mirror of
https://forge.katzen.cafe/katzen-cafe/katzen-cafe.git
synced 2024-11-05 15:36:23 +01:00
ein formatter ist passiert
This commit is contained in:
parent
a09be66c28
commit
f40587796a
|
@ -1,5 +1,4 @@
|
||||||
{ pkgs, ... }:
|
{pkgs, ...}: {
|
||||||
{
|
|
||||||
containers."nextcloud" = {
|
containers."nextcloud" = {
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
privateNetwork = true;
|
privateNetwork = true;
|
||||||
|
@ -19,9 +18,13 @@
|
||||||
isReadOnly = true;
|
isReadOnly = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
config = { config, pkgs, ... }: {
|
config = {
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
networking.firewall.enable = false;
|
networking.firewall.enable = false;
|
||||||
environment.etc."resolv.conf".text = "nameserver 9.9.9.9";
|
environment.etc."resolv.conf".text = "nameserver 9.9.9.9";
|
||||||
services.nextcloud = {
|
services.nextcloud = {
|
||||||
enable = true;
|
enable = true;
|
||||||
https = true;
|
https = true;
|
||||||
|
@ -29,21 +32,21 @@
|
||||||
dbtype = "pgsql";
|
dbtype = "pgsql";
|
||||||
dbhost = "/run/postgresql";
|
dbhost = "/run/postgresql";
|
||||||
adminpassFile = "/var/secret/nextcloud-admin-pass";
|
adminpassFile = "/var/secret/nextcloud-admin-pass";
|
||||||
trustedProxies = [ "10.0.3.1" ];
|
trustedProxies = ["10.0.3.1"];
|
||||||
};
|
};
|
||||||
hostName = "wolke.katzen.cafe";
|
hostName = "wolke.katzen.cafe";
|
||||||
package = pkgs.nextcloud27;
|
package = pkgs.nextcloud27;
|
||||||
extraApps = with config.services.nextcloud.package.packages.apps; {
|
extraApps = with config.services.nextcloud.package.packages.apps; {
|
||||||
inherit bookmarks calendar contacts;
|
inherit bookmarks calendar contacts;
|
||||||
user_oidc = pkgs.fetchNextcloudApp rec {
|
user_oidc = pkgs.fetchNextcloudApp rec {
|
||||||
url = "https://github.com/nextcloud-releases/user_oidc/releases/download/v1.3.3/user_oidc-v1.3.3.tar.gz";
|
url = "https://github.com/nextcloud-releases/user_oidc/releases/download/v1.3.3/user_oidc-v1.3.3.tar.gz";
|
||||||
sha256 = "sha256-s8xr25a40/ot7KDv3Vn7WBm4Pb13LzzK62ZNYufXQ2w";
|
sha256 = "sha256-s8xr25a40/ot7KDv3Vn7WBm4Pb13LzzK62ZNYufXQ2w";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
services.postgresql = {
|
services.postgresql = {
|
||||||
enable = true;
|
enable = true;
|
||||||
ensureDatabases = [ "nextcloud" ];
|
ensureDatabases = ["nextcloud"];
|
||||||
ensureUsers = [
|
ensureUsers = [
|
||||||
{
|
{
|
||||||
name = "nextcloud";
|
name = "nextcloud";
|
||||||
|
@ -56,9 +59,9 @@
|
||||||
};
|
};
|
||||||
deployment.keys = {
|
deployment.keys = {
|
||||||
"nextcloud-admin-pass" = {
|
"nextcloud-admin-pass" = {
|
||||||
keyCommand = [ "pass" "nextcloud/admin-password" ];
|
keyCommand = ["pass" "nextcloud/admin-password"];
|
||||||
destDir = "/nextcloud/secret";
|
destDir = "/nextcloud/secret";
|
||||||
permissions = "0604";
|
permissions = "0604";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
{ pkgs, ... }:
|
{pkgs, ...}: {
|
||||||
{
|
|
||||||
security.acme = {
|
security.acme = {
|
||||||
acceptTerms = true;
|
acceptTerms = true;
|
||||||
defaults = {
|
defaults = {
|
||||||
|
@ -62,18 +61,18 @@
|
||||||
# "prosody.katzen.cafe" = {
|
# "prosody.katzen.cafe" = {
|
||||||
# group = "prosody";
|
# group = "prosody";
|
||||||
# keyType = "rsa4096";
|
# keyType = "rsa4096";
|
||||||
# extraDomainNames = [
|
# extraDomainNames = [
|
||||||
# "uploads.prosody.katzen.cafe"
|
# "uploads.prosody.katzen.cafe"
|
||||||
# "conference.prosody.katzen.cafe"
|
# "conference.prosody.katzen.cafe"
|
||||||
# ];
|
# ];
|
||||||
# };
|
# };
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.nginx.extraGroups = [ "acme" ];
|
users.users.nginx.extraGroups = ["acme"];
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
recommendedGzipSettings = true;
|
recommendedGzipSettings = true;
|
||||||
recommendedOptimisation = true;
|
recommendedOptimisation = true;
|
||||||
recommendedTlsSettings = true;
|
recommendedTlsSettings = true;
|
||||||
|
@ -91,7 +90,7 @@
|
||||||
};
|
};
|
||||||
"_.katzen.cafe" = {
|
"_.katzen.cafe" = {
|
||||||
# Catchall vhost, will redirect users to HTTPS for all vhosts
|
# Catchall vhost, will redirect users to HTTPS for all vhosts
|
||||||
serverAliases = [ "*.katzen.cafe" ];
|
serverAliases = ["*.katzen.cafe"];
|
||||||
locations."/.well-known/acme-challenge" = {
|
locations."/.well-known/acme-challenge" = {
|
||||||
root = "/var/lib/acme/acme-challenge";
|
root = "/var/lib/acme/acme-challenge";
|
||||||
};
|
};
|
||||||
|
@ -99,7 +98,7 @@
|
||||||
return = "301 https://$host$request_uri";
|
return = "301 https://$host$request_uri";
|
||||||
root = "/var/www/miau";
|
root = "/var/www/miau";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
"grafana.katzen.cafe" = {
|
"grafana.katzen.cafe" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
@ -112,7 +111,7 @@
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://localhost:8812";
|
proxyPass = "http://localhost:8812";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
locations."/notifications/hub" = {
|
locations."/notifications/hub" = {
|
||||||
|
@ -131,12 +130,12 @@
|
||||||
proxyPass = "http://127.0.0.1:3000";
|
proxyPass = "http://127.0.0.1:3000";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
client_max_body_size 8M;
|
client_max_body_size 8M;
|
||||||
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header X-Forwarded-Proto https;
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
"pad.katzen.cafe" = {
|
"pad.katzen.cafe" = {
|
||||||
|
@ -159,19 +158,19 @@
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.3:8080";
|
proxyPass = "http://127.0.0.3:8080";
|
||||||
# proxy_set_header Host $host;
|
# proxy_set_header Host $host;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
proxy_buffers 4 256k;
|
proxy_buffers 4 256k;
|
||||||
proxy_buffer_size 128k;
|
proxy_buffer_size 128k;
|
||||||
proxy_busy_buffers_size 256k;
|
proxy_busy_buffers_size 256k;
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
|
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
#extraConfig = ''
|
#extraConfig = ''
|
||||||
#'';
|
#'';
|
||||||
};
|
};
|
||||||
"design.katzen.cafe" = {
|
"design.katzen.cafe" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
@ -203,7 +202,7 @@
|
||||||
};
|
};
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
|
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue