diff --git a/modules/config/instances/config/kanboard.nix b/modules/config/instances/config/kanboard.nix deleted file mode 100755 index 542380b..0000000 --- a/modules/config/instances/config/kanboard.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ instancesFunctions }: -let - inherit (instancesFunctions) - domain0 - servicePath - sslPath - sopsPath - ; - - kanboardLabel = "Kanboard"; - kanboardName = "kanboard"; - kanboardSubdomain = "todo"; -in -{ - label = kanboardLabel; - name = kanboardName; - email = { - address0 = "noreply@${domain0}"; - }; - sops = { - path0 = "${sopsPath}/${kanboardName}"; - }; - subdomain = kanboardSubdomain; - paths = { - path0 = "${servicePath}/${kanboardLabel}"; - }; - ports = { - port0 = 3434; - }; - ssl = { - cert = "${sslPath}/${kanboardSubdomain}.${domain0}/fullchain.pem"; - key = "${sslPath}/${kanboardSubdomain}.${domain0}/key.pem"; - }; -} diff --git a/modules/config/instances/config/nextcloud.nix b/modules/config/instances/config/nextcloud.nix index cedb045..b111c85 100755 --- a/modules/config/instances/config/nextcloud.nix +++ b/modules/config/instances/config/nextcloud.nix @@ -1,7 +1,7 @@ { instancesFunctions }: let inherit (instancesFunctions) - domain1 + domain0 servicePath sslPath sopsPath @@ -13,6 +13,9 @@ in { label = nextcloudLabel; name = nextcloudName; + email = { + address0 = "noreply@${nextcloudName}.${domain0}"; + }; sops = { path0 = "${sopsPath}/${nextcloudName}"; }; @@ -24,7 +27,7 @@ in port0 = 8354; # Nextcloud }; ssl = { - cert = "${sslPath}/${nextcloudName}.${domain1}/fullchain.pem"; - key = "${sslPath}/${nextcloudName}.${domain1}/key.pem"; + cert = "${sslPath}/${nextcloudName}.${domain0}/fullchain.pem"; + key = "${sslPath}/${nextcloudName}.${domain0}/key.pem"; }; } diff --git a/modules/config/instances/config/nginx.nix b/modules/config/instances/config/nginx.nix new file mode 100644 index 0000000..fa9bce9 --- /dev/null +++ b/modules/config/instances/config/nginx.nix @@ -0,0 +1,19 @@ +{ instancesFunctions }: +let + inherit (instancesFunctions) + sopsPath + ; + + nginxLabel = "Nginx"; + nginxName = "nginx"; +in +{ + label = nginxLabel; + name = nginxName; + sops = { + path0 = "${sopsPath}/${nginxName}"; + }; + ports = { + port0 = 8080; + }; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 05de450..85ae938 100755 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -89,7 +89,7 @@ in vaultwarden forgejo xserver - # kanboard + nextcloud ; }; }; diff --git a/modules/nixos/services/acme/default.nix b/modules/nixos/services/acme/default.nix index abc2775..1cbec44 100755 --- a/modules/nixos/services/acme/default.nix +++ b/modules/nixos/services/acme/default.nix @@ -35,10 +35,10 @@ in "jellyfin" "minecraft" "ollama" + "nextcloud" "syncthing" "searx" "vaultwarden" - "kanboard" "audiobookshelf" ] ) diff --git a/modules/nixos/services/glance/config/pages.nix b/modules/nixos/services/glance/config/pages.nix index 00bda0a..95cff7b 100755 --- a/modules/nixos/services/glance/config/pages.nix +++ b/modules/nixos/services/glance/config/pages.nix @@ -2,7 +2,7 @@ let widgetsPath = ./widgets; widgets = { - jellyfin = import (widgetsPath + /jellyfin) { inherit config flake; }; + jellyfin = import (widgetsPath + /jelly) { inherit config flake; }; steam = import (widgetsPath + /steam); podcasts = import (widgetsPath + /podcasts.nix); calendar = import (widgetsPath + /calendar.nix); diff --git a/modules/nixos/services/glance/config/widgets/jellyfin/config/default.nix b/modules/nixos/services/glance/config/widgets/jelly/config/default.nix similarity index 100% rename from