diff --git a/configuration.nix b/configuration.nix index 30aa309..2e30133 100644 --- a/configuration.nix +++ b/configuration.nix @@ -115,8 +115,6 @@ filebrowser dufs git - git-graph - gitui helix nil starship diff --git a/coturn.nix b/coturn.nix index 40978ac..ec5e853 100644 --- a/coturn.nix +++ b/coturn.nix @@ -56,30 +56,17 @@ allowedTCPPorts = [ 3478 5349 ]; }; }; - services.nginx = { - enable = true; - virtualHosts."turn.sondell.org" = { - forceSSL = true; - enableACME = true; - }; - }; # get a certificate - users.users.nginx.extraGroups = [ - "turnserver" - ]; - # security.acme.certs.${config.services.coturn.realm} = { - # /* insert here the right configuration to obtain a certificate */ - # postRun = "systemctl restart coturn.service"; - # group = "turnserver"; - # }; - # configure synapse to point users to coturn - services.matrix-synapse = with config.services.coturn; { - settings.turn_uris = ["turn:${realm}:3478?transport=udp" "turn:${realm}:3478?transport=tcp"]; - settings.turn_user_lifetime = "1h"; - # turn_shared_secret = static-auth-secret; - extraConfigFiles = [ - config.services.coturn.static-auth-secret-file - ]; + security.acme.certs.${config.services.coturn.realm} = { + /* insert here the right configuration to obtain a certificate */ + postRun = "systemctl restart coturn.service"; + group = "turnserver"; }; + # configure synapse to point users to coturn + # services.matrix-synapse = with config.services.coturn; { + # turn_uris = ["turn:${realm}:3478?transport=udp" "turn:${realm}:3478?transport=tcp"]; + # turn_shared_secret = static-auth-secret; + # turn_user_lifetime = "1h"; + # }; } diff --git a/dbg/err.log b/dbg/err.log deleted file mode 100644 index db91d97..0000000 --- a/dbg/err.log +++ /dev/null @@ -1,104 +0,0 @@ -apr 03 10:27:48 nixos Nextcloud[150872]: {"reqId":"pW9oiFQa0uFJNtYkN650", -"level":4, -"time":"2024-04-03T08:27:48+00:00", -"remoteAddr":"", -"user":"--", -"app":"no app in context", -"method":"", -"url":"--", -"message":"{\"Exception\":\"RedisException\", -\"Message\":\"ERR AUTH called without any password configured for the default user. Are you sure your configuration is correct?\", -\"Code\":0, -\"Trace\":[{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/RedisFactory.php\", -\"line\":123, -\"function\":\"auth\", -\"class\":\"Redis\", -\"type\":\"->\", -\"args\":[\"*** sensitive parameters replaced ***\"]}, -{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/RedisFactory.php\", -\"line\":158, -\"function\":\"create\", -\"class\":\"OC\\\\RedisFactory\", -\"type\":\"->\", -\"args\":[\"*** sensitive parameters replaced ***\"]}, -{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/Memcache/Redis.php\", -\"line\":70, -\"function\":\"getInstance\", -\"class\":\"OC\\\\RedisFactory\", -\"type\":\"->\", -\"args\":[]}, -{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/Memcache/Redis.php\", -\"line\":76, -\"function\":\"getCache\", -\"class\":\"OC\\\\Memcache\\\\Redis\", -\"type\":\"->\", -\"args\":[]}, -{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/apps/workflowengine/lib/Manager.php\", -\"line\":113, -\"function\":\"get\", -\"class\":\"OC\\\\Memcache\\\\Redis\", -\"type\":\"->\", -\"args\":[\"events\"]}, -{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/apps/workflowengine/lib/AppInfo/Application.php\", -\"line\":71, -\"function\":\"getAllConfiguredEvents\", -\"class\":\"OCA\\\\WorkflowEngine\\\\Manager\", -\"type\":\"->\", -\"args\":[]}, -{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/AppFramework/Bootstrap/FunctionInjector.php\", -\"line\":45, -\"function\":\"registerRuleListeners\", -\"class\":\"OCA\\\\WorkflowEngine\\\\AppInfo\\\\Application\", -\"type\":\"->\", -\"args\":[[\"OC\\\\EventDispatcher\\\\EventDispatcher\"], -[\"OC\\\\AppFramework\\\\DependencyInjection\\\\DIContainer\"], -[\"OC\\\\AppFramework\\\\ScopedPsrLogger\"]]}, -{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/AppFramework/Bootstrap/BootContext.php\", -\"line\":50, -\"function\":\"injectFn\", -\"class\":\"OC\\\\AppFramework\\\\Bootstrap\\\\FunctionInjector\", -\"type\":\"->\", -\"args\":[[\"Closure\"]]}, -{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/apps/workflowengine/lib/AppInfo/Application.php\", -\"line\":63, -\"function\":\"injectFn\", -\"class\":\"OC\\\\AppFramework\\\\Bootstrap\\\\BootContext\", -\"type\":\"->\", -\"args\":[[\"Closure\"]]}, -{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/AppFramework/Bootstrap/Coordinator.php\", -\"line\":200, -\"function\":\"boot\", -\"class\":\"OCA\\\\WorkflowEngine\\\\AppInfo\\\\Application\", -\"type\":\"->\", -\"args\":[[\"OC\\\\AppFramework\\\\Bootstrap\\\\BootContext\"]]}, -{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/App/AppManager.php\", -\"line\":434, -\"function\":\"bootApp\", -\"class\":\"OC\\\\AppFramework\\\\Bootstrap\\\\Coordinator\", -\"type\":\"->\", -\"args\":[\"workflowengine\"]}, -{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/App/AppManager.php\", -\"line\":213, -\"function\":\"loadApp\", -\"class\":\"OC\\\\App\\\\AppManager\", -\"type\":\"->\", -\"args\":[\"workflowengine\"]}, -{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/legacy/OC_App.php\", -\"line\":125, -\"function\":\"loadApps\", -\"class\":\"OC\\\\App\\\\AppManager\", -\"type\":\"->\", -\"args\":[[]]}, -{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/cron.php\", -\"line\":55, -\"function\":\"loadApps\", -\"class\":\"OC_App\", -\"type\":\"::\", -\"args\":[]}], -\"File\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/RedisFactory.php\", -\"Line\":123, -\"message\":\"Could not boot workflowengine: ERR AUTH called without any password configured for the default user. Are you sure your configuration is correct?\", -\"exception\":{}, -\"CustomMessage\":\"Could not boot workflowengine: ERR AUTH called without any password configured for the default user. Are you sure your configuration is correct?\"}", -"userAgent":"--", -"version":"28.0.3.2"} diff --git a/dbg/nextcloud b/dbg/nextcloud deleted file mode 120000 index a9d8301..0000000 --- a/dbg/nextcloud +++ /dev/null @@ -1 +0,0 @@ -/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3 \ No newline at end of file diff --git a/dbg/nextcloud.cfg b/dbg/nextcloud.cfg deleted file mode 120000 index 3d49117..0000000 --- a/dbg/nextcloud.cfg +++ /dev/null @@ -1 +0,0 @@ -/var/lib/nextcloud \ No newline at end of file diff --git a/dbg/nextredis.cfg b/dbg/nextredis.cfg deleted file mode 120000 index c0f2e69..0000000 --- a/dbg/nextredis.cfg +++ /dev/null @@ -1 +0,0 @@ -/var/lib/redis-nextcloud \ No newline at end of file diff --git a/dbg/redis-nixos.conf b/dbg/redis-nixos.conf deleted file mode 120000 index 90d4e8d..0000000 --- a/dbg/redis-nixos.conf +++ /dev/null @@ -1 +0,0 @@ -/nix/store/alsv8fyd8m1j006sz7c6p8x9cn9kmz7f-redis.conf \ No newline at end of file diff --git a/filebrowser.nix b/filebrowser.nix index 2381a7f..5d346c6 100644 --- a/filebrowser.nix +++ b/filebrowser.nix @@ -19,7 +19,7 @@ in }; systemd.services.tailBrowser = with pkgs; { - enable = false; + enable = true; description = "serve via tailscale filebrowser"; wantedBy = [ "multi-user.target" ]; unitConfig = { diff --git a/flake.lock b/flake.lock index daae977..10091ea 100644 --- a/flake.lock +++ b/flake.lock @@ -1,37 +1,5 @@ { "nodes": { - "blobs": { - "flake": false, - "locked": { - "lastModified": 1604995301, - "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", - "owner": "simple-nixos-mailserver", - "repo": "blobs", - "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", - "type": "gitlab" - }, - "original": { - "owner": "simple-nixos-mailserver", - "repo": "blobs", - "type": "gitlab" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems" @@ -71,36 +39,13 @@ "url": "https://git.sondell.org/glennwso/home.git" } }, - "nixos-mailserver": { - "inputs": { - "blobs": "blobs", - "flake-compat": "flake-compat", - "nixpkgs": [ - "nixpkgs" - ], - "utils": "utils" - }, - "locked": { - "lastModified": 1710449465, - "narHash": "sha256-2orO8nfplp6uQJBFqKkj1iyNMC6TysmwbWwbb4osTag=", - "owner": "simple-nixos-mailserver", - "repo": "nixos-mailserver", - "rev": "79c8cfcd5873a85559da6201b116fb38b490d030", - "type": "gitlab" - }, - "original": { - "owner": "simple-nixos-mailserver", - "repo": "nixos-mailserver", - "type": "gitlab" - } - }, "nixpkgs": { "locked": { - "lastModified": 1711703276, - "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", + "lastModified": 1709237383, + "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", + "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8", "type": "github" }, "original": { @@ -113,7 +58,6 @@ "root": { "inputs": { "home": "home", - "nixos-mailserver": "nixos-mailserver", "nixpkgs": "nixpkgs" } }, @@ -131,39 +75,6 @@ "repo": "default", "type": "github" } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "utils": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1709126324, - "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "d465f4819400de7c8d874d50b982301f28a84605", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 217f656..d733922 100644 --- a/flake.nix +++ b/flake.nix @@ -2,16 +2,11 @@ inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; inputs.home.url = "git+https://git.sondell.org/glennwso/home.git"; inputs.home.inputs.nixpkgs.follows = "nixpkgs"; - inputs.nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - outputs = { self, nixpkgs, home, nixos-mailserver}@attrs: + outputs = { self, nixpkgs, home }@attrs: let system = "x86_64-linux"; homepage = home.packages.${system}.default; - mailserver = nixos-mailserver.nixosModules.default; in { # replace 'joes-desktop' with your hostname here. @@ -29,9 +24,8 @@ ./filebrowser.nix ./tail.nix ./matrix.nix - ./coturn.nix - (import ./mail.nix {inherit mailserver;}) (import ./homepage.nix {inherit homepage;}) + # ./coturn.nix # disabled becouse tls not solved ]; }; diff --git a/forgejo.nix b/forgejo.nix index aa7e852..bc93c06 100644 --- a/forgejo.nix +++ b/forgejo.nix @@ -28,8 +28,6 @@ in }; services.nginx.virtualHosts.${domain} = { - enableACME = true; - forceSSL = true; locations."/" = { proxyPass = "http://localhost:3000/"; }; diff --git a/mail.nix b/mail.nix deleted file mode 100644 index 9e2d483..0000000 --- a/mail.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ mailserver , ... }: -{ - imports = [ - mailserver - ]; - - mailserver = { - enable = true; - fqdn = "mail.sondell.org"; - domains = [ "sondell.org" ]; - - # A list of all login accounts. To create the password hashes, use - # cat .secrets/nextadminpw | nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' > .secrets/mailpw.hash - loginAccounts = { - "admin@sondell.org" = { - hashedPasswordFile = "/etc/nixos/.secrets/mailpw.hash"; - aliases = ["info@sondell.org"]; - }; - }; - - # Use Let's Encrypt certificates. Note that this needs to set up a stripped - # down nginx and opens port 80. - certificateScheme = "acme-nginx"; - }; - - # services.roundcube = { - # enable = true; - # # this is the url of the vhost, not necessarily the same as the fqdn of - # # the mailserver - # hostName = "webmail.sondell.org"; - # extraConfig = '' - # # starttls needed for authentication, so the fqdn required to match - # # the certificate - # $config['smtp_server'] = "tls://${mailserver.fqdn}"; - # $config['smtp_user'] = "%u"; - # $config['smtp_pass'] = "%p"; - # ''; - # }; - -} diff --git a/matrix.nix b/matrix.nix index 05be83b..5957519 100644 --- a/matrix.nix +++ b/matrix.nix @@ -2,6 +2,7 @@ let domain = "sondell.org"; + matrixAdress = "m.${domain}"; hostName = "matrix"; fqdn = "${hostName}.${domain}"; baseUrl = "https://${fqdn}"; @@ -52,11 +53,11 @@ services.postgresql = { services.nginx.virtualHosts = { ${fqdn} = { - enableACME = true; - forceSSL = true; - # locations."/".extraConfig = '' - # return 404; - # ''; + # enableACME = true; + # forceSSL = true; + locations."/".extraConfig = '' + return 404; + ''; # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash # *must not* be used here. locations."/_matrix".proxyPass = "http://[::1]:8008"; @@ -64,21 +65,21 @@ services.postgresql = { locations."/_synapse/client".proxyPass = "http://[::1]:8008"; }; - ${domain} = { - enableACME = true; - forceSSL = true; - # locations."