From 4d9d07cabeb2e70aef0a6f4a4f918ef0b93f6de1 Mon Sep 17 00:00:00 2001 From: admin Date: Tue, 2 Apr 2024 10:47:01 +0200 Subject: [PATCH 01/14] gitui --- configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configuration.nix b/configuration.nix index 2e30133..3746163 100644 --- a/configuration.nix +++ b/configuration.nix @@ -115,6 +115,7 @@ filebrowser dufs git + gitui helix nil starship From cb0ddd5072fd50c6f22382c3927205bfc7c04cee Mon Sep 17 00:00:00 2001 From: admin Date: Tue, 2 Apr 2024 11:03:48 +0200 Subject: [PATCH 02/14] fix: dubble config redis --- nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nextcloud.nix b/nextcloud.nix index 2c82b49..c501a7c 100644 --- a/nextcloud.nix +++ b/nextcloud.nix @@ -41,7 +41,7 @@ in extraAppsEnable = true; extraOptions = { redis = { - host = "/run/redis/redis.sock"; + # host = "/run/redis/redis.sock"; port = 0; dbindex = 0; password = "secret"; From d413a5f2b16efbe183b04b59e126e9a81e77b3fe Mon Sep 17 00:00:00 2001 From: admin Date: Tue, 2 Apr 2024 13:52:13 +0200 Subject: [PATCH 03/14] revert: flake.lock matrix --- flake.lock | 55 ------------------------------------------------------ matrix.nix | 27 +++++++++++++-------------- 2 files changed, 13 insertions(+), 69 deletions(-) diff --git a/flake.lock b/flake.lock index 10091ea..1bb48ae 100644 --- a/flake.lock +++ b/flake.lock @@ -1,44 +1,5 @@ { "nodes": { - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "home": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1711535911, - "narHash": "sha256-SzgDrsyBskLyipFzsKwPOKP9FMgGB+6tUQ0VpeGQ/1Y=", - "ref": "refs/heads/main", - "rev": "80221fa4d735fbc232d97d3384c8af0e40a4e331", - "revCount": 9, - "type": "git", - "url": "https://git.sondell.org/glennwso/home.git" - }, - "original": { - "type": "git", - "url": "https://git.sondell.org/glennwso/home.git" - } - }, "nixpkgs": { "locked": { "lastModified": 1709237383, @@ -57,24 +18,8 @@ }, "root": { "inputs": { - "home": "home", "nixpkgs": "nixpkgs" } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/matrix.nix b/matrix.nix index 5957519..cc2d4c5 100644 --- a/matrix.nix +++ b/matrix.nix @@ -2,7 +2,6 @@ let domain = "sondell.org"; - matrixAdress = "m.${domain}"; hostName = "matrix"; fqdn = "${hostName}.${domain}"; baseUrl = "https://${fqdn}"; @@ -53,8 +52,8 @@ services.postgresql = { services.nginx.virtualHosts = { ${fqdn} = { - # enableACME = true; - # forceSSL = true; + enableACME = true; + forceSSL = true; locations."/".extraConfig = '' return 404; ''; @@ -65,21 +64,21 @@ services.postgresql = { locations."/_synapse/client".proxyPass = "http://[::1]:8008"; }; - ${matrixAdress} = { - # enableACME = true; - # forceSSL = true; + ${domain} = { + enableACME = true; + forceSSL = true; locations."/" = { proxyPass = "http://localhost:8008"; }; - # # This section is not needed if the server_name of matrix-synapse is equal to - # # the domain (i.e. example.org from @foo:example.org) and the federation port - # # is 8448. - # # Further reference can be found in the docs about delegation under - # # https://element-hq.github.io/synapse/latest/delegate.html + # This section is not needed if the server_name of matrix-synapse is equal to + # the domain (i.e. example.org from @foo:example.org) and the federation port + # is 8448. + # Further reference can be found in the docs about delegation under + # https://element-hq.github.io/synapse/latest/delegate.html locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; - # # This is usually needed for homeserver discovery (from e.g. other Matrix clients). - # # Further reference can be found in the upstream docs at - # # https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient + # This is usually needed for homeserver discovery (from e.g. other Matrix clients). + # Further reference can be found in the upstream docs at + # https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; }; }; From 09d9b3a17289f1377dc09240fc59ed13e37f2228 Mon Sep 17 00:00:00 2001 From: admin Date: Tue, 2 Apr 2024 13:53:25 +0200 Subject: [PATCH 04/14] disable: tunnel becouse it prevented acme --- tunnel.nix | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/tunnel.nix b/tunnel.nix index cb34469..cc3730d 100644 --- a/tunnel.nix +++ b/tunnel.nix @@ -3,19 +3,19 @@ services.nginx = { enable = true; clientMaxBodySize = "10g"; - defaultHTTPListenPort = 1234; + # defaultHTTPListenPort = 1234; }; services.cloudflared = { - enable = true; - tunnels = { - "tulpan" = { - credentialsFile = "/etc/nixos/.secrets/tulpan-tunnel.json"; - default = "http_status:404"; - ingress = { - "*.sondell.org" = "http://localhost:1234"; - "sondell.org" = "http://localhost:1234"; - }; - }; - }; + enable = false; + # tunnels = { + # "tulpan" = { + # credentialsFile = "/etc/nixos/.secrets/tulpan-tunnel.json"; + # default = "http_status:404"; + # ingress = { + # "*.sondell.org" = "http://localhost:1234"; + # "sondell.org" = "http://localhost:1234"; + # }; + # }; + # }; }; } From 0402b4b0ee8f1968a8eac1acb52e664436242aec Mon Sep 17 00:00:00 2001 From: admin Date: Tue, 2 Apr 2024 13:53:57 +0200 Subject: [PATCH 05/14] git graph --- configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configuration.nix b/configuration.nix index 3746163..30aa309 100644 --- a/configuration.nix +++ b/configuration.nix @@ -115,6 +115,7 @@ filebrowser dufs git + git-graph gitui helix nil From 972a83efac33d8b187bbca5ef301038f97cfb570 Mon Sep 17 00:00:00 2001 From: admin Date: Tue, 2 Apr 2024 13:56:35 +0200 Subject: [PATCH 06/14] enable turn --- coturn.nix | 10 +++++----- flake.nix | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/coturn.nix b/coturn.nix index ec5e853..6354b40 100644 --- a/coturn.nix +++ b/coturn.nix @@ -63,10 +63,10 @@ group = "turnserver"; }; # configure synapse to point users to coturn - # services.matrix-synapse = with config.services.coturn; { - # turn_uris = ["turn:${realm}:3478?transport=udp" "turn:${realm}:3478?transport=tcp"]; - # turn_shared_secret = static-auth-secret; - # turn_user_lifetime = "1h"; - # }; + services.matrix-synapse = with config.services.coturn; { + turn_uris = ["turn:${realm}:3478?transport=udp" "turn:${realm}:3478?transport=tcp"]; + turn_shared_secret = static-auth-secret; + turn_user_lifetime = "1h"; + }; } diff --git a/flake.nix b/flake.nix index d733922..83072cc 100644 --- a/flake.nix +++ b/flake.nix @@ -19,13 +19,13 @@ ./audiobooks.nix ./tunnel.nix ./forgejo.nix - ./nextcloud.nix + # ./nextcloud.nix ./jellyfin.nix ./filebrowser.nix ./tail.nix ./matrix.nix - (import ./homepage.nix {inherit homepage;}) - # ./coturn.nix # disabled becouse tls not solved + ./coturn.nix # disabled becouse tls not solved + # (import ./homepage.nix {inherit homepage;}) ]; }; From 8201cafa28d261e5a1bbec76f4dba2dd3846ba67 Mon Sep 17 00:00:00 2001 From: admin Date: Tue, 2 Apr 2024 17:55:12 +0200 Subject: [PATCH 07/14] fix: acme was blocked by tailscale --- coturn.nix | 29 ++++++++++++++++++++-------- flake.lock | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 2 +- tail.nix | 2 +- 4 files changed, 78 insertions(+), 10 deletions(-) diff --git a/coturn.nix b/coturn.nix index 6354b40..40978ac 100644 --- a/coturn.nix +++ b/coturn.nix @@ -56,17 +56,30 @@ allowedTCPPorts = [ 3478 5349 ]; }; }; - # get a certificate - security.acme.certs.