From 0cca8b761a7484e9971eb0bcb3a86773aec5574a Mon Sep 17 00:00:00 2001 From: harry Date: Fri, 16 Aug 2024 18:46:16 +0200 Subject: [PATCH 01/29] (fix): trying stuff to avoid TOO_MANY_REDIRECTS --- features/server/caddy.nix | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/features/server/caddy.nix b/features/server/caddy.nix index 23c1aab..9dbdd2f 100644 --- a/features/server/caddy.nix +++ b/features/server/caddy.nix @@ -8,23 +8,23 @@ reverse_proxy :8083 ''; - "sisyphe.normandy.hypervirtual.world".extraConfig = '' + "http://sisyphe.normandy.hypervirtual.world".extraConfig = '' reverse_proxy :8003 ''; - "git.hypervirtual.world".extraConfig = '' + "http://git.hypervirtual.world".extraConfig = '' reverse_proxy :3333 ''; - "photos.hypervirtual.world".extraConfig = '' + "http://photos.hypervirtual.world".extraConfig = '' reverse_proxy :2342 ''; - "books.hypervirtual.world".extraConfig = '' + "http://books.hypervirtual.world".extraConfig = '' reverse_proxy :8083 ''; - "fish.hypervirtual.world".extraConfig = '' + "http://fish.hypervirtual.world".extraConfig = '' reverse_proxy :3030 ''; @@ -32,35 +32,35 @@ reverse_proxy :2342 ''; - "jellyfin.sisyphe.normandy.hypervirtual.world".extraConfig = '' + "http://jellyfin.sisyphe.normandy.hypervirtual.world".extraConfig = '' reverse_proxy :8096 ''; - "slskd.sisyphe.normandy.hypervirtual.world".extraConfig = '' + "http://slskd.sisyphe.normandy.hypervirtual.world".extraConfig = '' reverse_proxy :5030 ''; - "radarr.sisyphe.normandy.hypervirtual.world".extraConfig = '' + "http://radarr.sisyphe.normandy.hypervirtual.world".extraConfig = '' reverse_proxy :7878 ''; - "sonarr.sisyphe.normandy.hypervirtual.world".extraConfig = '' + "http://sonarr.sisyphe.normandy.hypervirtual.world".extraConfig = '' reverse_proxy :8989 ''; - "sonarr-anime.sisyphe.normandy.hypervirtual.world".extraConfig = '' + "http://sonarr-anime.sisyphe.normandy.hypervirtual.world".extraConfig = '' reverse_proxy :8999 ''; - "prowlarr.sisyphe.normandy.hypervirtual.world".extraConfig = '' + "http://prowlarr.sisyphe.normandy.hypervirtual.world".extraConfig = '' reverse_proxy :9696 ''; - "grafana.sisyphe.normandy.hypervirtual.world".extraConfig = '' + "http://grafana.sisyphe.normandy.hypervirtual.world".extraConfig = '' reverse_proxy :3000 ''; - "status.normandy.hypervirtual.world".extraConfig = '' + "http://status.normandy.hypervirtual.world".extraConfig = '' reverse_proxy :4000 ''; }; From d117a2a2eb5b44d7aa49e7cd1064f2ee88510146 Mon Sep 17 00:00:00 2001 From: harry Date: Fri, 16 Aug 2024 18:49:07 +0200 Subject: [PATCH 02/29] added libressl for transcrypt --- features/server/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/features/server/default.nix b/features/server/default.nix index cae3333..c16e275 100644 --- a/features/server/default.nix +++ b/features/server/default.nix @@ -28,5 +28,6 @@ ethtool networkd-dispatcher transcrypt + libressl ]; } From 7263636422f63dc8972f8ecfe790cfc90a40639d Mon Sep 17 00:00:00 2001 From: harry Date: Sat, 17 Aug 2024 10:35:55 +0200 Subject: [PATCH 03/29] (bug): fixed nextcloud behind reverse proxy --- .gitattributes | 1 + features/server/services/nextcloud-network.nix | 3 +++ features/server/services/nextcloud.nix | 6 ++++++ 3 files changed, 10 insertions(+) create mode 100644 features/server/services/nextcloud-network.nix diff --git a/.gitattributes b/.gitattributes index 5223e96..87c7f63 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,2 +1,3 @@ #pattern filter=crypt diff=crypt merge=crypt features/server/services/forgejo-smtp.nix filter=crypt diff=crypt +features/server/services/nextcloud-network.nix filter=crypt diff=crypt diff --git a/features/server/services/nextcloud-network.nix b/features/server/services/nextcloud-network.nix new file mode 100644 index 0000000..8ec8169 --- /dev/null +++ b/features/server/services/nextcloud-network.nix @@ -0,0 +1,3 @@ +U2FsdGVkX1/wrN9p1C5TZkO5yRPG1+/QXVUhFFBBITiR9E4MrfI/txI3iI08ffgv +XvmalsRFyxj3YWNGJt7QfyZHb+LLpVzDc7FSauYol+c7slX4S6m9CZyDJObHGmPF +pZLAP1VgPd3nT1CXkAQv4Q== diff --git a/features/server/services/nextcloud.nix b/features/server/services/nextcloud.nix index 5d45a89..1aaf097 100644 --- a/features/server/services/nextcloud.nix +++ b/features/server/services/nextcloud.nix @@ -7,6 +7,7 @@ sha256 = "0gzd0276b8da3ykapgqks2zhsqdv4jjvbv97dsxg0hgrhb74z0fs"; } }/nextcloud-extras.nix" + ./nextcloud-network.nix ]; # adding caddy support sops.secrets.adminNextcloudPass = { @@ -36,5 +37,10 @@ "OC\\Preview\\XBitmap" "OC\\Preview\\HEIC" ]; + + settings.trustedDomains = [ "cloud.hypervirtual.world" ]; + settings.overwriteprotocol = "https"; + settings.log_type = "file"; + }; } From 7dcf14e46aed78c62371c64f671270eefe8b5bb7 Mon Sep 17 00:00:00 2001 From: harry Date: Sat, 17 Aug 2024 10:38:43 +0200 Subject: [PATCH 04/29] (bug): added libressl_3_8 --- features/server/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/features/server/default.nix b/features/server/default.nix index c16e275..519f317 100644 --- a/features/server/default.nix +++ b/features/server/default.nix @@ -28,6 +28,6 @@ ethtool networkd-dispatcher transcrypt - libressl + libressl_3_8 ]; } From 64e4496a7e9a824ec8ff9041cad52d227cffeff3 Mon Sep 17 00:00:00 2001 From: harry Date: Sat, 17 Aug 2024 10:42:47 +0200 Subject: [PATCH 05/29] (bug): fixed wrong parame:q --- features/server/services/nextcloud-network.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/features/server/services/nextcloud-network.nix b/features/server/services/nextcloud-network.nix index 8ec8169..c307036 100644 --- a/features/server/services/nextcloud-network.nix +++ b/features/server/services/nextcloud-network.nix @@ -1,3 +1,3 @@ -U2FsdGVkX1/wrN9p1C5TZkO5yRPG1+/QXVUhFFBBITiR9E4MrfI/txI3iI08ffgv -XvmalsRFyxj3YWNGJt7QfyZHb+LLpVzDc7FSauYol+c7slX4S6m9CZyDJObHGmPF -pZLAP1VgPd3nT1CXkAQv4Q== +U2FsdGVkX18gq8c8sLObTxZnVycdd9qBcE6mzuVR+7ff6J7ntoPxlWdeNWTSnWiI +cVRz0XEH9+DX7EyUbuwQcDtzepoJONsGowXM6Hs+N1A5feaku0J+jGFoMtXX1kv8 +SXpR3emmKFbtNmwCqW0++DLolU9R/pdRlWFlQiABlMc= From 205fffc1177e9050ade01b6e884fc4892be63bd5 Mon Sep 17 00:00:00 2001 From: harry Date: Sat, 17 Aug 2024 10:52:30 +0200 Subject: [PATCH 06/29] (feat): even more nextcloud rules --- features/server/services/nextcloud.