TFC/tfc-nixos
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

working rebuild

Browse source
This commit is contained in:
Chris Cochrun 2025-05-14 23:04:41 -05:00
parent 1eca07170d
commit 256dc016c1
4 changed files with 247 additions and 83 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

182
modules/nextcloud.nix
View file

@ -1,43 +1,177 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, unstable, ... }:
let let
dn = "staff.tfcconnection.org"; dn = "staff.tfcconnection.org";
in in
with lib; with lib;
{ {
# security.acme = {
# acceptTerms = true;
# # defaults = {
# # email = "chris@tfcconnection.org";
# # # dnsProvider = "cloudflare";
# # # location of your CLOUDFLARE_DNS_API_TOKEN=[value]
# # # https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#EnvironmentFile=
# # environmentFile = "/REPLACE/WITH/YOUR/PATH";
# # };
# };
services = { services = {
caddy = { # caddy = {
virtualHosts = { # virtualHosts = {
"${dn}".extraConfig = '' # "${dn}".extraConfig = ''
encode gzip # encode gzip
reverse_proxy localhost:8080 # reverse_proxy localhost:8080
redir /.well-known/carddav /remote.php/dav 301 # redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301 # redir /.well-known/caldav /remote.php/dav 301
header { # header {
Strict-Transport-Security "max-age=15768000; includeSubDomains; reload;" # Strict-Transport-Security "max-age=15768000; includeSubDomains; reload;"
Access-Control-Allow-Origin * # Access-Control-Allow-Origin *
Referrer-Policy no-referrer-when-downgrade # Referrer-Policy no-referrer-when-downgrade
} # }
redir /.well-known/oidc-configuration /apps/oidc/openid-configuration 301 # redir /.well-known/oidc-configuration /apps/oidc/openid-configuration 301
handle_path /whiteboard/* { # handle_path /whiteboard/* {
reverse_proxy http://127.0.0.1:3002 # reverse_proxy http://127.0.0.1:3002
} # }
''; # '';
}; # };
}; # };
nextcloud = { nextcloud = {
enable = true; f enable = true;
hostName = dn;
home = "/storage/nextcloud";
# Need to manually increment with every major upgrade.
package = pkgs.nextcloud31;
# Let NixOS install and configure the database automatically.
database.createLocally = true;
# Let NixOS install and configure Redis caching automatically.
configureRedis = true;
# Increase the maximum file upload size.
maxUploadSize = "25G";
https = true;
autoUpdateApps.enable = true;
extraAppsEnable = true;
appstoreEnable = true;
extraApps = with config.services.nextcloud.package.packages.apps; {
# List of apps we want to install and are already packaged in
# https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
inherit calendar contacts collectives deck integration_openai mail groupfolders memories tasks user_oidc app_api previewgenerator richdocuments;
# Custom app example.
# socialsharing_telegram = pkgs.fetchNextcloudApp rec {
# url =
# "https://github.com/nextcloud-releases/socialsharing/releases/download/v3.0.1/socialsharing_telegram-v3.0.1.tar.gz";
# license = "agpl3";
# sha256 = "sha256-8XyOslMmzxmX2QsVzYzIJKNw6rVWJ7uDhU1jaKJ0Q8k=";
# };
};
settings = {
overwriteProtocol = "https";
default_phone_region = "US";
trusted_domains = [ dn ];
trusted_proxies = [ "127.0.0.1" ];
};
config = {
dbtype = "pgsql";
adminuser = "admin";
adminpassFile = "/post";
};
notify_push = {
enable = true;
};
# Suggested by Nextcloud's health check.
phpOptions."opcache.interned_strings_buffer" = "16";
}; };
}; };
services.nginx.virtualHosts.${dn} = {
forceSSL = true;
enableACME = true;
};
services.phpfpm.pools.nextcloud.settings = {
"listen.owner" = config.services.nginx.user;
"listen.group" = config.services.nginx.group;
};
# users.users.caddy.extraGroups = [ "nextcloud" ];
users.users.chris.extraGroups = [ "nextcloud" ];
systemd.services.phpfpm-nextcloud.serviceConfig.StateDirectoryMode =
lib.mkForce "0770";
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
nextcloud_package nextcloud31
# for nextcloud memories # for nextcloud memories
unstable.exiftool unstable.exiftool
unstable.exif unstable.exif
ffmpeg_6 ffmpeg_6
nodejs_20 nodejs_20
unstable.perl536Packages.ImageExifTool unstable.perl540Packages.ImageExifTool
]; ];
#Collabora Containers
virtualisation.oci-containers.containers.collabora = {
image = "docker.io/collabora/code:latest";
ports = [ "9980:9980/tcp" ];
environment = {
server_name = "office.tfcconnection.org";
aliasgroup1 = "https://staff.tfcconnection.org:443";
dictionaries = "en_US";
username = "username";
password = "password";
extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
};
extraOptions = [
"--pull=newer"
];
};
#Collabora Virtual Hosts
services.nginx.virtualHosts.${config.virtualisation.oci-containers.containers.collabora.environment.server_name} = {
enableACME = true;
forceSSL = true;
extraConfig = ''
# static files
location ^~ /browser {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $host;
}
# Capabilities
location ^~ /hosting/capabilities {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $host;
}
# main websocket
location ~ ^/cool/(.*)/ws$ {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/(c|l)ool {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $host;
}
# Admin Console websocket
location ^~ /cool/adminws {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 36000s;
}
'';
};
} }

