diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 75093ee..75ba2dd 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -1,43 +1,177 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, unstable, ... }: let dn = "staff.tfcconnection.org"; in with lib; { + # security.acme = { + # acceptTerms = true; + # # defaults = { + # # email = "chris@tfcconnection.org"; + # # # dnsProvider = "cloudflare"; + # # # location of your CLOUDFLARE_DNS_API_TOKEN=[value] + # # # https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#EnvironmentFile= + # # environmentFile = "/REPLACE/WITH/YOUR/PATH"; + # # }; + # }; services = { - caddy = { - virtualHosts = { - "${dn}".extraConfig = '' - encode gzip - reverse_proxy localhost:8080 + # caddy = { + # virtualHosts = { + # "${dn}".extraConfig = '' + # encode gzip + # reverse_proxy localhost:8080 - redir /.well-known/carddav /remote.php/dav 301 - redir /.well-known/caldav /remote.php/dav 301 - header { - Strict-Transport-Security "max-age=15768000; includeSubDomains; reload;" - Access-Control-Allow-Origin * - Referrer-Policy no-referrer-when-downgrade - } - redir /.well-known/oidc-configuration /apps/oidc/openid-configuration 301 - handle_path /whiteboard/* { - reverse_proxy http://127.0.0.1:3002 - } - ''; - }; - }; - + # redir /.well-known/carddav /remote.php/dav 301 + # redir /.well-known/caldav /remote.php/dav 301 + # header { + # Strict-Transport-Security "max-age=15768000; includeSubDomains; reload;" + # Access-Control-Allow-Origin * + # Referrer-Policy no-referrer-when-downgrade + # } + # redir /.well-known/oidc-configuration /apps/oidc/openid-configuration 301 + # handle_path /whiteboard/* { + # reverse_proxy http://127.0.0.1:3002 + # } + # ''; + # }; + # }; nextcloud = { - enable = true; f + enable = true; + hostName = dn; + home = "/storage/nextcloud"; + # Need to manually increment with every major upgrade. + package = pkgs.nextcloud31; + # Let NixOS install and configure the database automatically. + database.createLocally = true; + # Let NixOS install and configure Redis caching automatically. + configureRedis = true; + # Increase the maximum file upload size. + maxUploadSize = "25G"; + https = true; + autoUpdateApps.enable = true; + extraAppsEnable = true; + appstoreEnable = true; + extraApps = with config.services.nextcloud.package.packages.apps; { + # List of apps we want to install and are already packaged in + # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json + inherit calendar contacts collectives deck integration_openai mail groupfolders memories tasks user_oidc app_api previewgenerator richdocuments; + # Custom app example. + # socialsharing_telegram = pkgs.fetchNextcloudApp rec { + # url = + # "https://github.com/nextcloud-releases/socialsharing/releases/download/v3.0.1/socialsharing_telegram-v3.0.1.tar.gz"; + # license = "agpl3"; + # sha256 = "sha256-8XyOslMmzxmX2QsVzYzIJKNw6rVWJ7uDhU1jaKJ0Q8k="; + # }; + }; + settings = { + overwriteProtocol = "https"; + default_phone_region = "US"; + trusted_domains = [ dn ]; + trusted_proxies = [ "127.0.0.1" ]; + }; + config = { + dbtype = "pgsql"; + adminuser = "admin"; + adminpassFile = "/post"; + }; + notify_push = { + enable = true; + }; + # Suggested by Nextcloud's health check. + phpOptions."opcache.interned_strings_buffer" = "16"; }; }; + services.nginx.virtualHosts.