From a9146bb6281cf5cdd6471bffc863a608d5221fc1 Mon Sep 17 00:00:00 2001
From: materus <materus@podkos.pl>
Date: Mon, 25 Mar 2024 19:46:18 +0100
Subject: [PATCH] waffentrager: add nextcloud, config: remove private inputs

---
 configurations/host/default.nix               |   1 -
 .../host/waffentrager/secrets/default.nix     |   1 +
 .../host/waffentrager/secrets/secrets.yaml    |   5 +-
 .../host/waffentrager/services/default.nix    |   2 +
 .../host/waffentrager/services/elements.nix   |   5 +-
 .../host/waffentrager/services/nextcloud.nix  |  59 ++++++++++++++++++
 configurations/profile/common/default.nix     |   1 +
 .../profile/common/private/default.nix        | Bin 0 -> 283 bytes
 configurations/shared/home/genHomes.nix       |   2 -
 9 files changed, 70 insertions(+), 6 deletions(-)
 create mode 100644 configurations/host/waffentrager/services/nextcloud.nix
 create mode 100644 configurations/profile/common/private/default.nix

diff --git a/configurations/host/default.nix b/configurations/host/default.nix
index 64b2f83..cc777ec 100644
--- a/configurations/host/default.nix
+++ b/configurations/host/default.nix
@@ -25,7 +25,6 @@ let
       system = arch;
       modules = [
         ./${host}
-        inputs.private.systemModule
         profiles.osProfile
         materusCfg.configInputs.sops-nix.nixosModules.sops
         (if hmAsModule then hm.nixosModules.home-manager else { })
diff --git a/configurations/host/waffentrager/secrets/default.nix b/configurations/host/waffentrager/secrets/default.nix
index 2ad9ccf..774f324 100644
--- a/configurations/host/waffentrager/secrets/default.nix
+++ b/configurations/host/waffentrager/secrets/default.nix
@@ -24,4 +24,5 @@
   sops.secrets.wireguard = { };
   sops.secrets."users/materus" = { neededForUsers = true; };
   sops.secrets.elements = { };
+  sops.secrets.nextcloud-adminpass = { };
 }
diff --git a/configurations/host/waffentrager/secrets/secrets.yaml b/configurations/host/waffentrager/secrets/secrets.yaml
index dd81d08..dca97a7 100644
--- a/configurations/host/waffentrager/secrets/secrets.yaml
+++ b/configurations/host/waffentrager/secrets/secrets.yaml
@@ -1,4 +1,5 @@
 wireguard: ENC[AES256_GCM,data:QLngCAtEa6wfRRrZwywbARhsS1oGj9+hGTlC1QV6xnRmlZLorAoftGb8jTg=,iv:rNbE0tfJKTjo0pPwfw3oKxOZmSO9PGgW/xDo9zi8lCU=,tag:ZT4mfXaToiR6SjzOwSz4HA==,type:str]
+nextcloud-adminpass: ENC[AES256_GCM,data:5vohRPEcJJ8gIRro38O73ufSYYEp1DXpBgjCPdPnMcg=,iv:STh3k5wUwx3AfSDTPCXhuXbPb3d+Vi1cAaQN2a9eW1w=,tag:Ef/Z2Idvl6575Jvs2GDJ8A==,type:str]
 elements: ENC[AES256_GCM,data:Kh6ueReXpj9h5yQ3P0qY8X1ow4RRZD9zyXZLS6DUIIVuthgqgu9dPzBc7ojnz6nXoYTHt1I2LJJKLOGQYZC+iVxXOk+QADJMPwY4NCyeZ3prgvYMghlD,iv:WFA/UQ0XDFjpbgaDEacrBxkteLitXv3CJP54ANVSJHM=,tag:M+tTpTR0alvQxvUiP2MWlA==,type:str]
 users:
     materus: ENC[AES256_GCM,data:MhPrMJ4/0oxEsFZDUKcYb3WMUWLI2ZbRTgnh1fQZG1Ly2J781jcUWtA8vVAdMBedNfWky0mDq5+KEQ/2fJNGU4IkTBvLdAqnWw==,iv:Dpl+M+x1weNIVkEsf3I/uXpG0SM6bDz+d9w7AYwn/MY=,tag:yGc1D2ODp6Te/QAztOj7yA==,type:str]