${config.services.coturn.realm} = { - /* insert here the right configuration to obtain a certificate */ - postRun = "systemctl restart coturn.service"; - group = "turnserver"; + services.nginx = { + enable = true; + virtualHosts."turn.sondell.org" = { + forceSSL = true; + enableACME = true; + }; }; + # get a certificate + users.users.nginx.extraGroups = [ + "turnserver" + ]; + # security.acme.certs.${config.services.coturn.realm} = { + # /* insert here the right configuration to obtain a certificate */ + # postRun = "systemctl restart coturn.service"; + # group = "turnserver"; + # }; # configure synapse to point users to coturn services.matrix-synapse = with config.services.coturn; { - turn_uris = ["turn:${realm}:3478?transport=udp" "turn:${realm}:3478?transport=tcp"]; - turn_shared_secret = static-auth-secret; - turn_user_lifetime = "1h"; + settings.turn_uris = ["turn:${realm}:3478?transport=udp" "turn:${realm}:3478?transport=tcp"]; + settings.turn_user_lifetime = "1h"; + # turn_shared_secret = static-auth-secret; + extraConfigFiles = [ + config.services.coturn.static-auth-secret-file + ]; }; } diff --git a/flake.lock b/flake.lock index 1bb48ae..10091ea 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,44 @@ { "nodes": { + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1711535911, + "narHash": "sha256-SzgDrsyBskLyipFzsKwPOKP9FMgGB+6tUQ0VpeGQ/1Y=", + "ref": "refs/heads/main", + "rev": "80221fa4d735fbc232d97d3384c8af0e40a4e331", + "revCount": 9, + "type": "git", + "url": "https://git.sondell.org/glennwso/home.git" + }, + "original": { + "type": "git", + "url": "https://git.sondell.org/glennwso/home.git" + } + }, "nixpkgs": { "locked": { "lastModified": 1709237383, @@ -18,8 +57,24 @@ }, "root": { "inputs": { + "home": "home", "nixpkgs": "nixpkgs" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 83072cc..6e2c5e1 100644 --- a/flake.nix +++ b/flake.nix @@ -24,7 +24,7 @@ ./filebrowser.nix ./tail.nix ./matrix.nix - ./coturn.nix # disabled becouse tls not solved + ./coturn.nix # (import ./homepage.nix {inherit homepage;}) ]; diff --git a/tail.nix b/tail.nix index acdd2bb..8f67616 100644 --- a/tail.nix +++ b/tail.nix @@ -1,7 +1,7 @@ { config, ... }: { services.tailscale = { - enable =true; + enable =false; useRoutingFeatures = "both"; extraUpFlags = [ "--advertise-exit-node" From 77f95e8f846e46b38359b2d289fd3bb2c9321a57 Mon Sep 17 00:00:00 2001 From: admin Date: Tue, 2 Apr 2024 19:24:26 +0200 Subject: [PATCH 08/14] disable tailserve of filebrowser --- filebrowser.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/filebrowser.nix b/filebrowser.nix index 5d346c6..2381a7f 100644 --- a/filebrowser.nix +++ b/filebrowser.nix @@ -19,7 +19,7 @@ in }; systemd.services.tailBrowser = with pkgs; { - enable = true; + enable = false; description = "serve via tailscale filebrowser"; wantedBy = [ "multi-user.target" ]; unitConfig = { From a39578fea0672bd96056aeeb4ec57b229c3b7b1f Mon Sep 17 00:00:00 2001 From: admin Date: Tue, 2 Apr 2024 19:25:00 +0200 Subject: [PATCH 09/14] enable nextcloud --- flake.nix | 2 +- nextcloud.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index 6e2c5e1..2dd0193 100644 --- a/flake.nix +++ b/flake.nix @@ -19,7 +19,7 @@ ./audiobooks.nix ./tunnel.nix ./forgejo.nix - # ./nextcloud.nix + ./nextcloud.nix ./jellyfin.nix ./filebrowser.nix ./tail.nix diff --git a/nextcloud.nix b/nextcloud.nix index c501a7c..7121984 100644 --- a/nextcloud.nix +++ b/nextcloud.nix @@ -17,8 +17,8 @@ in services = { nginx.virtualHosts = { ${domain} = { - # forceSSL = true; - # enableACME = true; + forceSSL = true; + enableACME = true; # Use DNS Challenege. # acmeRoot = null; }; From 11d08b6bf6b21210fe49f2f028b01f635f96b808 Mon Sep 17 00:00:00 2001 From: admin Date: Tue, 2 Apr 2024 21:00:51 +0200 Subject: [PATCH 10/14] bump