ein formatter ist passiert

This commit is contained in:
Schrottkatze 2023-12-09 22:06:23 +01:00
parent a09be66c28
commit f40587796a
2 changed files with 37 additions and 35 deletions

View file

@ -1,5 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
containers."nextcloud" = {
autoStart = true;
privateNetwork = true;
@ -19,9 +18,13 @@
isReadOnly = true;
};
};
config = { config, pkgs, ... }: {
config = {
config,
pkgs,
...
}: {
networking.firewall.enable = false;
environment.etc."resolv.conf".text = "nameserver 9.9.9.9";
environment.etc."resolv.conf".text = "nameserver 9.9.9.9";
services.nextcloud = {
enable = true;
https = true;
@ -29,21 +32,21 @@
dbtype = "pgsql";
dbhost = "/run/postgresql";
adminpassFile = "/var/secret/nextcloud-admin-pass";
trustedProxies = [ "10.0.3.1" ];
trustedProxies = ["10.0.3.1"];
};
hostName = "wolke.katzen.cafe";
package = pkgs.nextcloud27;
extraApps = with config.services.nextcloud.package.packages.apps; {
inherit bookmarks calendar contacts;
user_oidc = pkgs.fetchNextcloudApp rec {
user_oidc = pkgs.fetchNextcloudApp rec {
url = "https://github.com/nextcloud-releases/user_oidc/releases/download/v1.3.3/user_oidc-v1.3.3.tar.gz";
sha256 = "sha256-s8xr25a40/ot7KDv3Vn7WBm4Pb13LzzK62ZNYufXQ2w";
};
};
};
};
services.postgresql = {
enable = true;
ensureDatabases = [ "nextcloud" ];
ensureDatabases = ["nextcloud"];
ensureUsers = [
{
name = "nextcloud";
@ -56,9 +59,9 @@
};
deployment.keys = {
"nextcloud-admin-pass" = {
keyCommand = [ "pass" "nextcloud/admin-password" ];
keyCommand = ["pass" "nextcloud/admin-password"];
destDir = "/nextcloud/secret";
permissions = "0604";
};
};
}
}

View file

@ -1,5 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
security.acme = {
acceptTerms = true;
defaults = {
@ -62,18 +61,18 @@
# "prosody.katzen.cafe" = {
# group = "prosody";
# keyType = "rsa4096";
# extraDomainNames = [
# extraDomainNames = [
# "uploads.prosody.katzen.cafe"
# "conference.prosody.katzen.cafe"
# ];
# };
};
};
users.users.nginx.extraGroups = [ "acme" ];
users.users.nginx.extraGroups = ["acme"];
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
@ -91,7 +90,7 @@
};
"_.katzen.cafe" = {
# Catchall vhost, will redirect users to HTTPS for all vhosts
serverAliases = [ "*.katzen.cafe" ];
serverAliases = ["*.katzen.cafe"];
locations."/.well-known/acme-challenge" = {
root = "/var/lib/acme/acme-challenge";
};
@ -99,7 +98,7 @@
return = "301 https://$host$request_uri";
root = "/var/www/miau";
};
};
};
"grafana.katzen.cafe" = {
forceSSL = true;
enableACME = true;
@ -112,7 +111,7 @@
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:8812";
proxyPass = "http://localhost:8812";
proxyWebsockets = true;
};
locations."/notifications/hub" = {
@ -131,12 +130,12 @@
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true;
extraConfig = ''
client_max_body_size 8M;
client_max_body_size 8M;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
'';
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
'';
};
};
"pad.katzen.cafe" = {
@ -159,19 +158,19 @@
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.3:8080";
# proxy_set_header Host $host;
# proxy_set_header Host $host;
extraConfig = ''
proxy_buffers 4 256k;
proxy_buffer_size 128k;
proxy_busy_buffers_size 256k;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
proxy_buffers 4 256k;
proxy_buffer_size 128k;
proxy_busy_buffers_size 256k;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
#extraConfig = ''
#'';
#'';
};
"design.katzen.cafe" = {
forceSSL = true;
@ -203,7 +202,7 @@
};
extraConfig = ''
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
'';
'';
};
};
};