@@ -17,8 +18,8 @@ sops:
             eFN4VVdUMkVjcTVWNFdLM0xtbExLdncK6LYUufWzIcd2jFyEeZDypo0xkJQ4z91F
             ULyGxJLLWl6/inYXtxHNdxIIPfwW+5yppBAbXaOgvABi1E7tf1JZcA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-03-23T01:18:06Z"
-    mac: ENC[AES256_GCM,data:VJvZl1wOOqDkiYXJyWn1V952H0Wovt4qi/ErQ2J63seRsqD8k52KpraB44gRyuRc3AwoDjm4gSj6vkWFoSmE+RxxiR03ArscVanJOrsefDclAcp9DLlHxyVopsnmzbd5HMAt89RznCwRtbxHk+Nm22uBrBjw3Kqq4zmHAZKjAjo=,iv:1Fg0RE4td6LL2ruJmy8lTL6euK0p+R/E/dQPjrQB9cg=,tag:os41oy4Wfo/HxPi0ESaeDA==,type:str]
+    lastmodified: "2024-03-25T17:12:26Z"
+    mac: ENC[AES256_GCM,data:TQR/BiXayPQ5S2fbMNJcdjdTjPemZFFWk9aWs0HI2UDG8DDZUUhz8U0OD8qM2+h7ZZK/HGlyQH6QBOZjitTcjbXLXZFGKo/ueAvT8vaeZAgYiFjPdHOOTbtr+MvaV/Ia5CWwVD42USxU3srVkHSwxpM1J/q4Rahag7EmF6raj08=,iv:42cnWEEYr6FysEeq6o4zndqNkC9uNrOdlVO652JsmoA=,tag:vQaJ8QoX4jWKbn1bOcVAaA==,type:str]
     pgp:
         - created_at: "2024-03-21T18:15:00Z"
           enc: |-
diff --git a/configurations/host/waffentrager/services/default.nix b/configurations/host/waffentrager/services/default.nix
index 6018916..5e6ddaf 100644
--- a/configurations/host/waffentrager/services/default.nix
+++ b/configurations/host/waffentrager/services/default.nix
@@ -7,10 +7,12 @@
       ./mount-acme.nix
       ./gitea.nix
       ./nginx.nix
+      ./nextcloud.nix
     ];
   waffentragerService.elements.enable = true;
   waffentragerService.postgresql.enable = true;
   waffentragerService.mount-acme.enable = true;
   waffentragerService.gitea.enable = true;
   waffentragerService.nginx.enable = true;
+  waffentragerService.nextcloud.enable = true;
 }
\ No newline at end of file
diff --git a/configurations/host/waffentrager/services/elements.nix b/configurations/host/waffentrager/services/elements.nix
index 89dae8f..f7b4dfa 100644
--- a/configurations/host/waffentrager/services/elements.nix
+++ b/configurations/host/waffentrager/services/elements.nix
@@ -4,7 +4,7 @@
   options.waffentragerService.elements.path = lib.mkOption { default = "/var/lib/elements"; };
   options.waffentragerService.elements.uuid = lib.mkOption { default = "e32039c6-e98d-44b0-8e7d-120994bf7be1"; };
   options.waffentragerService.elements.postgresqlDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/postgresql"; };
-
+  options.waffentragerService.elements.nextcloudDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/nextcloud"; };
   config =
     let
       cfg = config.waffentragerService.elements;
@@ -24,6 +24,9 @@
         '' + lib.optionalString config.waffentragerService.postgresql.enable ''
           mkdir -p ${cfg.postgresqlDir}/${config.waffentragerService.postgresql.version}
           chown -R postgres:postgres ${cfg.postgresqlDir}
+        '' + lib.optionalString config.waffentragerService.nextcloud.enable ''
+          mkdir -p ${cfg.nextcloudDir}
+          chown -R nextcloud:nextcloud ${cfg.nextcloudDir}
         ''
 
