From c6534b0fbb8800de2c101d9f5fc14ceab0838ccf Mon Sep 17 00:00:00 2001 From: halcyon <55317573+hxlcyxn@users.noreply.github.com> Date: Fri, 11 Nov 2022 21:19:50 +0100 Subject: [PATCH 1/7] add gpg and ssh keys for jonas --- keys/pgp/jonas.asc | 77 ++++++++++++++++++++++++++++++++++++++++++++++ modules/base.nix | 1 + 2 files changed, 78 insertions(+) create mode 100644 keys/pgp/jonas.asc diff --git a/keys/pgp/jonas.asc b/keys/pgp/jonas.asc new file mode 100644 index 0000000..db77ff9 --- /dev/null +++ b/keys/pgp/jonas.asc @@ -0,0 +1,77 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGNunVEBEADRAqVGhtK60adwuY6MsrULGr56R1rqnA0tH+pgvDLly7Tbravx +vtgdcQmA4ZublaGGKbOo/ECa3AASlaPT7Tan0TssYJ6gw8MxYvad5WW6gW9tYvJB +ajDklWg/TS1rBZ64W4Jiuin08cE6Jx+l7l1JDK7U2TUwMVJ1UW1hBwnXVE353dBm +HZBYwrMnCYupXdm9PY1tSY9DeoZPEBSDP4v8qHEMnm0YzW2HPaYv/gjAEYfSM/R0 +PVOyItG4K8p2D3dl23L9i+BzSKyG5P0SXMygCuE1Ua6pXPHYDdkxJFx6Kf5SyEZB +8dVflxPTgMLKZ8nlG5AaYicw4sLdC8TmiGIQDZlo6iGGjAwzykugm+B3DEG4yf43 +1VPrVJTzDyf2LImRYNKDwhZRMchY65/4RCAj5ItvQAKj6BsDgRXoZ6ml+VkCKYFC +sbUNzBq9fpAPmdhBrlZgKn0dwAO91R2QWBskqkkS1+A01EJ6Ys5fHFx1yTYtgucv +qJWnVklMHrYmeKErnfN2pttZjQLeWmigKfjx9dWgJhCWsgcSVovRFrJcAX1jF7wL +CtEwgrK/P2sJ6lYVYoId4lhbu2pncN9fDdfepzlhvtePHJGoQ1gWwCIBXTMHn9gK +qhEvAWIx1r4gXHNmBla+BXtt/1vGdWb5/WZKqwqYcuVWZI4eKUOfml7lfwARAQAB +tDNoYWxjeW9uIDw1NTMxNzU3MytoeGxjeXhuQHVzZXJzLm5vcmVwbHkuZ2l0aHVi +LmNvbT6JAk4EEwEIADgWIQSk+SvHt5IQikY5lYJ8Hy2ivJKUEgUCY26hYgIbAwUL +CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRB8Hy2ivJKUEhxeD/44LyEiR9LUpiqZ +YoUjvEJm1/WnR1g46tGPcjzpeAa11ZUK4ByES4yFT+1DMjmywloLOmvPxFj4pR5S +N17wohLYaqIQ+RjmR/73UpZo7aB1oFwzzBNnYzCrU8MvcYkmHu6WhsioO39zmLDp +s8RpyUchfWQIQQKqnwsOuZVnW1QXKCGPowaZoqcYzubcKI8LAx/OI7bcyss6Z8hV +HnNX+MkFYVjrz8tAiJDjwvlPaWEJ+5hMdavunVtgDi+K6zK+YpbSweTD0E3Z1hOI +YaLGlrpHL1Jj+4OpcYUwfaoXOIe8jYmYe87Dq2ygT3b6zxEG7KRdDCCLN6YRTDqr +CGyWYyktLClphINzTsyEpKMjqBauntahvtoiBySKwujNNr1KOGSJXTjs9RK9IZEu +F/6Fg7pnjgsarOR+nLyqGTJvbgCJGQhM76iT6KJ8Z/FoLHDgLxLUygM1ZwuoHmHK +Df7zhdNZQ1cGcJjdh4MWFsB65DA8NWHu01BIiGryB2EbM0hWSIw+OQGmo7UMK74p +57obRz+gXiHoSEmlgJ7f9EJVY21XOqKxVTmCrYLBgiAHnqlAxCiJ3Yq5CzVnllWW +8EFZbSeiMJLDreFxiM5iwlIz7hAL7UgC/QMaJSPLLnau0dfkEFh0yyo/rDFW/IBV +Sswxu0WrY1XR971JgvD2KSZpgGA5WLQHaGFsY3lvbokCTgQTAQgAOBYhBKT5K8e3 +khCKRjmVgnwfLaK8kpQSBQJjbp1RAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheA +AAoJEHwfLaK8kpQSbUIP+gKqWF4TkqDdP3QWOY3xJ5p7DsNOc1pO3uobFkLzlFd/ +bZdg3W1puC7WL1yeLsiuic0OnZukBqSQkXMRRc14TwmjYuebQAqGzXd1nfHcGdxb +bKIOUvWdn86rXpXLDL22LLZpmlel5uB2OcagSlGnzzrSx5KsK/9S4ryml+47b1eU +KRir5HtcR1gyKepLl0qGXNCYjn2ItOhYTqf6YehXiu9x6XfMOHHloGE+ttDvUkBX +NL8Twrd0n2N4UTP/WlzaNo1Mg5k5nM2lEOVqlTi5269cXsuJDHeap/fSMT74sdWU +k/3ZnCOM9oztQXZopeOHqlmkL7IxPXThBK3a8h16G8dkdkkwJdbbha3ygRcd2Hc4 +OqBi7o7q0PoRqxN+FQisPi8PrSxjDqKCS0H7Fzy2bb5Zg7dDPSS1ki7nwOp20VAy +0jnPW6HHqsP1Ik+JS4Rv/YaRDprn9UsK1HgfjagpEZxHf2sm5zm4yZ4Y8OgF4NnK +u2CRLA1eNv53hbexgNgqgLh5KgzgrIPHZZkob3E5rmw5w15fxLkXg3tHeDU++fSK +RjrCjM1FovbXbUd9BgPJqBSj3s1N2iQ+sVGAuHYPtTDuKkhtTHxlqcfvUq5LCYfv +qWjwhNAUhwACSchG5y5+MrShRnCvt4Cjx//fK7/fnH1DSDHiMET4XV55mqxoSJ/5 +tCNoYWxjeW9uIDxqb25hcy5zZWlmZXJ0MDRAZ21haWwuY29tPokCTgQTAQgAOBYh +BKT5K8e3khCKRjmVgnwfLaK8kpQSBQJjbqH+AhsDBQsJCAcCBhUKCQgLAgQWAgMB +Ah4BAheAAAoJEHwfLaK8kpQSwoEQAJJx8JNeiJeUJc9uQJWjlPwlcx6YgR4UAegf +8J9HUPu1SQVttJQEWsbOYUxGX3OVPDMlgGY8nsTmtAGHKEqwsgxgo5wI38XQVss3 +XC8TLhBiPpToK35Mh4DWrphbxEUcn86TltlWmEtUtZnTPt8aHt+0597SJq2bd59O +rNM6ywOMtDLFImLAKzgnxeEzVwHQufx56Tal7LzcP44SMVIAtqlzO+LudIQCBNhj +CYjsptxFini2JrLVVL5rQUo7ALV1eRfMTNUWZkr3MHgiEp5MIUW2qKuJsR6bP4dz +KgBCvx/lZ2nMLWeypIsDTNELHda9qU9KN/MZSP1SxJ/h/qc8ic62l3MEOXt+CxzW +ge0S5y3EXIbqcmGONJ5bDAhWx1ywTwczco7VVo0Itttg16uUS9Sy6oGTTh7W3J53 +U9y96aFThIzuEPeY45tmjxMNhQqwQFAqYVxZgB8R5D88SUKV6ysNt1wdgypFCThu +S5iQ57PcUHvZZrY+BUgN2GgBQ7zdX4MNl0ttGKgA4HVq0WY/VFS+m2E2ArBiV2kG +KjuN0r8tmi8B4etuuyI+R24rRq/ynbmEuVufZHXQUBgL3cFuID7YNQUslfodkMXL +Nhx12UYEc5bEySKfocirK1eWKNUrg0EVEXhqyYuNEqt0712yycvzQM283z7Ru4W3 +FhevoSc5uQINBGNunVEBEACeScywMTebpxo+bBPg/M48EgbSM0eOjYd07VT80QnD +EJJI6SLM+BLGCpnx5l8IjLDnjCy+sAFYw5W9R6fe2DZCOkY4PFxxN2mQm/pUip1r +2JF5USE3QrUCMBBIHYpaDqurCGKMQYjtmQshcvttPRhXeSjEMKMu+KhiTFTezHAb +77y5K7k/0GpUvJCgbXE1GipJSWcT1xopvVC2FnEtE1ix2Ugd6GPF39hRD9gfYQGh +u3bFWIub9zprUQwck7VEVgXP7N8fPutVtSi/dkFlBxm2S0Trov/Gs9C1OshcUwlC +us+HviepXma6nW/idjMfqLpcw6Q7R06gxfPmKsta1g8p4Xs+T5r5oapeyG4bRHnT +EdE8fdVGopa3r2JFemWeNL0RYFY00FGu9AE7zzutvVI9YgMXQdGzG5F1trEz+L9I +b8+a7PRSi3dUliO1LuWeOosxDGbZOJjZI85/MabFaadulil5O2PBgtoaCNphC+fn +6nW6IitDoDIRuDqtzrYbpCq+WpJHninbohykXsr9owNQ2iS067CtYq1B4fqu7dsT +b8Kn0OUAqreuFV6VvWbkauJOh4lt1XHTK7mthRWWW9LlOTND5OViy1TPDJpkTGEl +HD+2JwCCr/B5PeRDA7n/Odw+BHKUMNsRzxlyusyZalCBZRCeSGbBFT3AeiQL80ET +xQARAQABiQI2BBgBCAAgFiEEpPkrx7eSEIpGOZWCfB8torySlBIFAmNunVECGwwA +CgkQfB8torySlBLGDg//ROPDDuk8YVdmT9I2A057SQB6tkvXEvIE3u7sNsUjgsmv +oGc6BKYSC2yVUMyagZz7Mm64oMmvwSG/9ctI+1R4mhhlGgsPlrhzfMDWzm6OBRkB +XtpPsIcotNNYeEdydCdvK2XOJJ4hp9QGG0vsnuiSQL52ZM8j+A7a3NGRoDFtQ/2E +uB+AHpbbOu1avp5bNpmCBfbxl+upNDBP5er2OlyfTbaBSf8Z20dwLeXJJsb3AlED +eU3XUspAI0UsvUo1QLFWBv/MVU/Ryyqz2B4KMC9I1bRYLdaKaEtxIgQVT+cRwr0B +zwJc6+IewtQO1EjSSrkZxJSaZK7Jb600aiz3skRurQrpY+UoP9yAk7i4q1tJDNiR +t3QH2C4RwuWymhy8JlvVHKeo3KxEtJ0+3BKPnSyB9FNFELj8Mg1i+8mFCDVANUB/ +mdbg+Jhpw9fBWq0B/qi5NcLq2GDWqxPEgRbX5Kc/PfY95DcBeWWAJ4wiZqalN49X +Wa6gstiQIvsxbKHnx8qoti1YRbnpHOqUYk41P2FLmREgaj1LVQRdL5A+4+NoXhdk +a7pC8jX+egWoP36wcbjb2DJsYWiYwbjYKeOxSZOFUT+Cb7iaCGf2KuIoh/tZ5NJ8 +e5l0MwK1U6XpKTap1NF8WhoIge3lcQt/BH3cTdM+1CkQyTqtuHok6WAVqwgTa5Q= +=Fs3l +-----END PGP PUBLIC KEY BLOCK----- diff --git a/modules/base.nix b/modules/base.nix index 35e1f10..d991d85 100755 --- a/modules/base.nix +++ b/modules/base.nix @@ -30,6 +30,7 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA0X6L7NwTHiOmFzo8mJBCy6H+DKUePAAXU4amm32DAQ fugi@arch" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHD1ZkrAmC9g5eJPDgv4zuEM+UIIEWromDzM1ltHt4TM fugi@macbook" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBtP2ltExnQL5llOvfSKp6OCZKbPWsa2s6P0i00XyrH helene_emilia.hausmann@mailbox.tu-dresden.de" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEXMHwy4AZ9B4pMRBa/P/rb7N3SCas9e7Lp89plTHdFS halcyon@eisvogel.moe" ]; keyFiles = [ ../keys/ssh/marcus-sapphire -- 2.44.2 From 974f936915764cea9ced276de729ef8d04c0a63d Mon Sep 17 00:00:00 2001 From: tenksom <102464707+tenksom@users.noreply.github.com> Date: Mon, 14 Nov 2022 13:01:41 +0100 Subject: [PATCH 2/7] Add files via upload pgp key for joachim --- keys/pgp/joachim.asc | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 keys/pgp/joachim.asc diff --git a/keys/pgp/joachim.asc b/keys/pgp/joachim.asc new file mode 100644 index 0000000..91b862e --- /dev/null +++ b/keys/pgp/joachim.asc @@ -0,0 +1,14 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEY2pTLBYJKwYBBAHaRw8BAQdAcx6u70TFOfOFTWrGaorv7vSOFDTBpQ5z/1+g +y7dsHGC0JUpvYWNoaW0gU3RyYW1rZSA8am9hY2hpbUBzdHJhbWtlLmNvbT6ImQQT +FgoAQRYhBLGhYBG4a6y1attxPbcSA50jEzZhBQJjalMsAhsDBQkDw5wEBQsJCAcC +AiICBhUKCQgLAgQWAgMBAh4HAheAAAoJELcSA50jEzZhYcwA/3mpekeMVRQt5VfF +oyxMVumf6lzkqKUrKcxIOEa7M+4OAQDLeWd9IUFahGrwdNjRPv+KWJHUDyPgaHPA +cBLWUYjSB7g4BGNqUywSCisGAQQBl1UBBQEBB0CR3xJzMNpmRcNdWqRbGxv8hgXf +PwlOWa8ApxuP2iuoFAMBCAeIfgQYFgoAJhYhBLGhYBG4a6y1attxPbcSA50jEzZh +BQJjalMsAhsMBQkDw5wEAAoJELcSA50jEzZhXeoA/3B6i7k36nMQlL1v2/rN4gQJ +2Rneetr36gEMFzf2k4G6AQC9nlNEiQY7Vp16PnxJJYTalNpNpMbaJ54c37A4VrgD +Dg== +=5V3N +-----END PGP PUBLIC KEY BLOCK----- -- 2.44.2 From fffb561b5b0f4ced0f82d20ce414d10d36e841f4 Mon Sep 17 00:00:00 2001 From: tenksom <102464707+tenksom@users.noreply.github.com> Date: Mon, 14 Nov 2022 15:22:59 +0100 Subject: [PATCH 3/7] Create joachim --- keys/ssh/joachim | 1 + 1 file changed, 1 insertion(+) create mode 100644 keys/ssh/joachim diff --git a/keys/ssh/joachim b/keys/ssh/joachim new file mode 100644 index 0000000..dcf3458 --- /dev/null +++ b/keys/ssh/joachim @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9akyIw74vwJ+8NM7um8NhTcMO7okD46jYkodHTLYe6Oj7QR/kHZD3VEu5Wy7mN33av0Pr6gqeqzPBmn1kxa+J0FnD83rjm989Z9mKbpjt1EtAd9WSlx1MmixHCSgTvHezaiUHmikWdUK3XLITZeGOM3fyDDV5Nqm1rvg5PMV2mAMP9j8T2RsWweGUgcoE8RIfH4WA6t1ZhP4Px01UWozFadeQ6qRG8hMfq3gWKC9lGLAlgUHqpUuNVJ8I45znR/UhrR+h4VF0mkCYFM3JP0z+o/KwDTfcLlRCMxcY3rpRvbrhmgkqHuPTqwQfiBxTyZvWb2IeCkKVFAk0WmFb1M4Elnk+tJrF2G7yzpyRNilin8/P7pQk7M3BAY2m1iZA6u7cBUxWFbzRqRluRR8R+HAk9hqjtr0XmMifq0K7ZX31u48Ss/lgNXa2KHHYeI79++mfELhIhNXAznkhIAT1PhRKeL12RtDVjzfEd1JbHR8hE1L/n0K3Hyfzw/bJXBAwJJ8= joach@DESKTOP-FOASM6G -- 2.44.2 From 6f3bdbc4568d3cff04cd1ea21d69d6779b028061 Mon Sep 17 00:00:00 2001 From: Lucas Fugmann Date: Fri, 18 Nov 2022 17:00:20 +0100 Subject: [PATCH 4/7] add nextcloud config --- flake.lock | 14 ++++----- flake.nix | 3 +- modules/hedgedoc.nix | 4 +-- modules/nextcloud.nix | 66 +++++++++++++++++++++++++++++++++++++++++++ secrets/quitte.yaml | 6 ++-- secrets/test.yaml | 6 ++-- 6 files changed, 83 insertions(+), 16 deletions(-) create mode 100644 modules/nextcloud.nix diff --git a/flake.lock b/flake.lock index ce513b7..18a7033 100644 --- a/flake.lock +++ b/flake.lock @@ -87,18 +87,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1662496411, - "narHash": "sha256-BLzFzRQewnmzdCrcOv2f+IYQI9iY25MXBmJWHoxWynY=", - "owner": "revol-xut", + "lastModified": 1668650906, + "narHash": "sha256-JuiYfDO23O8oxUUOmhQflmOoJovyC5G4RjcYQMQjrRE=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "6d2d09e50ba9d12b80ed1c3be844f1d120e02682", + "rev": "3a86856a13c88c8c64ea32082a851fefc79aa700", "type": "github" }, "original": { - "owner": "revol-xut", - "ref": "nixos-22.05", - "repo": "nixpkgs", - "type": "github" + "id": "nixpkgs", + "type": "indirect" } }, "root": { diff --git a/flake.nix b/flake.nix index 087bed7..2149789 100755 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,5 @@ { inputs = { - nixpkgs.url = github:revol-xut/nixpkgs/nixos-22.05; - #nixpkgs.url = github:revol-xut/nixpkgs/master; sops-nix.url = github:Mic92/sops-nix; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; fsr-infoscreen.url = github:fsr/infoscreen; @@ -64,6 +62,7 @@ ./modules/hedgedoc.nix ./modules/wiki.nix ./modules/stream.nix + ./modules/nextcloud.nix { sops.defaultSopsFile = ./secrets/quitte.yaml; } diff --git a/modules/hedgedoc.nix b/modules/hedgedoc.nix index 501b0d9..f85d2a7 100644 --- a/modules/hedgedoc.nix +++ b/modules/hedgedoc.nix @@ -19,7 +19,7 @@ in hedgedoc = { enable = true; - configuration = { + settings = { port = 3002; domain = "${domain}"; protocolUseSSL = true; @@ -44,7 +44,7 @@ in enableACME = true; forceSSL = true; locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.hedgedoc.configuration.port}"; + proxyPass = "http://127.0.0.1:${toString config.services.hedgedoc.settings.port}"; proxyWebsockets = true; }; }; diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix new file mode 100644 index 0000000..7722c91 --- /dev/null +++ b/modules/nextcloud.nix @@ -0,0 +1,66 @@ +{ config, pkgs, lib, ... }: +let + domain = "nc.quitte.fugi.dev"; +in +{ + sops.secrets = { + postgres_nextcloud = { + owner = "nextcloud"; + group = "nextcloud"; + }; + nextcloud_adminpass = { + owner = "nextcloud"; + group = "nextcloud"; + }; + }; + + services = { + postgresql = { + enable = true; + ensureUsers = [ + { + name = "nextcloud"; + ensurePermissions = { + "DATABASE nextcloud" = "ALL PRIVILEGES"; + }; + } + ]; + ensureDatabases = [ "nextcloud" ]; + }; + + nextcloud = { + enable = true; + package = pkgs.nextcloud25; + hostName = "${domain}"; + https = true; + phpExtraExtensions = all: [ + all.ldap + ]; + config = { + dbtype = "pgsql"; + dbuser = "nextcloud"; + dbhost = "/run/postgresql"; + dbname = "nextcloud"; + dbpassFile = config.sops.secrets.postgres_nextcloud.path; + adminpassFile = config.sops.secrets.nextcloud_adminpass.path; + adminuser = "root"; + }; + }; + + nginx = { + recommendedProxySettings = true; + virtualHosts = { + "${domain}" = { + enableACME = true; + forceSSL = true; + }; + }; + }; + }; + + # ensure that postgres is running *before* running the setup + systemd.services."nextcloud-setup" = { + requires = ["postgresql.service"]; + after = ["postgresql.service"]; + }; +} diff --git a/secrets/quitte.yaml b/secrets/quitte.yaml index e43d2e7..2657cef 100644 --- a/secrets/quitte.yaml +++ b/secrets/quitte.yaml @@ -1,5 +1,7 @@ postgres_keycloak: ENC[AES256_GCM,data:Vi0NLjpYDvFGIYYL/VPdgOqAS51KXQynBFlBjK64elU=,iv:JY65V7b8zWSX4aNEK5pD7iyxnqIr8jexcG3pIBNbmvg=,tag:auDyPClH1VbWbFoWWK5E9w==,type:str] postgres_hedgedoc: ENC[AES256_GCM,data:VCoWXZbNGWfmorTNZRFWkDUp0B5JMmsA+bJFVrUREj0=,iv:fnSs3FOgmFn5/BqKTODpwIq023ZRMF8s/JiDyf2ZqkE=,tag:oit5sHf6QffhYYi/WJk5SQ==,type:str] +postgres_nextcloud: ENC[AES256_GCM,data:Lv0Ld3sf+hoUE2qrsf9qGSYf5aVLqm5GIbK2hEoR5Uc=,iv:/4hqMV42J37byJgZZGhMqsHNtutikcXhun2uk2HhsHY=,tag:+L4scIHq2nopBlr64KJgjA==,type:str] +nextcloud_adminpass: ENC[AES256_GCM,data:EMvcFOGJz45P4nvJ5Yy4SziWa2pUWBqt4ZZdde6wegk=,iv:tG9bhB7HPprZMnfV/uC/v7fqmjQd5d4Oj5avOtK2/0A=,tag:8jBDpnahwQsXsD2Ivf6jDw==,type:str] hedgedoc_session_secret: ENC[AES256_GCM,data:uz7KggZqeZ2eqiCnOcnYh2I1p5BBXTQbC8PUhB2kM2U=,iv:aJDHKCPkccCT/OF6AGZMfRESNmoV9muGHbuCUfLQhH8=,tag:uEVXylpE8MSebqRr+4mQOw==,type:str] wg-seckey: ENC[AES256_GCM,data:NHk6E5uu3CshC/0//LoGk6iCGKWbx49wVVkjoMqF19gc7MhdHAn9aJD+0Zc=,iv:N3PuU7+QSW9aD0ZhTI7CmMI3drLIzO7XaW3mgEDp/sk=,tag:fxH4eRIboy9O15oul7JOTw==,type:str] mediawiki: @@ -21,8 +23,8 @@ sops: N3R3emp1d0Z1OEZIU082Q2VXWHRLSVkKkw6L/Zm17zP6Ej0KCASv1uSibzDCG2Zp 22lr2Kw6qIgQn1zO8wEpgHMfiJMImMgon/EWpozz/De0C/xOWgYprg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-10-01T12:32:58Z" - mac: ENC[AES256_GCM,data:s0Fj8NhTEer1evxhlXU1sAuzZjHvw+tHFJdwRCrzc5ux/JQUjGGVzEH3fbdIX41PXEhKVi64J3EJCmLfPhXOrY7idGtEyzDOfny+mswbdo6tfAn/P+G+uNw96qXh3Msq+SwDnzWuhjPYfoXX9Ku5m9rYS/qodq+huKrxV6pfu8Q=,iv:0YBxmSC5CiPO2xk65sKP8+itp3xTjQRq0t845XFpGF0=,tag:F58Iz3cteXRNpj+Jtnnoqw==,type:str] + lastmodified: "2022-11-18T15:28:28Z" + mac: ENC[AES256_GCM,data:+o08gLLG3tz9uheJOMeKWtdvcRjgdcpOFUjSW3sHdFWC/FM5dcwDgBAtTO3/pPB6+e//SfpZgIWq1EASpgChPmE61K0U1lnYK/5gBY1QMDZ9tLgl8VjQ1ShVSeTL/dLWopBEVeDT0cR8jhJ+MIaVTEzMLK8I2qn/LaZqEktMPSg=,iv:N5TPSuijpULToU4EoZ7P6bL0sMZ1Jfu10Jxmnpzh4Ec=,tag:UIHIM+CMNS70ivKtEzbR3w==,type:str] pgp: - created_at: "2022-11-18T15:05:14Z" enc: | diff --git a/secrets/test.yaml b/secrets/test.yaml index effc1c5..6e56e70 100644 --- a/secrets/test.yaml +++ b/secrets/test.yaml @@ -1,5 +1,7 @@ postgres_keycloak: ENC[AES256_GCM,data:dHuqrGcrJUE5GZhhWG5a4Ko=,iv:bvbyDXhkovtX5BQKw36WTGyUl3KR0Df2fB5qmMWbqqU=,tag:95XJCjKJjrITsHXK8ABF6A==,type:str] postgres_hedgedoc: ENC[AES256_GCM,data:XWbf3F1b00RBFS9NXytzVkQ=,iv:dTbRUncYKsqOh0y0MTEJCpPcwfvROkIiO8v9OxZiHPU=,tag:YUxAkmbYKbGdGbIMS/8mOw==,type:str] +postgres_nextcloud: ENC[AES256_GCM,data:ySjpkMh1/6JuU2JwjlJcXh0D,iv:7CWZPjX7NZt4v1V3vbm42Iw7glz5/9F4TK9GUqTNsl8=,tag:701TSuhzyR4AnDHB4bG48Q==,type:str] +nextcloud_adminpass: ENC[AES256_GCM,data:G3FcJIAl0HmpCu4JAXQOZPmWCg==,iv:Bgk7j3EfD9a73hDe93hpzH2uZUcssgVPMxr3nEWvUvQ=,tag:ngBZEBSQHBlWr62dcQdvHA==,type:str] hedgedoc_session_secret: ENC[AES256_GCM,data:wi2hWcIAU2u2t0hJkSUBI5pp2T29V/M=,iv:Iph099lne6cH6V1gnobcGZl/mfJZiw1bFJMdSTiVsxE=,tag:xGI+S3Uygzmdnmd0l1kCaQ==,type:str] wg-seckey: ENC[AES256_GCM,data:wuDmkZgUzzK5,iv:sa2I3qVkXWddcZlItfmKj3K5vT10WE/knoVOaA/HrIQ=,tag:SzGnDifhyol63eQKeJevcA==,type:str] mediawiki: @@ -21,8 +23,8 @@ sops: NjZ6dDludHREWTFkdmFST08vb05MNGsKbvBFq6gn9m85fWVgrYuDDZz1uJvMYIwU NcptCTo8AVckjTNuP0z19TGt1oD+eYSe55W1hbUKJ1c7wqAys0VnkQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-11-05T11:24:00Z" - mac: ENC[AES256_GCM,data:IgW58nKqznUoWBhsI+HZD47HjJ7qF8/lS5nQ2Qg2VE7JkQgs/+AYVyMNAckjnpDtHEnK/YaFmnTfRpdQ7BMGaJtGu6TT0PR60jme82rg+iMwspSOVsAIDf9YyrjIv0rF7xwCF65p4/3TIc1OohV2GzLsAykKApMA5kqAo+UNSAs=,iv:sWURn1jmZ7myC2gEuo5BdcZn8JNSXQsopLWeOoLEpkc=,tag:E5kldjnyElfvJyilPiCYUg==,type:str] + lastmodified: "2022-11-18T15:23:26Z" + mac: ENC[AES256_GCM,data:meFon3NJLJ3E7pxGFvmol2WThaTPlPUKdRzeLnPhcLeJ2cGzj/DlnjTBmsk9hKhhTsQ4osdFo/DchId0MyV7Xi5ZmMVD0lyRZEPzguIbkg3UezRiNlosm21DpQ7Pl/yEXd02x/5kLast/Ud3zF1ZNGeGTxNriZvm5XY3KFiMCSY=,iv:oPPQnA82IbMTCsivp1fh4k9hS2keyh7Zm1C1jRkYUMU=,tag:vOkON7/N4v3yXu8kYkAEMg==,type:str] pgp: - created_at: "2022-11-18T15:05:25Z" enc: | -- 2.44.2 From 67a76a0b2e807ccdd6993b42387656637e4202c3 Mon Sep 17 00:00:00 2001 From: Lucas Fugmann Date: Fri, 18 Nov 2022 17:13:58 +0100 Subject: [PATCH 5/7] fix tabs --- modules/nextcloud.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 7722c91..180737f 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -40,8 +40,8 @@ in dbtype = "pgsql"; dbuser = "nextcloud"; dbhost = "/run/postgresql"; - dbname = "nextcloud"; - dbpassFile = config.sops.secrets.postgres_nextcloud.path; + dbname = "nextcloud"; + dbpassFile = config.sops.secrets.postgres_nextcloud.path; adminpassFile = config.sops.secrets.nextcloud_adminpass.path; adminuser = "root"; }; -- 2.44.2 From 575c1959f93a6cb37586cee40eda84817a09c6b1 Mon Sep 17 00:00:00 2001 From: revol-xut Date: Fri, 18 Nov 2022 17:15:22 +0100 Subject: [PATCH 6/7] adding ssh into base.nix --- modules/base.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/base.nix b/modules/base.nix index 3811431..8d6cc81 100755 --- a/modules/base.nix +++ b/modules/base.nix @@ -42,6 +42,7 @@ ../keys/ssh/jonasga ../keys/ssh/rouven ../keys/ssh/helene + ../keys/ssh/joachim ]; }; -- 2.44.2 From 970f1180cce812c2ac01ff1b3447a7186ea47bab Mon Sep 17 00:00:00 2001 From: Lucas Fugmann Date: Fri, 18 Nov 2022 17:40:12 +0100 Subject: [PATCH 7/7] add comments --- modules/nextcloud.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 180737f..8769369 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -30,11 +30,11 @@ in nextcloud = { enable = true; - package = pkgs.nextcloud25; + package = pkgs.nextcloud25; # Use current latest nextcloud package hostName = "${domain}"; - https = true; + https = true; # Use https for all urls phpExtraExtensions = all: [ - all.ldap + all.ldap # Enable ldap php extension ]; config = { dbtype = "pgsql"; @@ -47,6 +47,7 @@ in }; }; + # Enable ACME and force SSL nginx = { recommendedProxySettings = true; virtualHosts = { -- 2.44.2