${dn} = { + forceSSL = true; + enableACME = true; + }; + services.phpfpm.pools.nextcloud.settings = { + "listen.owner" = config.services.nginx.user; + "listen.group" = config.services.nginx.group; + }; + # users.users.caddy.extraGroups = [ "nextcloud" ]; + users.users.chris.extraGroups = [ "nextcloud" ]; + systemd.services.phpfpm-nextcloud.serviceConfig.StateDirectoryMode = + lib.mkForce "0770"; + + environment.systemPackages = with pkgs; [ - nextcloud_package + nextcloud31 # for nextcloud memories unstable.exiftool unstable.exif ffmpeg_6 nodejs_20 - unstable.perl536Packages.ImageExifTool + unstable.perl540Packages.ImageExifTool ]; + + + + #Collabora Containers + virtualisation.oci-containers.containers.collabora = { + image = "docker.io/collabora/code:latest"; + ports = [ "9980:9980/tcp" ]; + environment = { + server_name = "office.tfcconnection.org"; + aliasgroup1 = "https://staff.tfcconnection.org:443"; + dictionaries = "en_US"; + username = "username"; + password = "password"; + extra_params = "--o:ssl.enable=false --o:ssl.termination=true"; + }; + extraOptions = [ + "--pull=newer" + ]; + }; + + #Collabora Virtual Hosts + services.nginx.virtualHosts.${config.virtualisation.oci-containers.containers.collabora.environment.server_name} = { + enableACME = true; + forceSSL = true; + + extraConfig = '' + # static files + location ^~ /browser { + proxy_pass http://127.0.0.1:9980; + proxy_set_header Host $host; + } + + # WOPI discovery URL + location ^~ /hosting/discovery { + proxy_pass http://127.0.0.1:9980; + proxy_set_header Host $host; + } + + # Capabilities + location ^~ /hosting/capabilities { + proxy_pass http://127.0.0.1:9980; + proxy_set_header Host $host; + } + + # main websocket + location ~ ^/cool/(.*)/ws$ { + proxy_pass http://127.0.0.1:9980; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_read_timeout 36000s; + } + + # download, presentation and image upload + location ~ ^/(c|l)ool { + proxy_pass http://127.0.0.1:9980; + proxy_set_header Host $host; + } + + # Admin Console websocket + location ^~ /cool/adminws { + proxy_pass http://127.0.0.1:9980; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_read_timeout 36000s; + } + ''; + }; } diff --git a/modules/ollama.nix b/modules/ollama.nix index c4d3f10..cd83959 100644 --- a/modules/ollama.nix +++ b/modules/ollama.nix @@ -14,17 +14,17 @@ with lib; enable = true; port = 3082; host = "0.0.0.0"; - package = unstable.open-webui.overrideAttrs { - pytestCheckPhase = false; - doCheck = false; - doInstallCheck = false; - nativeCheckInputs = []; - pythonImportsCheck = []; - passthru = {}; - disabledTests = [ - "async" - ]; - }; + # package = unstable.open-webui.overrideAttrs { + # pytestCheckPhase = false; + # doCheck = false; + # doInstallCheck = false; + # nativeCheckInputs = []; + # pythonImportsCheck = []; + # passthru = {}; + # disabledTests = [ + # "async" + # ]; + # }; }; }; } diff --git a/pkgs/base-packages.nix b/pkgs/base-packages.nix index 231de89..848e88e 100644 --- a/pkgs/base-packages.nix +++ b/pkgs/base-packages.nix @@ -21,6 +21,9 @@ btop htop smartmontools + direnv + zellij + pueue #nvtop glxinfo vulkan-tools diff --git a/system/shen/configuration.nix b/system/shen/configuration.nix index f9ab268..0255542 100644 --- a/system/shen/configuration.nix +++ b/system/shen/configuration.nix @@ -28,9 +28,10 @@ in ../../modules/base.nix # ../../modules/localai.nix ../../modules/forgejo.nix - ../../modules/ollama.nix + ../../modules/nextcloud.nix + # ../../modules/ollama.nix # ../../pkgs/server.nix - # ../../pkgs/ai.nix + # ../../pkgs/nextcloud.nix ]; networking.hostName = "shen"; # Define your hostname. @@ -50,7 +51,7 @@ in services.xserver.videoDrivers = [ "nvidia" ]; hardware = { - opengl = { + graphics = { enable = true; extraPackages = with pkgs; [ intel-media-driver @@ -58,7 +59,7 @@ in vaapiVdpau libvdpau-va-gl ]; - driSupport32Bit = lib.mkDefault true; + enable32Bit = lib.mkDefault true; }; nvidia = { @@ -66,16 +67,15 @@ in # package = config.boot.kernelPackages.nvidiaPackages.stable; modesetting.enable = true; }; + nvidia-container-toolkit.enable = true; }; # environment.variables.AMD_VULKAN_ICD = lib.mkDefault "RADV"; environment.systemPackages = with pkgs; [ cudatoolkit - my-comfyui + # my-comfyui ]; - virtualisation.docker.enableNvidia = true; - # services.samba = { # enable = true; # extraConfig = '' @@ -112,9 +112,36 @@ in # }; # }; + users.groups.${config.security.acme.defaults.group} = {}; + security.acme = { + acceptTerms = true; + defaults.reloadServices = ["nginx"]; + certs."tfcconnection.org" = { + extraDomainNames = ["*.tfcconnection.org"]; + }; + + defaults = { + # dnsResolver = "1.1.1.1"; + # webroot = null; + email = "chris@tfcconnection.org"; + group = "nginx"; + dnsProvider = "namecheap"; + environmentFile = "${pkgs.writeText "namecheap-creds" '' + NAMECHEAP_API_USER=tfcconnection + NAMECHEAP_API_KEY=52ce21e0555a4624b5aca00b9d9f56f9 + ''}"; + }; + }; + + services.nginx = { + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + }; + # CADDY services.caddy = { - enable = true; + enable = false; extraConfig = '' (matrix-well-known-header) { # Headers @@ -381,27 +408,27 @@ in }; systemd.services = { - nextcloud-cron = { - enable = true; - serviceConfig = { - Type = "oneshot"; - ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 php cron.php"; - }; - }; - nextcloud-push = { - enable = true; - serviceConfig = { - Environment = "PORT=7867"; - ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push /var/www/html/config/config.php"; - }; - }; - nextcloud-previews = { - enable = true; - serviceConfig = { - Type = "oneshot"; - ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 php occ preview:pre-generate"; - }; - }; + # nextcloud-cron = { + # enable = true; + # serviceConfig = { + # Type = "oneshot"; + # ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 php cron.php"; + # }; + # }; + # nextcloud-push = { + # enable = true; + # serviceConfig = { + # Environment = "PORT=7867"; + # ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push /var/www/html/config/config.php"; + # }; + # }; + # nextcloud-previews = { + # enable = true; + # serviceConfig = { + # Type = "oneshot"; + # ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 php occ preview:pre-generate"; + # }; + # }; nextcloud-backup = { enable = true; serviceConfig = { @@ -419,25 +446,25 @@ in }; systemd.timers = { - nextcloud-cron = { - enable = true; - partOf = ["nextcloud-cron.service"]; - timerConfig = { - OnStartupSec = "2min"; - OnUnitActiveSec = "5min"; - Unit = "nextcloud-cron.service"; - }; - wantedBy = [ "timers.target" ]; - }; - nextcloud-previews = { - enable = true; - partOf = ["nextcloud-previews.service"]; - timerConfig = { - OnCalendar = "*-*-* 00:02:30"; - Unit = "nextcloud-previews.service"; - }; - wantedBy = [ "timers.target" ]; - }; + # nextcloud-cron = { + # enable = true; + # partOf = ["nextcloud-cron.service"]; + # timerConfig = { + # OnStartupSec = "2min"; + # OnUnitActiveSec = "5min"; + # Unit = "nextcloud-cron.service"; + # }; + # wantedBy = [ "timers.target" ]; + # }; + # nextcloud-previews = { + # enable = true; + # partOf = ["nextcloud-previews.service"]; + # timerConfig = { + # OnCalendar = "*-*-* 00:02:30"; + # Unit = "nextcloud-previews.service"; + # }; + # wantedBy = [ "timers.target" ]; + # }; nextcloud-backup = { enable = true; partOf = ["nextcloud-backup.service"];