22
modules/ollama.nix
View file

@ -14,17 +14,17 @@ with lib;
enable = true; enable = true;
port = 3082; port = 3082;
host = "0.0.0.0"; host = "0.0.0.0";
package = unstable.open-webui.overrideAttrs { # package = unstable.open-webui.overrideAttrs {
pytestCheckPhase = false; # pytestCheckPhase = false;
doCheck = false; # doCheck = false;
doInstallCheck = false; # doInstallCheck = false;
nativeCheckInputs = []; # nativeCheckInputs = [];
pythonImportsCheck = []; # pythonImportsCheck = [];
passthru = {}; # passthru = {};
disabledTests = [ # disabledTests = [
"async" # "async"
]; # ];
}; # };
}; };
}; };
} }

3
pkgs/base-packages.nix
View file

@ -21,6 +21,9 @@
btop btop
htop htop
smartmontools smartmontools
direnv
zellij
pueue
#nvtop #nvtop
glxinfo glxinfo
vulkan-tools vulkan-tools

123
system/shen/configuration.nix
View file

@ -28,9 +28,10 @@ in
../../modules/base.nix ../../modules/base.nix
# ../../modules/localai.nix # ../../modules/localai.nix
../../modules/forgejo.nix ../../modules/forgejo.nix
../../modules/ollama.nix ../../modules/nextcloud.nix
# ../../modules/ollama.nix
# ../../pkgs/server.nix # ../../pkgs/server.nix
# ../../pkgs/ai.nix # ../../pkgs/nextcloud.nix
]; ];
networking.hostName = "shen"; # Define your hostname. networking.hostName = "shen"; # Define your hostname.
@ -50,7 +51,7 @@ in
services.xserver.videoDrivers = [ "nvidia" ]; services.xserver.videoDrivers = [ "nvidia" ];
hardware = { hardware = {
opengl = { graphics = {
enable = true; enable = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
intel-media-driver intel-media-driver
@ -58,7 +59,7 @@ in
vaapiVdpau vaapiVdpau
libvdpau-va-gl libvdpau-va-gl
]; ];
driSupport32Bit = lib.mkDefault true; enable32Bit = lib.mkDefault true;
}; };
nvidia = { nvidia = {
@ -66,16 +67,15 @@ in
# package = config.boot.kernelPackages.nvidiaPackages.stable; # package = config.boot.kernelPackages.nvidiaPackages.stable;
modesetting.enable = true; modesetting.enable = true;
}; };
nvidia-container-toolkit.enable = true;
}; };
# environment.variables.AMD_VULKAN_ICD = lib.mkDefault "RADV"; # environment.variables.AMD_VULKAN_ICD = lib.mkDefault "RADV";
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
cudatoolkit cudatoolkit
my-comfyui # my-comfyui
]; ];
virtualisation.docker.enableNvidia = true;
# services.samba = { # services.samba = {
# enable = true; # enable = true;
# extraConfig = '' # extraConfig = ''
@ -112,9 +112,36 @@ in
# }; # };
# }; # };
users.groups.${config.security.acme.defaults.group} = {};
security.acme = {
acceptTerms = true;
defaults.reloadServices = ["nginx"];
certs."tfcconnection.org" = {
extraDomainNames = ["*.tfcconnection.org"];
};
defaults = {
# dnsResolver = "1.1.1.1";
# webroot = null;
email = "chris@tfcconnection.org";
