Merge branch 'master' of github.com:starr-dusT/dotfiles

provision/additional-setup.md

@@ -15,7 +15,10 @@ settings.
 
 Keys for SSH aren't automatically placed with chezmoi `secret` since it complicated
 things to much. The key for github SSH must be transferred manually from Bitwarden
-or `/run/secrets/keys/github_personal` to `~/.ssh/keys/github_personal`.
+or:
+
+- `/run/secrets/keys/github_personal` to `~/.ssh/keys/github_personal`.
+- `/run/secrets/radicale/users` to `~/.config/radicale/users`.
 
 ### Sops-nix 
 

provision/hosts/torus/configuration.nix

@@ -5,10 +5,10 @@
     ./wireguard-server.nix
     ./samba-server.nix
     ./syncthing.nix
-    ./share.nix
     ./rss.nix
     ./home-assistant
     ./gitea.nix
+    ./nextcloud.nix
   ];
 
   nix = {
@@ -115,6 +115,12 @@
       "workspace.tstarr.us" = (SSL // {
         locations."/".proxyPass = "http://localhost:5000/"; 
       });
+      "lc.tstarr.us" = (SSL // {
+        locations."/" = {
+          proxyPass = "http://localhost:8065/"; 
+          proxyWebsockets = true;
+        };
+      });
       "code.tstarr.us" = (SSL // {
         locations."/" = {
           proxyPass = "http://localhost:8443/"; 
@@ -124,13 +130,6 @@
       "plot.tstarr.us" = (SSL // {
         locations."/".proxyPass = "http://localhost:8988/"; 
       });
-      "share.tstarr.us" = (SSL // {
-        locations."/".proxyPass = "http://localhost:5001/"; 
-        extraConfig = ''
-          auth_pam  "Password Required";
-          auth_pam_service_name "nginx";        
-        '';
-      });
     };
   };
 

provision/hosts/torus/gitea.nix

@@ -18,17 +18,19 @@
   };
 
   sops.secrets = {
-    "tokens/gitea-runner" = {
+    "gitea-runner1" = {
       sopsFile = ../../secrets/secrets.yaml;
       owner = "gitea-runner";
     };
   };
   services.gitea-actions-runner.instances = {
-    native-runner = {
+    runner1 = {
       enable = true;
       url = "https://git.tstarr.us";
-      tokenFile = config.sops.secrets.gitea-runner.path;
-      name = "native-runner";
+#      tokenFile = config.sops.secrets."gitea-runner1".path;
+
+      token = "kZ8YMUInzUYkvFK7bia5191QzLPF2xh9dAtxDI8d";
+      name = "runner1";
       labels = [
         "native:host"
       ];
@@ -41,6 +43,8 @@
         gnused
         nodejs-18_x
         wget
+        gnutar
+        gzip
       ];
     };
   };

provision/hosts/torus/nextcloud.nix

@@ -0,0 +1,44 @@
+{ config, lib, pkgs, user, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    cron
+  ];
+  
+  services = {
+    nginx.virtualHosts = {
+      "cloud.tstarr.us" = {
+        forceSSL = true;
+        enableACME = true;
+      };
+    };
+
+    nextcloud = {
+      enable = true;
+      hostName = "cloud.tstarr.us";
+
+       # Need to manually increment with every major upgrade.
+      package = pkgs.nextcloud29;
+
+      # Let NixOS install and configure the database automatically.
+      database.createLocally = true;
+
+      # Let NixOS install and configure Redis caching automatically.
+      configureRedis = true;
+
+      # Increase the maximum file upload size to avoid problems uploading videos.
+      maxUploadSize = "16G";
+      https = true;
+      autoUpdateApps.enable = true;
+      settings = {
+        overwriteprotocol = "https";
+        default_phone_region = "US";
+      };
+
+      config = {
+        dbtype = "mysql";
+        adminuser = "admin";
+        adminpassFile = "/run/secrets/nextcloud/password";
+      };
+    };
+  };
+}

provision/hosts/torus/share.nix

@@ -1,22 +0,0 @@
-{ config, lib, pkgs, user, ... }:
-{
-  networking.firewall.allowedTCPPorts = [ 5001 ];
-  networking.firewall.allowedUDPPorts = [ 5001 ];
-
-  environment.systemPackages = with pkgs; [ 
-    dufs # Distinctive utility file server
-  ];
-
-  systemd.services.share = {
-    description = "Start dufs for quick sharing of files";
-    wantedBy = [ "default.target" ];
-    
-    restartIfChanged = true;
-    
-    serviceConfig = {
-      Type = "simple";
-      Restart = "always";
-      ExecStart = "${pkgs.dufs}/bin/dufs -p 5001 -A /engi/apps/dufs/share";
-    };
-  };
-}

provision/modules/desktop/browser.nix

@@ -52,10 +52,10 @@ in {
           { "toplevel_name" = "Bookmarks"; }
           { "name" = "Daily"; "children" = [
             { "url" = "https://rss.tstarr.us"; name = "Miniflux"; }
+            { "url" = "https://cloud.tstarr.us"; name = "Nextcloud"; }
             { "url" = "https://git.tstarr.us"; name = "Gitea"; }
             { "url" = "https://media.tstarr.us/web/index.html#!/home.html"; name = "Jellyfin"; }
             { "url" = "https://home.tstarr.us"; name = "Home Assistant"; }
-            { "url" = "https://share.tstarr.us"; name = "Share (dufs)"; }
             { "url" = "https://www.youtube.com/feed/subscriptions"; name = "Youtube"; }
             { "url" = "https://gmail.com/"; name = "Mail"; }
             { "url" = "https://github.com/"; name = "GitHub"; }

provision/modules/system/secrets.nix

@@ -13,6 +13,9 @@ in {
       # Keys
       secrets."keys/github_personal" = { owner = "${user}"; };
 
