyui
           filesorter
           firefly-iii
@@ -59,8 +59,7 @@ in
           mastodon
           minecraft
           ollama
-          opencloud
-          postgresql
+          postgresCeres
           projectSite
           prompter
           samba
@@ -76,7 +75,12 @@ in
     eris = {
       imports = builtins.attrValues {
         inherit (modules)
+          acmeEris
+          caddyEris
+          logrotate
           nextcloud
+          opencloud
+          postgresEris
           ;
       };
     };

modules/nixos/services/acme/acmeCeres/default.nix

@@ -39,12 +39,10 @@ in
           instances.glance.name
           instances.jellyfin.name
           instances.minecraft.name
-          instances.nextcloud.name
           instances.ollama.name
           instances.searx.name
           instances.syncthing.name
           instances.vaultwarden.name
-          instances.opencloud.name
           instances.prompter.name
           instances.comfyui.name
           instances.firefly-iii.name

modules/nixos/services/acme/acmeEris/default.nix

@@ -0,0 +1,69 @@
+{
+  config,
+  flake,
+  ...
+}:
+let
+  inherit (flake.config.people) user0;
+  inherit (flake.config.people.users.${user0}) email;
+  inherit (flake.config.services) instances;
+
+  domain0 = instances.web.domains.url0;
+  dns0 = instances.web.dns.provider0;
+  dns0Path = "dns/${dns0}";
+  instanceName = service: (instances.${service}.subdomain);
+
+  dnsConfig = provider: dns: {
+    dnsProvider = dns;
+    directory = "/var/lib/acme";
+    environmentFile = config.sops.secrets.${provider}.path;
+  };
+in
+{
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = email.address0;
+      server = "https://acme-v02.api.letsencrypt.org/directory";
+    };
+    certs = builtins.listToAttrs (
+      (map
+        (service: {
+          name = "${instanceName service}.${domain0}";
+          value = dnsConfig dns0Path dns0;
+        })
+        [
+          instances.nextcloud.name
+          instances.opencloud.name
+        ]
+      )
+    );
+  };
+  sops =
+    let
+      dnsList = [
+        dns0
+      ];
+      secretList = [
+        "pass"
+      ];
+      sopsPath = secret: dns: {
+        path = "/var/lib/secrets/${instances.acme.name}/${dns}-${secret}";
+        owner = "root";
+        mode = "600";
+      };
+    in
+    {
+      secrets = builtins.listToAttrs (
+        builtins.concatLists (
+          map (
+            dns:
+            map (secret: {
+              name = "dns/${dns}";
+              value = sopsPath secret dns;
+            }) secretList
+          ) dnsList
+        )
+      );
+    };
+}

modules/nixos/services/caddy/caddyCeres/default.nix

@@ -1,13 +1,10 @@
 { flake, ... }:
 let
-  inherit (flake.config.services.instances)
-    caddy
-    web
-    ;
+  inherit (flake.config.services.instances) caddy web;
 
   domain0 = web.domains.url0;
-
   service = caddy;
+
 in
 {
   services.caddy = {
@@ -24,7 +21,6 @@ in
 
   users.users.${service.name}.extraGroups = [
     "acme"
-    "nextcloud"
     "mastodon"
     "firefly-iii"
   ];

modules/nixos/services/caddy/caddyEris/default.nix

@@ -0,0 +1,25 @@
+{ flake, ... }:
+let
+  inherit (flake.config.services.instances) caddy;
+
+  service = caddy;
+
+in
+{
+  services.caddy = {
+    enable = true;
+  };
+  users.users.${service.name}.extraGroups = [
+    "acme"
+    "nextcloud"
+  ];
+
+  networking = {
+    firewall = {
+      allowedTCPPorts = [
+        service.ports.port0
+        service.ports.port1
+      ];
+    };
+  };
+}

modules/nixos/services/nextcloud/default.nix

@@ -7,7 +7,6 @@
 let
   inherit (flake.config.people) user0;
   inherit (flake.config.people.users.${user0}) name;
-  inherit (flake.config.machines.devices) ceres;
   inherit (flake.config.services.instances)
     nextcloud
     nginx
@@ -17,28 +16,7 @@ let
   service = nextcloud;
   localhost = web.localhost.address0;
   host = service.domains.url0;
-  hostname = config.networking.hostName;
 