group = "nginx";
dnsProvider = "namecheap";
environmentFile = "${pkgs.writeText "namecheap-creds" ''
NAMECHEAP_API_USER=tfcconnection
NAMECHEAP_API_KEY=52ce21e0555a4624b5aca00b9d9f56f9
''}";
};
};
services.nginx = {
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
};
# CADDY # CADDY
services.caddy = { services.caddy = {
enable = true; enable = false;
extraConfig = '' extraConfig = ''
(matrix-well-known-header) { (matrix-well-known-header) {
# Headers # Headers
@ -381,27 +408,27 @@ in
}; };
systemd.services = { systemd.services = {
nextcloud-cron = { # nextcloud-cron = {
enable = true; # enable = true;
serviceConfig = { # serviceConfig = {
Type = "oneshot"; # Type = "oneshot";
ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 php cron.php"; # ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 php cron.php";
}; # };
}; # };
nextcloud-push = { # nextcloud-push = {
enable = true; # enable = true;
serviceConfig = { # serviceConfig = {
Environment = "PORT=7867"; # Environment = "PORT=7867";
ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push /var/www/html/config/config.php"; # ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push /var/www/html/config/config.php";
}; # };
}; # };
nextcloud-previews = { # nextcloud-previews = {
enable = true; # enable = true;
serviceConfig = { # serviceConfig = {
Type = "oneshot"; # Type = "oneshot";
ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 php occ preview:pre-generate"; # ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 php occ preview:pre-generate";
}; # };
}; # };
nextcloud-backup = { nextcloud-backup = {
enable = true; enable = true;
serviceConfig = { serviceConfig = {
@ -419,25 +446,25 @@ in
}; };
systemd.timers = { systemd.timers = {
nextcloud-cron = { # nextcloud-cron = {
enable = true; # enable = true;
partOf = ["nextcloud-cron.service"]; # partOf = ["nextcloud-cron.service"];
timerConfig = { # timerConfig = {
OnStartupSec = "2min"; # OnStartupSec = "2min";
OnUnitActiveSec = "5min"; # OnUnitActiveSec = "5min";
Unit = "nextcloud-cron.service"; # Unit = "nextcloud-cron.service";
}; # };
wantedBy = [ "timers.target" ]; # wantedBy = [ "timers.target" ];
}; # };
nextcloud-previews = { # nextcloud-previews = {
enable = true; # enable = true;
partOf = ["nextcloud-previews.service"]; # partOf = ["nextcloud-previews.service"];
timerConfig = { # timerConfig = {
OnCalendar = "*-*-* 00:02:30"; # OnCalendar = "*-*-* 00:02:30";
Unit = "nextcloud-previews.service"; # Unit = "nextcloud-previews.service";
}; # };
wantedBy = [ "timers.target" ]; # wantedBy = [ "timers.target" ];
}; # };
nextcloud-backup = { nextcloud-backup = {
enable = true; enable = true;
partOf = ["nextcloud-backup.service"]; partOf = ["nextcloud-backup.service"];