From f40587796a842429bc2a8a8f3161215c4a39eb60 Mon Sep 17 00:00:00 2001 From: Schrottkatze Date: Sat, 9 Dec 2023 22:06:23 +0100 Subject: [PATCH] ein formatter ist passiert --- modules/containers/nextcloud.nix | 23 ++++++++------- modules/proxy.nix | 49 ++++++++++++++++---------------- 2 files changed, 37 insertions(+), 35 deletions(-) diff --git a/modules/containers/nextcloud.nix b/modules/containers/nextcloud.nix index 2e5cf08..17173c9 100644 --- a/modules/containers/nextcloud.nix +++ b/modules/containers/nextcloud.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { containers."nextcloud" = { autoStart = true; privateNetwork = true; @@ -19,9 +18,13 @@ isReadOnly = true; }; }; - config = { config, pkgs, ... }: { + config = { + config, + pkgs, + ... + }: { networking.firewall.enable = false; - environment.etc."resolv.conf".text = "nameserver 9.9.9.9"; + environment.etc."resolv.conf".text = "nameserver 9.9.9.9"; services.nextcloud = { enable = true; https = true; @@ -29,21 +32,21 @@ dbtype = "pgsql"; dbhost = "/run/postgresql"; adminpassFile = "/var/secret/nextcloud-admin-pass"; - trustedProxies = [ "10.0.3.1" ]; + trustedProxies = ["10.0.3.1"]; }; hostName = "wolke.katzen.cafe"; package = pkgs.nextcloud27; extraApps = with config.services.nextcloud.package.packages.apps; { inherit bookmarks calendar contacts; - user_oidc = pkgs.fetchNextcloudApp rec { + user_oidc = pkgs.fetchNextcloudApp rec { url = "https://github.com/nextcloud-releases/user_oidc/releases/download/v1.3.3/user_oidc-v1.3.3.tar.gz"; sha256 = "sha256-s8xr25a40/ot7KDv3Vn7WBm4Pb13LzzK62ZNYufXQ2w"; - }; + }; }; }; services.postgresql = { enable = true; - ensureDatabases = [ "nextcloud" ]; + ensureDatabases = ["nextcloud"]; ensureUsers = [ { name = "nextcloud"; @@ -56,9 +59,9 @@ }; deployment.keys = { "nextcloud-admin-pass" = { - keyCommand = [ "pass" "nextcloud/admin-password" ]; + keyCommand = ["pass" "nextcloud/admin-password"]; destDir = "/nextcloud/secret"; permissions = "0604"; }; }; -} \ No newline at end of file +} diff --git a/modules/proxy.nix b/modules/proxy.nix index 4325798..f214ab2 100644 --- a/modules/proxy.nix +++ b/modules/proxy.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { security.acme = { acceptTerms = true; defaults = { @@ -62,18 +61,18 @@ # "prosody.katzen.cafe" = { # group = "prosody"; # keyType = "rsa4096"; - # extraDomainNames = [ + # extraDomainNames = [ # "uploads.prosody.katzen.cafe" # "conference.prosody.katzen.cafe" # ]; # }; }; }; - - users.users.nginx.extraGroups = [ "acme" ]; + + users.users.nginx.extraGroups = ["acme"]; services.nginx = { enable = true; - + recommendedGzipSettings = true; recommendedOptimisation = true; recommendedTlsSettings = true; @@ -91,7 +90,7 @@ }; "_.katzen.cafe" = { # Catchall vhost, will redirect users to HTTPS for all vhosts - serverAliases = [ "*.katzen.cafe" ]; + serverAliases = ["*.katzen.cafe"]; locations."/.well-known/acme-challenge" = { root = "/var/lib/acme/acme-challenge"; }; @@ -99,7 +98,7 @@ return = "301 https://$host$request_uri"; root = "/var/www/miau"; }; - }; + }; "grafana.katzen.cafe" = { forceSSL = true; enableACME = true; @@ -112,7 +111,7 @@ forceSSL = true; enableACME = true; locations."/" = { - proxyPass = "http://localhost:8812"; + proxyPass = "http://localhost:8812"; proxyWebsockets = true; }; locations."/notifications/hub" = { @@ -131,12 +130,12 @@ proxyPass = "http://127.0.0.1:3000"; proxyWebsockets = true; extraConfig = '' - client_max_body_size 8M; + client_max_body_size 8M; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; - ''; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + ''; }; }; "pad.katzen.cafe" = { @@ -159,19 +158,19 @@ enableACME = true; locations."/" = { proxyPass = "http://127.0.0.3:8080"; - # proxy_set_header Host $host; + # proxy_set_header Host $host; extraConfig = '' - proxy_buffers 4 256k; - proxy_buffer_size 128k; - proxy_busy_buffers_size 256k; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $proxy_protocol_addr; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - ''; + proxy_buffers 4 256k; + proxy_buffer_size 128k; + proxy_busy_buffers_size 256k; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_protocol_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + ''; }; #extraConfig = '' - #''; + #''; }; "design.katzen.cafe" = { forceSSL = true; @@ -203,7 +202,7 @@ }; extraConfig = '' add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; - ''; + ''; }; }; };