modules/nixos/services/glance/config/widgets/jellyfin/config/default.nix rename to modules/nixos/services/glance/config/widgets/jelly/config/default.nix diff --git a/modules/nixos/services/glance/config/widgets/jellyfin/default.nix b/modules/nixos/services/glance/config/widgets/jelly/default.nix similarity index 100% rename from modules/nixos/services/glance/config/widgets/jellyfin/default.nix rename to modules/nixos/services/glance/config/widgets/jelly/default.nix diff --git a/modules/nixos/services/jellyfin/default.nix b/modules/nixos/services/jellyfin/default.nix old mode 100644 new mode 100755 index cf05dc1..7153901 --- a/modules/nixos/services/jellyfin/default.nix +++ b/modules/nixos/services/jellyfin/default.nix @@ -1,6 +1,5 @@ -{ config, ... }: +{ flake, ... }: let - flake = config.flake; inherit (flake.config.people) user0; inherit (flake.config.machines.devices) ceres; inherit (flake.config.services.instances) jellyfin web; diff --git a/modules/nixos/services/kanboard/default.nix b/modules/nixos/services/kanboard/default.nix deleted file mode 100755 index 1275b4c..0000000 --- a/modules/nixos/services/kanboard/default.nix +++ /dev/null @@ -1,93 +0,0 @@ -{ - flake, - config, - ... -}: -let - inherit (flake.config.machines.devices) - ceres - ; - inherit (flake.config.services.instances) smtp kanboard web; - service = kanboard; - localhost = web.localhost.address0; - host = "${service.subdomain}.${web.domains.url0}"; -in -{ - services = { - kanboard = { - enable = true; - dataDir = "/var/lib/${service.name}"; - settings = { - HTTP_PROXY_HOSTNAME = host; - HTTP_PROXY_PORT = service.ports.port0; - MAIL_SMTP_HOSTNAME = smtp.hostname; - MAIL_TRANSPORT = "smtp"; - MAIL_SMTP_PORT = smtp.ports.port0; - MAIL_SMTP_USERNAME = service.email.address0; - MAIL_FROM = service.email.address0; - MAIL_SMTP_PASSWORD = config.sops.secrets."${service.name}-smtp".path; - MAIL_SMTP_ENCRYPTION = "tls"; - }; - }; - caddy = { - virtualHosts = { - "${host}" = { - extraConfig = '' - reverse_proxy ${localhost}:${toString service.ports.port0} - - tls ${service.ssl.cert} ${service.ssl.key} - ''; - }; - }; - }; - }; - sops = - let - sopsPath = secret: { - path = "${service.sops.path0}/${service.name}-${secret}"; - owner = service.name; - mode = "600"; - }; - in - { - secrets = builtins.listToAttrs ( - map - (secret: { - name = "${service.name}-${secret}"; - value = sopsPath secret; - }) - [ - "smtp" - ] - ); - }; - - fileSystems."/var/lib/${service.name}" = { - device = service.paths.path0; - fsType = "none"; - options = [ - "bind" - ]; - depends = [ - ceres.storage0.mount - ]; - }; - - systemd.tmpfiles.rules = [ - "Z ${service.paths.path0} 755 ${service.name} ${service.name} -" - "Z ${service.sops.path0} 755 ${service.name} ${service.name} -" - ]; - - users.users.${service.name}.extraGroups = [ - "caddy" - "postgres" - ]; - - networking = { - firewall = { - allowedTCPPorts = [ - service.ports.port0 - ]; - }; - }; -} diff --git a/modules/nixos/services/minecraft/default.nix b/modules/nixos/services/minecraft/default.nix index c92ce69..cdb5fe4 100755 --- a/modules/nixos/services/minecraft/default.nix +++ b/modules/nixos/services/minecraft/default.nix @@ -4,12 +4,8 @@ ... }: let - inherit (flake.config.machines.devices) - ceres - ; - inherit (flake.config.services.instances) - minecraft - ; + inherit (flake.config.machines.devices) ceres; + inherit (flake.config.services.instances) minecraft; service = minecraft; in { diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index 7c8d3b3..7439560 100755 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -8,10 +8,15 @@ let inherit (flake.config.people) user0; inherit (flake.config.people.users.