6 changed files with 1 additions and 173 deletions
--- a/secrets/default.nix
+++ b/secrets/default.nix
@ -42,9 +42,5 @@ in {
      file = ./immich-oidc.age;
      owner = abstrServiceUser "immich";
    };
    nextcloud-admin-pass = mkIf server {
      file = ./nextcloud-admin-pass.age;
      owner = "nextcloud";
    };
  };
 }
--- a/secrets/nextcloud-admin-pass.age
+++ b/secrets/nextcloud-admin-pass.age
@ -1,17 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 GQzYWA Njcl+VZAFcfupb9luHQjSAzzPar8k0G0WVU8EtS37EY
 8IPsa1mz7qpxOmzXRNCwcp2KsBH45nM6M4D5vm1BgE8
 -> ssh-ed25519 MfR7VA WjSU/1VNHqylcPlaB+5FIyY879kQy/c+AyfdHrt6Xyo
 KIDdbbNcy+DQ9q+Eo8dzxDMlq8vR8XeKvRps+/ghe+E
 -> ssh-ed25519 +cvRTg eEExK1tU/S//HUL4x0SsJw8taRdOgLnOntUlpqVvMwk
 7pB4ROtshkMGw/D4mkVdi7a3vYGoIyCodSCsKcplTws
 -> ssh-ed25519 WCPLrA dNpd63ZB4ZlsgMlvdPeiW8VguhPkgRjCBor66cTAq1Q
 IFSbLiZs8QBAqruyV3Zuoe6iE5ctW4Aw+8ipQ/5rUGM
 -> ssh-ed25519 7/ziYw asgAI0TYuK4irNyoq/WFVCBrWC7NIJU5S4HQEfqEWTA
 YoCVz1GzZ+swKb/qT+hhnTy3/mcBDFkaHAomzyApY6I
 -> ssh-ed25519 VQy60Q 3XY6OcWrf3ZmXJNMo0tPrXofyjNtvt9VQaewkDZymTs
 +JLpflAACxg6Esvq43FedOs56BuGa/6usymtfZl96nI
 --- 4dcH0MunNPsvsrUmFGYIgSMsgS2BNluJOa9ZmgZro6k
 Ød+	
 Tðß
 5òB}¢GÊkKÐ9Èšžqû$(q`†u$¶ù“»êÿ“Hˆ¦gC!÷
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -22,5 +22,4 @@ in {
  "zitadel-key.age".publicKeys = keys;
  "forgejo-mailpass.age".publicKeys = keys;
  "immich-oidc.age".publicKeys = keys;
  "nextcloud-admin-pass.age".publicKeys = keys;
 }
--- a/system/server/default.nix
+++ b/system/server/default.nix
@ -10,7 +10,6 @@
    ./matrix.nix
    ./temp.nix
    ./zitadel.nix
    ./nextcloud.nix
  ];
  options.niksos.server = lib.mkEnableOption "server servcies (such as caddy)."; #TODO: per service option.
 }
--- a/system/server/index/index.html
+++ b/system/server/index/index.html
@ -76,8 +76,7 @@
    <p>Hello! I'm <b>jsw</b>, a frontend web developer with experience in <b>Svelte + TS</b>, <b>Nix(OS)</b> and currently learning <b>Rust</b>. This site is still under development, so please bear with me. In the meantime, feel free to reach out via email or explore my projects on GitHub.</p>
    <div class="contact">
        <p class="emoji">📧 <a href="mailto:info@jsw.tf">info@jsw.tf</a></p>
-        <p class="emoji">🔨 <a href="https://git.jsw.tf/jsw" target="_blank">Personal git</a></p>
+        <p class="emoji">🐙 <a href="https://github.com/jsw08" target="_blank">GitHub</a></p>
        <p class="emoji">🐙 <a href="https://github.com/jsw08" target="_blank">GitHub (legacy)</a></p>
    </div>
    <footer>
--- a/system/server/nextcloud.nix
+++ b/system/server/nextcloud.nix
@ -1,148 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }: let
  inherit (config.niksos) server;
  host = "cloud.jsw.tf";
  nginxRoot = config.services.nginx.virtualHosts.${host}.root;
  fpmSocket = config.services.phpfpm.pools.nextcloud.socket;
  imaginaryPort = 9005;
 in {
  config = lib.mkIf server {
    users.groups.nextcloud.members = ["nextcloud" "caddy"];
    services = {
      nextcloud = {
        enable = true;
        hostName = host;