lock --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 10091ea..8cd04be 100644 --- a/flake.lock +++ b/flake.lock @@ -41,11 +41,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709237383, - "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=", + "lastModified": 1711703276, + "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8", + "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", "type": "github" }, "original": { From dcc5594bc93b1d2848cc49ccc9d522245de0b554 Mon Sep 17 00:00:00 2001 From: admin Date: Wed, 3 Apr 2024 12:59:00 +0200 Subject: [PATCH 11/14] fix: nextcloud --- nextcloud.nix | 53 +++++++++++++++++++++++++++++---------------------- 1 file changed, 30 insertions(+), 23 deletions(-) diff --git a/nextcloud.nix b/nextcloud.nix index 7121984..f89c008 100644 --- a/nextcloud.nix +++ b/nextcloud.nix @@ -1,19 +1,13 @@ { self, config, lib, pkgs, ... }: -let domain = "cloud.sondell.org"; +let +domain = "cloud.sondell.org"; +nextcloud = pkgs.nextcloud28; in { - # Based on https://carjorvaz.com/posts/the-holy-grail-nextcloud-setup-made-easy-by-nixos/ - # security.acme = { - # acceptTerms = true; - # defaults = { - # email = "glennpub@proton.me"; - # dnsProvider = "cloudflare"; - # # # location of your CLOUDFLARE_DNS_API_TOKEN=[value] - # # # https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#EnvironmentFile= - # environmentFile = "/REPLACE/WITH/YOUR/PATH"; - # }; - # }; + environment.systemPackages = [ + nextcloud + ]; services = { nginx.virtualHosts = { ${domain} = { @@ -29,24 +23,27 @@ in enable = true; hostName = domain; # Need to manually increment with every major upgrade. - package = pkgs.nextcloud28; + package = nextcloud; # Let NixOS install and configure the database automatically. database.createLocally = true; - # Let NixOS install and configure Redis caching automatically. - configureRedis = true; # Increase the maximum file upload size. maxUploadSize = "16G"; https = true; autoUpdateApps.enable = true; extraAppsEnable = true; + # Let NixOS install and configure Redis caching automatically. + configureRedis = true; + settings = { + maintenance_window_start = 1; + }; extraOptions = { - redis = { - # host = "/run/redis/redis.sock"; - port = 0; - dbindex = 0; - password = "secret"; - timeout = 1.5; - }; + # redis = { + # # host = "/run/redis/redis.sock"; + # port = 0; + # dbindex = 0; + # password = "secret"; + # timeout = 1.5; + # }; }; extraApps = with config.services.nextcloud.package.packages.apps; { # List of apps we want to install and are already packaged in @@ -55,7 +52,7 @@ in }; config = { overwriteProtocol = "https"; - # defaultPhoneRegion = "US"; + defaultPhoneRegion = "SE"; dbtype = "pgsql"; adminuser = "admin"; adminpassFile = "/etc/nixos/.secrets/nextadminpw"; @@ -69,4 +66,14 @@ in # startAt = "*-*-* 01:15:00"; # }; }; + # services.onlyoffice = { + # enable = true; + # port = 8123; + # }; + # services.nginx.virtualHosts."office.sondell.org" = { + # forceSSL = true; + # enableACME = true; + # locations."/".proxyPass = "http://localhost:8123"; + + # }; } From 445dd15c12c3c6bd1aac4bc4293e47a2513c2d14 Mon Sep 17 00:00:00 2001 From: admin Date: Wed, 3 Apr 2024 12:59:26 +0200 Subject: [PATCH 12/14] SSL for git server --- forgejo.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/forgejo.nix b/forgejo.nix index bc93c06..aa7e852 100644 --- a/forgejo.nix +++ b/forgejo.nix @@ -28,6 +28,8 @@ in }; services.nginx.virtualHosts.${domain} = { + enableACME = true; + forceSSL = true; locations."