         ;
diff --git a/configurations/host/waffentrager/services/nextcloud.nix b/configurations/host/waffentrager/services/nextcloud.nix
new file mode 100644
index 0000000..daae199
--- /dev/null
+++ b/configurations/host/waffentrager/services/nextcloud.nix
@@ -0,0 +1,59 @@
+{ materusArg, config, lib, pkgs, ... }:
+{
+  options.waffentragerService.nextcloud.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable nextcloud";
+
+  config =
+    let
+      cfg = config.waffentragerService.nextcloud;
+    in
+    lib.mkIf cfg.enable {
+      waffentragerService.elements.enable = true;
+      waffentragerService.postgresql.enable = true;
+      waffentragerService.nginx.enable = true;
+
+      sops.secrets.nextcloud-adminpass.owner = config.users.users.nextcloud.name;
+      sops.secrets.nextcloud-adminpass.group = config.users.users.nextcloud.group;
+
+      services.postgresql.ensureDatabases = [ "nextcloud" ];
+      services.postgresql.ensureUsers = [{
+        name = "nextcloud";
+        ensureDBOwnership = true;
+      }];
+      services.nextcloud = {
+        enable = true;
+        notify_push.enable = true;
+        package = pkgs.nextcloud28;
+        hostName = "waffentrager.materus.pl";
+        home = config.waffentragerService.elements.nextcloudDir;
+        config.adminuser = "master";
+        config.adminpassFile = config.sops.secrets.nextcloud-adminpass.path;
+        config.dbtype = "pgsql";
+        config.defaultPhoneRegion = "PL";
+        config.trustedProxies = [ materusArg.ips.valkyrie materusArg.ips.wireguard.valkyrie materusArg.ips.wireguard.waffentrager ];
+        extraAppsEnable = true;
+        maxUploadSize = "4G";
+        https = true;
+        enableImagemagick = true;
+        configureRedis = true;
+        webfinger = true;
+        appstoreEnable = true;
+        database.createLocally = true;
+        nginx.recommendedHttpHeaders = true;
+        extraApps = { notify_push = pkgs.nextcloud28Packages.apps.notify_push; };
+        extraOptions = {
+          mail_smtpmode = "sendmail";
+          mail_sendmailmode = "pipe";
+        };
+      };
+      services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
+        addSSL = true;
+        http2 = false;
+        sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
+        sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
+        sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
+        extraConfig = ''
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        '';
+      };
+    };
+}
diff --git a/configurations/profile/common/default.nix b/configurations/profile/common/default.nix
index 551e158..c6102de 100644
--- a/configurations/profile/common/default.nix
+++ b/configurations/profile/common/default.nix
@@ -10,6 +10,7 @@ in
   imports = [
     ./nixpkgs.nix
     ./packages
+    ./private
   ];
   options.materus.materusArg = lib.mkOption { default = { }; };
   config._module.args.materusArg = config.materus.materusArg // materusArg;
diff --git a/configurations/profile/common/private/default.nix b/configurations/profile/common/private/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..6fd09d6e24f7c2246599fba81ef663e6dee12d70
GIT binary patch
literal 283
zcmV+$0p$JwM@dveQdv+`0BS6eP0_%tXR(b=rO+*rTZy(VT@Zh%<k^>RqLtOPdi|qr
zFhPBt{%>OKblDCXVU34%&<nbV_b*ENq-p+_IWm4-2(%va+dh3DL~G^9%ECNnN2YB0
zQ+N2v<3kceh@T_ZbHbvjo5@;R#x^Bi1Uvl59?Sep%SiLt^Z;G?Cu6sQtE}iekM8aP
zs*4{7I!o263(f{o%-91T^nJHBlHG$5`I!EeGUwu2#~O*EdAFV6E0JXrl_=#27?9=x
z>pAUKh7^JZL3_dpk7YE8=FeA+0?*ub?*SJx5;U%Eh%Zto5z#hLr=tlJfSoE;J=KiX
h9?a&MhUFC)aHSA1Yk?*|nocI@<iE&Hx>K&iQPTF6itzvd

literal 0
HcmV?d00001

diff --git a/configurations/shared/home/genHomes.nix b/configurations/shared/home/genHomes.nix
index 3ecbee2..7913509 100644
--- a/configurations/shared/home/genHomes.nix
+++ b/configurations/shared/home/genHomes.nix
@@ -19,7 +19,6 @@ let
                 (materusFlake.selfPath + "/configurations/shared/home/${username}")
                 (materusFlake.selfPath + "/configurations/host/${host}/home/${username}")
                 profiles.homeProfile
-                inputs.private.homeModule
                 materusFlake.nixosConfigurations.${host}.materusCfg.configInputs.sops-nix.homeManagerModules.sops
               ];
             };
@@ -49,7 +48,6 @@ let
           modules = [
             ./${username}
             profiles.homeProfile
-            inputs.private.homeModule
             materusCfg.configInputs.sops-nix.homeManagerModules.sops
           ];
         };