        # Need to manually increment with every major upgrade.
        package = pkgs.nextcloud31;
        database.createLocally = true;
        configureRedis = true;
        maxUploadSize = "16G";
        https = true;
        autoUpdateApps.enable = true;
        extraAppsEnable = true;
        extraApps = {
          # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
          inherit
            (config.services.nextcloud.package.packages.apps)
            calendar
            contacts
            mail
            user_oidc
            phonetrack
            ;
          external = pkgs.fetchNextcloudApp {
            # https://github.com/helsinki-systems/nc4nix/blob/main/31.json #NOTE: 31.json is version.
            hash = "sha256-xVrnahqgXIXjk9gukrFgpwZiT2poUIDl83xV8hXPisw=";
            url = "https://github.com/nextcloud-releases/external/releases/download/v6.0.2/external-v6.0.2.tar.gz";
            license = "agpl3Plus";
          };
        };
        settings = {
          "auth.webauthn.enabled" = false; #INFO: We use openid baby...
          default_phone_region = "NL";
          enabledPreviewProviders = [
            "OC\\Preview\\BMP"
            "OC\\Preview\\GIF"
            "OC\\Preview\\JPEG"
            "OC\\Preview\\Krita"
            "OC\\Preview\\MarkDown"
            "OC\\Preview\\MP3"
            "OC\\Preview\\OpenDocument"
            "OC\\Preview\\PNG"
            "OC\\Preview\\TXT"
            "OC\\Preview\\XBitmap"
            "OC\\Preview\\HEIC"
            "OC\Preview\Imaginary"
          ];
          preview_imaginary_url = "http://localhost:${builtins.toString imaginaryPort}";
          preview_format = "webp";
          trusted_proxies = ["127.0.0.1"];
          maintenance_window_start = 1;
          log_type = "file";
        };
        phpOptions."opcache.interned_strings_buffer" = 24;
        config = {
          adminuser = "jsw-admin";
          adminpassFile = "${config.age.secrets.nextcloud-admin-pass.path}";
          dbtype = "pgsql";
        };
      };
      imaginary = {
        enable = true;
        port = imaginaryPort;
        address = "localhost";
        settings.returnSize = true;
      };
      nginx.enable = lib.mkForce false;
      phpfpm.pools.nextcloud.settings = let
        inherit (config.services.caddy) user group;
      in {
        "listen.owner" = user;
        "listen.group" = group;
      };
      caddy.virtualHosts."${host}".extraConfig = ''
        encode zstd gzip
        root * ${nginxRoot}
        redir /.well-known/carddav /remote.php/dav 301
        redir /.well-known/caldav /remote.php/dav 301
        redir /.well-known/* /index.php{uri} 301
        redir /remote/* /remote.php{uri} 301
        header {
          Strict-Transport-Security max-age=31536000
          Permissions-Policy interest-cohort=()
          X-Content-Type-Options nosniff
          X-Frame-Options SAMEORIGIN
          Referrer-Policy no-referrer
          X-XSS-Protection "1; mode=block"
          X-Permitted-Cross-Domain-Policies none
          X-Robots-Tag "noindex, nofollow"
          -X-Powered-By
        }
        php_fastcgi unix/${fpmSocket} {
          root ${nginxRoot}
          env front_controller_active true
          env modHeadersAvailable true
        }
        @forbidden {
          path /build/* /tests/* /config/* /lib/* /3rdparty/* /templates/* /data/*
          path /.* /autotest* /occ* /issue* /indie* /db_* /console*
          not path /.well-known/*
        }
        error @forbidden 404
        @immutable {
          path *.css *.js *.mjs *.svg *.gif *.png *.jpg *.ico *.wasm *.tflite
          query v=*
        }
        header @immutable Cache-Control "max-age=15778463, immutable"
        @static {
          path *.css *.js *.mjs *.svg *.gif *.png *.jpg *.ico *.wasm *.tflite
          not query v=*
        }
        header @static Cache-Control "max-age=15778463"
        @woff2 path *.woff2
        header @woff2 Cache-Control "max-age=604800"
        file_server
      '';
    };
  };
 }