-  bindMount = {
-    fileSystems."/var/lib/${service.name}" = {
-      device = service.paths.path0;
-      fsType = "none";
-      options = [
-        "bind"
-      ];
-      depends = [
-        ceres.storage0.mount
-      ];
-    };
-
-    systemd.tmpfiles.rules = [
-      "Z ${service.paths.path0} 750 ${service.name} ${service.name} -"
-      "Z ${service.paths.path0}/config 750 ${service.name} ${service.name} -"
-      "Z ${service.sops.path0} 750 ${service.name} ${service.name} -"
-    ];
-  };
-
-  hostLogic = if hostname == ceres.name then bindMount else { };
 in
 {
   services = {
@@ -93,7 +71,7 @@ in
       enable = true;
       virtualHosts.${host}.listen = [
         {
-          addr = web.localhost.address1;
+          addr = localhost;
           port = nginx.ports.port0;
         }
       ];
@@ -102,9 +80,9 @@ in
     caddy = {
       virtualHosts = {
         "${host}" = {
+          listenAddresses = [ web.localhost.address1 ];
           extraConfig = ''
             reverse_proxy ${localhost}:${toString nginx.ports.port0}
-
             tls ${service.ssl.cert} ${service.ssl.key}
           '';
         };
@@ -149,4 +127,3 @@ in
     };
   };
 }
-// hostLogic

modules/nixos/services/opencloud/default.nix

@@ -53,22 +53,6 @@ in
       );
     };
 
-  fileSystems."/var/lib/${service.name}" = {
-    device = service.paths.path0;
-    fsType = "none";
-    options = [
-      "bind"
-    ];
-    depends = [
-      ceres.storage0.mount
-    ];
-  };
-
-  systemd.tmpfiles.rules = [
-    "Z ${service.paths.path0} 755 ${service.name} ${service.name} -"
-    "Z ${service.sops.path0} 755 ${service.name} ${service.name} -"
-  ];
-
   networking = {
     firewall = {
       allowedTCPPorts = [

modules/nixos/services/postgresql/postgresCeres/default.nix

@@ -5,12 +5,8 @@
   ...
 }:
 let
-  inherit (flake.config.machines.devices)
-    ceres
-    ;
-  inherit (flake.config.services)
-    instances
-    ;
+  inherit (flake.config.machines.devices) ceres;
+  inherit (flake.config.services) instances;
 
   service = instances.postgresql;
   # backupPath = "${instances.syncthing.paths.path1}/${service.name}";
@@ -51,7 +47,6 @@ in
   };
 
   users.users.${service.name}.extraGroups = [
-    instances.nextcloud.name
     instances.mastodon.name
     instances.forgejo.name
     instances.syncthing.name

modules/nixos/services/postgresql/postgresEris/default.nix

@@ -0,0 +1,36 @@
+{
+  flake,
+  ...
+}:
+let
+  inherit (flake.config.services) instances;
+
+  service = instances.postgresql;
+in
+{
+  services = {
+    postgresqlBackup = {
+      enable = true;
+      startAt = "*-*-* 07:00:00";
+      databases = [
+        instances.nextcloud.name
+      ];
+    };
+    postgresql = {
+      enable = true;
+    };
+  };
+
+  users.users.${service.name}.extraGroups = [
+    instances.nextcloud.name
+  ];
+
+  networking = {
+    firewall = {
+      allowedTCPPorts = [
+        service.ports.port0
+      ];
+    };
+  };
+
+}