/" = { proxyPass = "http://localhost:3000/"; }; From 5301db0656674f97b4b76f8ab6a6615ecedba8f4 Mon Sep 17 00:00:00 2001 From: admin Date: Thu, 4 Apr 2024 13:40:20 +0200 Subject: [PATCH 13/14] homepage back up again :) --- dbg/err.log | 104 +++++++++++++++++++++++++++++++++++++++++++ dbg/nextcloud | 1 + dbg/nextcloud.cfg | 1 + dbg/nextredis.cfg | 1 + dbg/redis-nixos.conf | 1 + flake.nix | 2 +- matrix.nix | 12 ++--- nextcloud.nix | 20 ++++----- 8 files changed, 125 insertions(+), 17 deletions(-) create mode 100644 dbg/err.log create mode 120000 dbg/nextcloud create mode 120000 dbg/nextcloud.cfg create mode 120000 dbg/nextredis.cfg create mode 120000 dbg/redis-nixos.conf diff --git a/dbg/err.log b/dbg/err.log new file mode 100644 index 0000000..db91d97 --- /dev/null +++ b/dbg/err.log @@ -0,0 +1,104 @@ +apr 03 10:27:48 nixos Nextcloud[150872]: {"reqId":"pW9oiFQa0uFJNtYkN650", +"level":4, +"time":"2024-04-03T08:27:48+00:00", +"remoteAddr":"", +"user":"--", +"app":"no app in context", +"method":"", +"url":"--", +"message":"{\"Exception\":\"RedisException\", +\"Message\":\"ERR AUTH called without any password configured for the default user. Are you sure your configuration is correct?\", +\"Code\":0, +\"Trace\":[{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/RedisFactory.php\", +\"line\":123, +\"function\":\"auth\", +\"class\":\"Redis\", +\"type\":\"->\", +\"args\":[\"*** sensitive parameters replaced ***\"]}, +{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/RedisFactory.php\", +\"line\":158, +\"function\":\"create\", +\"class\":\"OC\\\\RedisFactory\", +\"type\":\"->\", +\"args\":[\"*** sensitive parameters replaced ***\"]}, +{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/Memcache/Redis.php\", +\"line\":70, +\"function\":\"getInstance\", +\"class\":\"OC\\\\RedisFactory\", +\"type\":\"->\", +\"args\":[]}, +{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/Memcache/Redis.php\", +\"line\":76, +\"function\":\"getCache\", +\"class\":\"OC\\\\Memcache\\\\Redis\", +\"type\":\"->\", +\"args\":[]}, +{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/apps/workflowengine/lib/Manager.php\", +\"line\":113, +\"function\":\"get\", +\"class\":\"OC\\\\Memcache\\\\Redis\", +\"type\":\"->\", +\"args\":[\"events\"]}, +{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/apps/workflowengine/lib/AppInfo/Application.php\", +\"line\":71, +\"function\":\"getAllConfiguredEvents\", +\"class\":\"OCA\\\\WorkflowEngine\\\\Manager\", +\"type\":\"->\", +\"args\":[]}, +{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/AppFramework/Bootstrap/FunctionInjector.php\", +\"line\":45, +\"function\":\"registerRuleListeners\", +\"class\":\"OCA\\\\WorkflowEngine\\\\AppInfo\\\\Application\", +\"type\":\"->\", +\"args\":[[\"OC\\\\EventDispatcher\\\\EventDispatcher\"], +[\"OC\\\\AppFramework\\\\DependencyInjection\\\\DIContainer\"], +[\"OC\\\\AppFramework\\\\ScopedPsrLogger\"]]}, +{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/AppFramework/Bootstrap/BootContext.php\", +\"line\":50, +\"function\":\"injectFn\", +\"class\":\"OC\\\\AppFramework\\\\Bootstrap\\\\FunctionInjector\", +\"type\":\"->\", +\"args\":[[\"Closure\"]]}, +{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/apps/workflowengine/lib/AppInfo/Application.php\", +\"line\":63, +\"function\":\"injectFn\", +\"class\":\"OC\\\\AppFramework\\\\Bootstrap\\\\BootContext\", +\"type\":\"->\", +\"args\":[[\"Closure\"]]}, +{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/AppFramework/Bootstrap/Coordinator.php\", +\"line\":200, +\"function\":\"boot\", +\"class\":\"OCA\\\\WorkflowEngine\\\\AppInfo\\\\Application\", +\"type\":\"->\", +\"args\":[[\"OC\\\\AppFramework\\\\Bootstrap\\\\BootContext\"]]}, +{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/App/AppManager.php\", +\"line\":434, +\"function\":\"bootApp\", +\"class\":\"OC\\\\AppFramework\\\\Bootstrap\\\\Coordinator\", +\"type\":\"->\", +\"args\":[\"workflowengine\"]}, +{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/App/AppManager.php\", +\"line\":213, +\"function\":\"loadApp\", +\"class\":\"OC\\\\App\\\\AppManager\", +\"type\":\"->\", +\"args\":[\"workflowengine\"]}, +{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/legacy/OC_App.php\", +\"line\":125, +\"function\":\"loadApps\", +\"class\":\"OC\\\\App\\\\AppManager\", +\"type\":\"->\", +\"args\":[[]]}, +{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/cron.php\", +\"line\":55, +\"function\":\"loadApps\", +\"class\":\"OC_App\", +\"type\":\"::\", +\"args\":[]}], +\"File\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/RedisFactory.php\", +\"Line\":123, +\"message\":\"Could not boot workflowengine: ERR AUTH called without any password configured for the default user. Are you sure your configuration is correct?\", +\"exception\":{}, +\"CustomMessage\":\"Could not boot workflowengine: ERR AUTH called without any password configured for the default user. Are you sure your configuration is correct?\"}", +"userAgent":"--", +"version":"28.0.3.2"} diff --git a/dbg/nextcloud b/dbg/nextcloud new file mode 120000 index 0000000..a9d8301 --- /dev/null +++ b/dbg/nextcloud @@ -0,0 +1 @@ +/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3 \ No newline at end of file diff --git a/dbg/nextcloud.cfg b/dbg/nextcloud.cfg new file mode 120000 index 0000000..3d49117 --- /dev/null +++ b/dbg/nextcloud.cfg @@ -0,0 +1 @@ +/var/lib/nextcloud \ No newline at end of file diff --git a/dbg/nextredis.cfg b/dbg/nextredis.cfg new file mode 120000 index 0000000..c0f2e69 --- /dev/null +++ b/dbg/nextredis.cfg @@ -0,0 +1 @@ +/var/lib/redis-nextcloud \ No newline at end of file diff --git a/dbg/redis-nixos.conf b/dbg/redis-nixos.conf new file mode 120000 index 0000000..90d4e8d --- /dev/null +++ b/dbg/redis-nixos.conf @@ -0,0 +1 @@ +/nix/store/alsv8fyd8m1j006sz7c6p8x9cn9kmz7f-redis.conf \ No newline at end of file diff --git a/flake.nix b/flake.nix index 2dd0193..5a12dc0 100644 --- a/flake.nix +++ b/flake.nix @@ -25,7 +25,7 @@ ./tail.nix ./matrix.nix ./coturn.nix - # (import ./homepage.nix {inherit homepage;}) + (import ./homepage.nix {inherit homepage;}) ]; }; diff --git a/matrix.nix b/matrix.nix index cc2d4c5..05be83b 100644 --- a/matrix.nix +++ b/matrix.nix @@ -54,9 +54,9 @@ services.postgresql = { ${fqdn} = { enableACME = true; forceSSL = true; - locations."/".extraConfig = '' - return 404; - ''; + # locations."/".extraConfig = '' + # return 404; + # ''; # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash # *must not* be used here. locations."/_matrix".proxyPass = "http://[::1]:8008"; @@ -67,9 +67,9 @@ services.postgresql = { ${domain} = { enableACME = true; forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:8008"; - }; + # locations."/" = { + # proxyPass = "http://localhost:8008"; + # }; # This section is not needed if the server_name of matrix-synapse is equal to # the domain (i.e. example.org from @foo:example.org) and the federation port # is 8448. diff --git a/nextcloud.nix b/nextcloud.nix index f89c008..20916c6 100644 --- a/nextcloud.nix +++ b/nextcloud.nix @@ -66,14 +66,14 @@ in # startAt = "*-*-* 01:15:00"; # }; }; - # services.onlyoffice = { - # enable = true; - # port = 8123; - # }; - # services.nginx.virtualHosts."office.sondell.org" = { - # forceSSL = true; - # enableACME = true; - # locations."/".proxyPass = "http://localhost:8123"; - - # }; + services.onlyoffice = { + enable = true; + port = 8123; + hostname = "office.sondell.org"; + }; + services.nginx.virtualHosts."office.sondell.org" = { + forceSSL = true; + enableACME = true; + # locations."