diff --git a/secrets/bread-dcbot.age b/secrets/bread-dcbot.age index e65c88b..81ae673 100644 Binary files a/secrets/bread-dcbot.age and b/secrets/bread-dcbot.age differ diff --git a/secrets/default.nix b/secrets/default.nix index eb03533..b2ffdcc 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -42,9 +42,5 @@ in { file = ./immich-oidc.age; owner = abstrServiceUser "immich"; }; - nextcloud-admin-pass = mkIf server { - file = ./nextcloud-admin-pass.age; - owner = "nextcloud"; - }; }; } diff --git a/secrets/nextcloud-admin-pass.age b/secrets/nextcloud-admin-pass.age deleted file mode 100644 index 23c404a..0000000 --- a/secrets/nextcloud-admin-pass.age +++ /dev/null @@ -1,17 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 GQzYWA Njcl+VZAFcfupb9luHQjSAzzPar8k0G0WVU8EtS37EY -8IPsa1mz7qpxOmzXRNCwcp2KsBH45nM6M4D5vm1BgE8 --> ssh-ed25519 MfR7VA WjSU/1VNHqylcPlaB+5FIyY879kQy/c+AyfdHrt6Xyo -KIDdbbNcy+DQ9q+Eo8dzxDMlq8vR8XeKvRps+/ghe+E --> ssh-ed25519 +cvRTg eEExK1tU/S//HUL4x0SsJw8taRdOgLnOntUlpqVvMwk -7pB4ROtshkMGw/D4mkVdi7a3vYGoIyCodSCsKcplTws --> ssh-ed25519 WCPLrA dNpd63ZB4ZlsgMlvdPeiW8VguhPkgRjCBor66cTAq1Q -IFSbLiZs8QBAqruyV3Zuoe6iE5ctW4Aw+8ipQ/5rUGM --> ssh-ed25519 7/ziYw asgAI0TYuK4irNyoq/WFVCBrWC7NIJU5S4HQEfqEWTA -YoCVz1GzZ+swKb/qT+hhnTy3/mcBDFkaHAomzyApY6I --> ssh-ed25519 VQy60Q 3XY6OcWrf3ZmXJNMo0tPrXofyjNtvt9VQaewkDZymTs -+JLpflAACxg6Esvq43FedOs56BuGa/6usymtfZl96nI ---- 4dcH0MunNPsvsrUmFGYIgSMsgS2BNluJOa9ZmgZro6k -Ød+ -Tðß -5òB}¢GÊkKÐ9Èšžqû$(q`†u$¶ù“»êÿ“Hˆ¦gC!÷ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 72393aa..df90563 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -22,5 +22,4 @@ in { "zitadel-key.age".publicKeys = keys; "forgejo-mailpass.age".publicKeys = keys; "immich-oidc.age".publicKeys = keys; - "nextcloud-admin-pass.age".publicKeys = keys; } diff --git a/system/server/default.nix b/system/server/default.nix index 7319695..c6ac1c8 100644 --- a/system/server/default.nix +++ b/system/server/default.nix @@ -10,7 +10,6 @@ ./matrix.nix ./temp.nix ./zitadel.nix - ./nextcloud.nix ]; options.niksos.server = lib.mkEnableOption "server servcies (such as caddy)."; #TODO: per service option. } diff --git a/system/server/derekBot.nix b/system/server/derekBot.nix index c71da3d..4c5791f 100644 --- a/system/server/derekBot.nix +++ b/system/server/derekBot.nix @@ -53,7 +53,7 @@ in { cd "${programDir}" git fetch - git reset --hard origin/HEAD + git reset --hard HEAD DENO_DIR=${denoDir} deno i ''; diff --git a/system/server/nextcloud.nix b/system/server/nextcloud.nix deleted file mode 100644 index 4bfa5bf..0000000 --- a/system/server/nextcloud.nix +++ /dev/null @@ -1,113 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - inherit (config.niksos) server; - host = "cloud.jsw.tf"; - nginxRoot = config.services.nginx.virtualHosts.${host}.root; - fpmSocket = config.services.phpfpm.pools.nextcloud.socket; -in { - config = lib.mkIf server { - users.groups.nextcloud.members = ["nextcloud" "caddy"]; - services = { - nextcloud = { - enable = true; - hostName = host; - - # Need to manually increment with every major upgrade. - package = pkgs.nextcloud31; - - database.createLocally = true; - configureRedis = true; - - maxUploadSize = "16G"; - https = true; - - autoUpdateApps.enable = true; - extraAppsEnable = true; - extraApps = with config.services.nextcloud.package.packages.apps; { - # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json - inherit calendar contacts mail notes tasks; - }; - - settings = { - default_phone_region = "NL"; - enabledPreviewProviders = [ - "OC\\Preview\\BMP" - "OC\\Preview\\GIF" - "OC\\Preview\\JPEG" - "OC\\Preview\\Krita" - "OC\\Preview\\MarkDown" - "OC\\Preview\\MP3" - "OC\\Preview\\OpenDocument" - "OC\\Preview\\PNG" - "OC\\Preview\\TXT" - "OC\\Preview\\XBitmap" - "OC\\Preview\\HEIC" - ]; - }; - config = { - adminuser = "jsw-admin"; - adminpassFile = "${config.age.secrets.nextcloud-admin-pass.path}"; - dbtype = "pgsql"; - }; - }; - - nginx.enable = lib.mkForce false; - caddy.virtualHosts."${host}".extraConfig = '' - encode zstd gzip - - root * ${nginxRoot} - - redir /.well-known/carddav /remote.php/dav 301 - redir /.well-known/caldav /remote.php/dav 301 - redir /.well-known/* /index.php{uri} 301 - redir /remote/* /remote.php{uri} 301 - - header { - Strict-Transport-Security max-age=31536000 - Permissions-Policy interest-cohort=() - X-Content-Type-Options nosniff - X-Frame-Options SAMEORIGIN - Referrer-Policy no-referrer - X-XSS-Protection "1; mode=block" - X-Permitted-Cross-Domain-Policies none - X-Robots-Tag "noindex, nofollow" - -X-Powered-By - } - - php_fastcgi unix/${fpmSocket} { - root ${nginxRoot} - env front_controller_active true - env modHeadersAvailable true - } - - @forbidden { - path /build/* /tests/* /config/* /lib/* /3rdparty/* /templates/* /data/* - path /.* /autotest* /occ* /issue* /indie* /db_* /console* - not path /.well-known/* - } - error @forbidden 404 - - @immutable { - path *.css *.js *.mjs *.svg *.gif *.png *.jpg *.ico *.wasm *.tflite - query v=* - } - header @immutable Cache-Control "max-age=15778463, immutable" - - @static { - path *.css *.js *.mjs *.svg *.gif *.png *.jpg *.ico *.wasm *.tflite - not query v=* - } - header @static Cache-Control "max-age=15778463" - - @woff2 path *.woff2 - header @woff2 Cache-Control "max-age=604800" - - file_server - ''; - }; - }; -}