schrottkatze/katzen-cafe
1
0
Fork 0
mirror of https://forge.katzen.cafe/katzen-cafe/katzen-cafe.git synced 2024-11-05 15:36:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

ein formatter ist passiert

Browse source
This commit is contained in:
Schrottkatze 2023-12-09 22:06:23 +01:00
parent a09be66c28
commit f40587796a
2 changed files with 37 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
modules/containers/nextcloud.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }: {pkgs, ...}: {
{
containers."nextcloud" = { containers."nextcloud" = {
autoStart = true; autoStart = true;
privateNetwork = true; privateNetwork = true;
@ -19,9 +18,13 @@
isReadOnly = true; isReadOnly = true;
}; };
}; };
config = { config, pkgs, ... }: { config = {
config,
pkgs,
...
}: {
networking.firewall.enable = false; networking.firewall.enable = false;
environment.etc."resolv.conf".text = "nameserver 9.9.9.9"; environment.etc."resolv.conf".text = "nameserver 9.9.9.9";
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
https = true; https = true;
@ -29,21 +32,21 @@
dbtype = "pgsql"; dbtype = "pgsql";
dbhost = "/run/postgresql"; dbhost = "/run/postgresql";
adminpassFile = "/var/secret/nextcloud-admin-pass"; adminpassFile = "/var/secret/nextcloud-admin-pass";
trustedProxies = [ "10.0.3.1" ]; trustedProxies = ["10.0.3.1"];
}; };
hostName = "wolke.katzen.cafe"; hostName = "wolke.katzen.cafe";
package = pkgs.nextcloud27; package = pkgs.nextcloud27;
extraApps = with config.services.nextcloud.package.packages.apps; { extraApps = with config.services.nextcloud.package.packages.apps; {
inherit bookmarks calendar contacts; inherit bookmarks calendar contacts;
user_oidc = pkgs.fetchNextcloudApp rec { user_oidc = pkgs.fetchNextcloudApp rec {
url = "https://github.com/nextcloud-releases/user_oidc/releases/download/v1.3.3/user_oidc-v1.3.3.tar.gz"; url = "https://github.com/nextcloud-releases/user_oidc/releases/download/v1.3.3/user_oidc-v1.3.3.tar.gz";
sha256 = "sha256-s8xr25a40/ot7KDv3Vn7WBm4Pb13LzzK62ZNYufXQ2w"; sha256 = "sha256-s8xr25a40/ot7KDv3Vn7WBm4Pb13LzzK62ZNYufXQ2w";
}; };
}; };
}; };
services.postgresql = { services.postgresql = {
enable = true; enable = true;
ensureDatabases = [ "nextcloud" ]; ensureDatabases = ["nextcloud"];
ensureUsers = [ ensureUsers = [
{ {
name = "nextcloud"; name = "nextcloud";
@ -56,9 +59,9 @@
}; };
deployment.keys = { deployment.keys = {
"nextcloud-admin-pass" = { "nextcloud-admin-pass" = {
keyCommand = [ "pass" "nextcloud/admin-password" ]; keyCommand = ["pass" "nextcloud/admin-password"];
destDir = "/nextcloud/secret"; destDir = "/nextcloud/secret";
permissions = "0604"; permissions = "0604";
}; };
}; };
} }

49
modules/proxy.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }: {pkgs, ...}: {
{
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults = { defaults = {
@ -62,18 +61,18 @@
# "prosody.katzen.cafe" = { # "prosody.katzen.cafe" = {
# group = "prosody"; # group = "prosody";
# keyType = "rsa4096"; # keyType = "rsa4096";
# extraDomainNames = [ # extraDomainNames = [
# "uploads.prosody.katzen.cafe" # "uploads.prosody.katzen.cafe"
# "conference.prosody.katzen.cafe" # "conference.prosody.katzen.cafe"
# ]; # ];
# }; # };
}; };
}; };
users.users.nginx.extraGroups = [ "acme" ]; users.users.nginx.extraGroups = ["acme"];
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
@ -91,7 +90,7 @@
}; };
"_.katzen.cafe" = { "_.katzen.cafe" = {
# Catchall vhost, will redirect users to HTTPS for all vhosts # Catchall vhost, will redirect users to HTTPS for all vhosts
serverAliases = [ "*.katzen.cafe" ]; serverAliases = ["*.katzen.cafe"];
locations."/.well-known/acme-challenge" = { locations."/.well-known/acme-challenge" = {
root = "/var/lib/acme/acme-challenge"; root = "/var/lib/acme/acme-challenge";
}; };
@ -99,7 +98,7 @@
return = "301 https://$host$request_uri"; return = "301 https://$host$request_uri";
root = "/var/www/miau"; root = "/var/www/miau";
}; };
}; };
"grafana.katzen.cafe" = { "grafana.katzen.cafe" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@ -112,7 +111,7 @@
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://localhost:8812"; proxyPass = "http://localhost:8812";
proxyWebsockets = true; proxyWebsockets = true;
}; };
locations."/notifications/hub" = { locations."/notifications/hub" = {
@ -131,12 +130,12 @@
proxyPass = "http://127.0.0.1:3000"; proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = '' extraConfig = ''
client_max_body_size 8M; client_max_body_size 8M;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Proto https;
''; '';
}; };
}; };
"pad.katzen.cafe" = { "pad.katzen.cafe" = {
@ -159,19 +158,19 @@
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.3:8080"; proxyPass = "http://127.0.0.3:8080";
# proxy_set_header Host $host; # proxy_set_header Host $host;
extraConfig = '' extraConfig = ''
proxy_buffers 4 256k; proxy_buffers 4 256k;
proxy_buffer_size 128k; proxy_buffer_size 128k;
proxy_busy_buffers_size 256k; proxy_busy_buffers_size 256k;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_protocol_addr; proxy_set_header X-Forwarded-For $proxy_protocol_addr;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
''; '';
}; };
#extraConfig = '' #extraConfig = ''
#''; #'';
}; };
"design.katzen.cafe" = { "design.katzen.cafe" = {
forceSSL = true; forceSSL = true;
@ -203,7 +202,7 @@
}; };
extraConfig = '' extraConfig = ''
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
''; '';
}; };
}; };
}; };