${user0}) name; inherit (flake.config.machines.devices) ceres; - inherit (flake.config.services.instances) nextcloud nginx web; + inherit (flake.config.services.instances) + nextcloud + nginx + smtp + web + ; service = nextcloud; localhost = web.localhost.address0; - host = "${service.subdomain}.${web.domains.url1}"; + host = "${service.subdomain}.${web.domains.url0}"; in { services = { @@ -22,13 +27,14 @@ in enable = true; hostName = host; https = true; - package = pkgs.nextcloud30; + package = pkgs.nextcloud31; phpOptions."opcache.interned_strings_buffer" = "24"; extraAppsEnable = true; extraApps = { - inherit (config.services.service.package.packages.apps) + inherit (pkgs.nextcloud31Packages.apps) contacts calendar + deck ; }; config = { @@ -42,8 +48,17 @@ in settings = { default_phone_region = "CA"; log_type = "file"; - mail_sendmailmode = "pipe"; - mail_smtpmode = "sendmail"; + mail_domain = host; + mail_from_address = "noreply"; + mail_sendmailmode = "smtp"; + mail_smtpmode = "smtp"; + mail_smtphost = smtp.hostname; + mail_smtpport = smtp.ports.port0; + mail_smtpsecure = ""; + mail_smtptimeout = 30; + mail_smtpauth = 1; + mail_smtpname = service.email.address0; + mail_smtppassword = config.sops.secrets."${service.name}-smtp".path; maintenance_window_start = 4; overwriteprotocol = "https"; trusted_proxies = [ @@ -92,6 +107,7 @@ in }) [ "pass" + "smtp" ] ); }; @@ -109,6 +125,7 @@ in systemd.tmpfiles.rules = [ "Z ${service.paths.path0} 750 ${service.name} ${service.name} -" + "Z ${service.paths.path0}/config 750 ${service.name} ${service.name} -" "Z ${service.sops.path0} 750 ${service.name} ${service.name} -" ]; diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index ea48b5b..857746f 100755 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -35,7 +35,7 @@ wireguard-CA220: ENC[AES256_GCM,data:rNy/IMKqAOsgMUu5r8BZsjTCu0L5fDDDV3/g+pkhW1y wireguard-CA358: ENC[AES256_GCM,data:/VewmiNfRc9/wSE7TT+z1F9LLIvr/5wPsQZ/zBwAh3dEi9yswOGyde2b/XQ=,iv:7U5dmqFiwhCoL1moGSfHprv85o5TdMr6T2sNk5gH82I=,tag:T1hqh8CiO2iBa+ksaiKCtA==,type:str] wireguard-CA627: ENC[AES256_GCM,data:chmDsH2nE0nagjFRZWuxX08/Ykt+rIgCHYkMHd+7nIqihK5SebF7MJlrp84=,iv:NVOlGE7W70nQ0UM/i5WixJvDULO3Y4cLf8h+OAGHhQQ=,tag:L123ShCnr9+kIg1itIoqBA==,type:str] glance-jellyfin: ENC[AES256_GCM,data:ozdDKgAWkA88J2j8RtiOP/aQPAt/neUOSlAZF20g510=,iv:x+VhYlnA9F/VPrzVcma4/oPelCc8kjWoTZvOs4L9Uqo=,tag:crdSDjr8Y5GH/JAF6t8Yeg==,type:str] -kanboard-smtp: ENC[AES256_GCM,data:FmmLEGr5Q8RHtie11Y88XQ==,iv:KtY/Bl2vpkXim7KrkK7cc5n0M0RDlxerbXu9jczj/hI=,tag:ZlbV6d1wH6KmbvHJR3Fq/w==,type:str] +nextcloud-smtp: ENC[AES256_GCM,data:GbNv/pHAtPru00m5OCER8g==,iv:Q1WYLKe34VsCvP1trk6IXm46RbVFMnsq4Eb5e2MBVgk=,tag:dwmimioRlHKbZeDv3THfzQ==,type:str] sops: age: - recipient: age19dpncsdphdt2tmknjs99eghk527pvdrw0m29qjn2z2gg3et5tdtqycqhl0 @@ -47,7 +47,7 @@ sops: bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-06-09T00:32:17Z" - mac: ENC[AES256_GCM,data:b4WMUmVOzgcz/ajxPl0OfQUGarUtnFIFS3DA9CjogPz6aVNDGWrVged5FB6UOotoqQ5RcgThewSu2HztEfCbhM0ZwZ0ak87XS8QHb++s97HhYeeh5mqgVnpsvF4Coa9aRpc2H4etuUNYFxoDojT/hTUKzg3a3QNSWzB06aKTd1A=,iv:YEJN5sakhN1rFytIDMIHpHAVYxvbt9iI2eXL2YBUYnY=,tag:SNBQWZIrXw4ptMLEqkR/xA==,type:str] + lastmodified: "2025-06-09T09:37:48Z" + mac: ENC[AES256_GCM,data:gBEfsR718Hn+GJ1wzxS3T1HOrNL659TUUq3l3nUNxbY2SxXWnnHxzdMhf2xP1/tm3Vst2MC/SjPszdbqVnVKIS1k+iwT+WSLH7OlbASku62cx9J9RKqm4PJd/2KtKR7Yaj4dU9+F7RnKtCA4N/m4ZA+BiD0oib76/Aa64tjVtDo=,iv:rJ+WfAFR8Un/u66Y2554BjDzJifQLdXNDexpl4GGClw=,tag:tY2biwFl7ywaHe3aTKjCMA==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2