/".proxyPass = "http://12:8123"; + }; } From 451b952b3754bc5f762bb2c28d960071c019a35a Mon Sep 17 00:00:00 2001 From: admin Date: Thu, 4 Apr 2024 15:05:25 +0200 Subject: [PATCH 14/14] init: mailserver --- flake.lock | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 8 ++++- mail.nix | 40 ++++++++++++++++++++++++ 3 files changed, 136 insertions(+), 1 deletion(-) create mode 100644 mail.nix diff --git a/flake.lock b/flake.lock index 8cd04be..daae977 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,37 @@ { "nodes": { + "blobs": { + "flake": false, + "locked": { + "lastModified": 1604995301, + "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "type": "gitlab" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -39,6 +71,29 @@ "url": "https://git.sondell.org/glennwso/home.git" } }, + "nixos-mailserver": { + "inputs": { + "blobs": "blobs", + "flake-compat": "flake-compat", + "nixpkgs": [ + "nixpkgs" + ], + "utils": "utils" + }, + "locked": { + "lastModified": 1710449465, + "narHash": "sha256-2orO8nfplp6uQJBFqKkj1iyNMC6TysmwbWwbb4osTag=", + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "rev": "79c8cfcd5873a85559da6201b116fb38b490d030", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "type": "gitlab" + } + }, "nixpkgs": { "locked": { "lastModified": 1711703276, @@ -58,6 +113,7 @@ "root": { "inputs": { "home": "home", + "nixos-mailserver": "nixos-mailserver", "nixpkgs": "nixpkgs" } }, @@ -75,6 +131,39 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1709126324, + "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "d465f4819400de7c8d874d50b982301f28a84605", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 5a12dc0..217f656 100644 --- a/flake.nix +++ b/flake.nix @@ -2,11 +2,16 @@ inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; inputs.home.url = "git+https://git.sondell.org/glennwso/home.git"; inputs.home.inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixos-mailserver = { + url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; + inputs.nixpkgs.follows = "nixpkgs"; + }; - outputs = { self, nixpkgs, home }@attrs: + outputs = { self, nixpkgs, home, nixos-mailserver}@attrs: let system = "x86_64-linux"; homepage = home.packages.${system}.default; + mailserver = nixos-mailserver.nixosModules.default; in { # replace 'joes-desktop' with your hostname here. @@ -25,6 +30,7 @@ ./tail.nix ./matrix.nix ./coturn.nix + (import ./mail.nix {inherit mailserver;}) (import ./homepage.nix {inherit homepage;}) ]; diff --git a/mail.nix b/mail.nix new file mode 100644 index 0000000..9e2d483 --- /dev/null +++ b/mail.nix @@ -0,0 +1,40 @@ +{ mailserver , ... }: +{ + imports = [ + mailserver + ]; + + mailserver = { + enable = true; + fqdn = "mail.sondell.org"; + domains = [ "sondell.org" ]; + + # A list of all login accounts. To create the password hashes, use + # cat .secrets/nextadminpw | nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' > .secrets/mailpw.hash + loginAccounts = { + "admin@sondell.org" = { + hashedPasswordFile = "/etc/nixos/.secrets/mailpw.hash"; + aliases = ["info@sondell.org"]; + }; + }; + + # Use Let's Encrypt certificates. Note that this needs to set up a stripped + # down nginx and opens port 80. + certificateScheme = "acme-nginx"; + }; + + # services.roundcube = { + # enable = true; + # # this is the url of the vhost, not necessarily the same as the fqdn of + # # the mailserver + # hostName = "webmail.sondell.org"; + # extraConfig = '' + # # starttls needed for authentication, so the fqdn required to match + # # the certificate + # $config['smtp_server'] = "tls://${mailserver.fqdn}"; + # $config['smtp_user'] = "%u"; + # $config['smtp_pass'] = "%p"; + # ''; + # }; + +}