+      # Nextcloud password
+      secrets."nextcloud/password" = { owner = "nextcloud"; };
+
       # Wireguard secrets
       secrets."wireguard/kestrel" = { owner = "${user}"; };
       secrets."wireguard/bulwark" = { owner = "${user}"; };

provision/secrets/secrets.yaml

@@ -1,5 +1,6 @@
-tokens:
-    gitea-runner: ENC[AES256_GCM,data:aIv9cKFkRd3EX9DQenDlL8RbxlrQm52YoQhl4lpfRJVSp+TFFaMjKOw=,iv:r/1wb+bz9JqyF3FsOOq7gvD2+LP7VazfZq2FPuBltzs=,tag:AQQvyutaDoYp1MhnVkmOzA==,type:str]
+gitea-runner1: ENC[AES256_GCM,data:mS41F7iAiITBrlOsrU+r3KCXBek5maoBtrVoTLwc2xGvyyiuyt6lDQ==,iv:YqctzGA3AjCJa9kl6eJ5ILzmfQcSMeNYx1t6UiD3T00=,tag:cyyN3Orsx0qTojOdQdM4Eg==,type:str]
+nextcloud:
+    password: ENC[AES256_GCM,data:qI3PV8ybqKQ=,iv:aXQyTUQ9twlmMx3j01cfk6gy/1fAfUxjYXs5QXPUTjU=,tag:kY+lM1qGm+8OCKgDnXZwSw==,type:str]
 keys:
     github_personal: ENC[AES256_GCM,data:JQ0l0VNKjgf2yq7nZSED+6gf27ILfkvkdJkcsBLcX0K5isogtlF8Y8zI28dqLsSmriHf7L52fy3LjXDVkxXl8XupyPxJF3roeAxtj2rwXhVxMkAAEcWCaFUpa1UI5I2LIV2Ne32Ug6I5CKLlEzWXs7AImYJmmw0B6cn1hPyHJKc0I0My5A2b6LJq5J7mrJJ+PnybDNPW7QvZ0hIcqjNIXv1gcf9XMo6RU0dYnnRJaf6w/D5Nvrj15OG6oCe2C7e7O+JjgjQahUOOTlp1/5bbTW5ZDWEUxIn4llCsrkjjdKkYrCmYhQ45NLk+ZpWgXJZLgbfgc25nUOiLOoGbxO7kXienrY1y+t7/UA5AqKHj6575Iy5wN+P/XqzQ6ARkBh5Jy5gvrGFBtxcHml5J/j8ROJ9CoHmiT0jNycEll2yFcnIqAIbPqPuuu341sErFT33SMRzxKmlmyCCjaJrZB423NHqLiTA8oQ+mmkvOaE3cmuEU5oCT7OhL+RELbMNWjNOz7weNNgbt+fyy/U+VmtobLCllhRFDo0I/OFuFZ/UUqqEAAjv/NPk5V+7yCtBb9CmFROD9cG9xxx0mdkt8GHXYML7mIrCe/8ILKm3oWSVEA5w=,iv:0my7Q3Uog/nu3A3IprXuRAMTYmSv9YV1bo3BSAk2wlk=,tag:u41VgXeMBb2righhXUrPUA==,type:str]
 wireguard:
@@ -22,8 +23,8 @@ sops:
             ajM3YlJYU21PaHRyaGlUNy84RHN2SE0KAvMFdqnfV0TzfNcBdY7OvRLZrBb9uXSI
             3y50yFhYnyXtWKLQFTwjN6S5dLaZgqhaGhEQyNCQxb5RGZJDR6g7Yw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-27T05:14:56Z"
-    mac: ENC[AES256_GCM,data:vfGJ/brE7HFBvxu4HFI532Bm9QP/7xI+Doroq56JAjgT7hd9KNuhMMS+rHuHl+baGZJbPsi9QcTNGSk1dF/vgfunF8ChyCipi5sLrLze7T2xJ/IQ3o5e23gR4X3w45EcOgYRJxiuKvnI5ZzKlbGr/BadE1WjiSCynudQzqP7AeY=,iv:5P2O9VrYPA+Yczk2jpislNGEh5l68lKWJhn2ddL0BPM=,tag:sAmcc/ejokN5xoRKiVWAAw==,type:str]
+    lastmodified: "2024-06-01T06:24:06Z"
+    mac: ENC[AES256_GCM,data:Y1YgnChiZb7168RqY1jP1LTMXanOhBz9LK72/ZbKZTRf50pNIsbOyfsk377sSQ7eemvROT3gTeFtWaLlgtY2bujegPiMiHDoDoVwJGzw4uBynr6/YSjOsO1TBLcTraJUfUBebF++5DsEcOD1jql1EHZ5hL+hwaAZYo5IXuLjlw0=,iv:WHep872Z0lQTZ2gx2fz6zHWpVCniDmJ9yueUDi9I0AQ=,tag:FuSSpg0EUylWhNR7sMjwVg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1