/" = { - # proxyPass = "http://localhost:8008"; - # }; - # This section is not needed if the server_name of matrix-synapse is equal to - # the domain (i.e. example.org from @foo:example.org) and the federation port - # is 8448. - # Further reference can be found in the docs about delegation under - # https://element-hq.github.io/synapse/latest/delegate.html + ${matrixAdress} = { + # enableACME = true; + # forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:8008"; + }; + # # This section is not needed if the server_name of matrix-synapse is equal to + # # the domain (i.e. example.org from @foo:example.org) and the federation port + # # is 8448. + # # Further reference can be found in the docs about delegation under + # # https://element-hq.github.io/synapse/latest/delegate.html locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; - # This is usually needed for homeserver discovery (from e.g. other Matrix clients). - # Further reference can be found in the upstream docs at - # https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient + # # This is usually needed for homeserver discovery (from e.g. other Matrix clients). + # # Further reference can be found in the upstream docs at + # # https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; }; }; diff --git a/nextcloud.nix b/nextcloud.nix index 20916c6..2c82b49 100644 --- a/nextcloud.nix +++ b/nextcloud.nix @@ -1,18 +1,24 @@ { self, config, lib, pkgs, ... }: -let -domain = "cloud.sondell.org"; -nextcloud = pkgs.nextcloud28; +let domain = "cloud.sondell.org"; in { + # Based on https://carjorvaz.com/posts/the-holy-grail-nextcloud-setup-made-easy-by-nixos/ + # security.acme = { + # acceptTerms = true; + # defaults = { + # email = "glennpub@proton.me"; + # dnsProvider = "cloudflare"; + # # # location of your CLOUDFLARE_DNS_API_TOKEN=[value] + # # # https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#EnvironmentFile= + # environmentFile = "/REPLACE/WITH/YOUR/PATH"; + # }; + # }; - environment.systemPackages = [ - nextcloud - ]; services = { nginx.virtualHosts = { ${domain} = { - forceSSL = true; - enableACME = true; + # forceSSL = true; + # enableACME = true; # Use DNS Challenege. # acmeRoot = null; }; @@ -23,27 +29,24 @@ in enable = true; hostName = domain; # Need to manually increment with every major upgrade. - package = nextcloud; + package = pkgs.nextcloud28; # Let NixOS install and configure the database automatically. database.createLocally = true; + # Let NixOS install and configure Redis caching automatically. + configureRedis = true; # Increase the maximum file upload size. maxUploadSize = "16G"; https = true; autoUpdateApps.enable = true; extraAppsEnable = true; - # Let NixOS install and configure Redis caching automatically. - configureRedis = true; - settings = { - maintenance_window_start = 1; - }; extraOptions = { - # redis = { - # # host = "/run/redis/redis.sock"; - # port = 0; - # dbindex = 0; - # password = "secret"; - # timeout = 1.5; - # }; + redis = { + host = "/run/redis/redis.sock"; + port = 0; + dbindex = 0; + password = "secret"; + timeout = 1.5; + }; }; extraApps = with config.services.nextcloud.package.packages.apps; { # List of apps we want to install and are already packaged in @@ -52,7 +55,7 @@ in }; config = { overwriteProtocol = "https"; - defaultPhoneRegion = "SE"; + # defaultPhoneRegion = "US"; dbtype = "pgsql"; adminuser = "admin"; adminpassFile = "/etc/nixos/.secrets/nextadminpw"; @@ -66,14 +69,4 @@ in # startAt = "*-*-* 01:15:00"; # }; }; - services.onlyoffice = { - enable = true; - port = 8123; - hostname = "office.sondell.org"; - }; - services.nginx.virtualHosts."office.sondell.org" = { - forceSSL = true; - enableACME = true; - # locations."/".proxyPass = "http://12:8123"; - }; } diff --git a/tail.nix b/tail.nix index 8f67616..acdd2bb 100644 --- a/tail.nix +++ b/tail.nix @@ -1,7 +1,7 @@ { config, ... }: { services.tailscale = { - enable =false; + enable =true; useRoutingFeatures = "both"; extraUpFlags = [ "--advertise-exit-node" diff --git a/tunnel.nix b/tunnel.nix index cc3730d..cb34469 100644 --- a/tunnel.nix +++ b/tunnel.nix @@ -3,19 +3,19 @@ services.nginx = { enable = true; clientMaxBodySize = "10g"; - # defaultHTTPListenPort = 1234; + defaultHTTPListenPort = 1234; }; services.cloudflared = { - enable = false; - # tunnels = { - # "tulpan" = { - # credentialsFile = "/etc/nixos/.secrets/tulpan-tunnel.json"; - # default = "http_status:404"; - # ingress = { - # "*.sondell.org" = "http://localhost:1234"; - # "sondell.org" = "http://localhost:1234"; - # }; - # }; - # }; + enable = true; + tunnels = { + "tulpan" = { + credentialsFile = "/etc/nixos/.secrets/tulpan-tunnel.json"; + default = "http_status:404"; + ingress = { + "*.sondell.org" = "http://localhost:1234"; + "sondell.org" = "http://localhost:1234"; + }; + }; + }; }; }