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/features/server/services/nextcloud.nix b/features/server/services/nextcloud.nix index 1aaf097..16bb371 100644 --- a/features/server/services/nextcloud.nix +++ b/features/server/services/nextcloud.nix @@ -20,6 +20,7 @@ database.createLocally = true; webserver = "caddy"; configureRedis = true; + https = true; config = { dbtype = "pgsql"; adminpassFile = config.sops.secrets.adminNextcloudPass.path; @@ -41,6 +42,8 @@ settings.trustedDomains = [ "cloud.hypervirtual.world" ]; settings.overwriteprotocol = "https"; settings.log_type = "file"; + settings.default_phone_region = "FR"; + phpOptions."opcache.interned_strings_buffer" = "23"; }; } From 291f193aad0e9245141da0b101838ab1a3080e98 Mon Sep 17 00:00:00 2001 From: harry Date: Sat, 17 Aug 2024 10:54:25 +0200 Subject: [PATCH 07/29] (revert): https option is useless --- features/server/services/nextcloud.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/features/server/services/nextcloud.nix b/features/server/services/nextcloud.nix index 16bb371..1bf28aa 100644 --- a/features/server/services/nextcloud.nix +++ b/features/server/services/nextcloud.nix @@ -20,7 +20,6 @@ database.createLocally = true; webserver = "caddy"; configureRedis = true; - https = true; config = { dbtype = "pgsql"; adminpassFile = config.sops.secrets.adminNextcloudPass.path; From dd5bdda886326f0a26deae5549191f5b9487d738 Mon Sep 17 00:00:00 2001 From: harry Date: Sat, 17 Aug 2024 10:57:30 +0200 Subject: [PATCH 08/29] (bug): fixed original path issue --- features/server/services/photoprism.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/features/server/services/photoprism.nix b/features/server/services/photoprism.nix index 9639d4d..502fa31 100644 --- a/features/server/services/photoprism.nix +++ b/features/server/services/photoprism.nix @@ -6,7 +6,6 @@ services.photoprism = { enable = true; port = 2342; - originalsPath = "/srv/cloud/photoprism/originals"; settings = { PHOTOPRISM_ADMIN_USER = "admin"; PHOTOPRISM_DEFAULT_LOCALE = "fr"; From 11f52d77bf8ef4d1195782013ff01fcf0c9b15dc Mon Sep 17 00:00:00 2001 From: harry Date: Sat, 17 Aug 2024 11:15:06 +0200 Subject: [PATCH 09/29] (bug): changed originalsPath --- features/server/services/photoprism.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/features/server/services/photoprism.nix b/features/server/services/photoprism.nix index 502fa31..55278b6 100644 --- a/features/server/services/photoprism.nix +++ b/features/server/services/photoprism.nix @@ -3,9 +3,14 @@ sops.secrets.photoprismAdmin = { }; sops.secrets.photoprismPassword = { }; + environment.systemPackages = with pkgs; [ + photoprism + ]; + services.photoprism = { enable = true; port = 2342; + originalsPath = "/var/lib/private/photoprism/originals"; settings = { PHOTOPRISM_ADMIN_USER = "admin"; PHOTOPRISM_DEFAULT_LOCALE = "fr"; From 5b1917598594b105cd75121116a9953cb0835673 Mon Sep 17 00:00:00 2001 From: harry Date: Sat, 17 Aug 2024 11:32:15 +0200 Subject: [PATCH 10/29] (bug): added missing file creation --- features/server/services/photoprism.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/features/server/services/photoprism.nix b/features/server/services/photoprism.nix index 55278b6..b7f2336 100644 --- a/features/server/services/photoprism.nix +++ b/features/server/services/photoprism.nix @@ -10,7 +10,8 @@ services.photoprism = { enable = true; port = 2342; - originalsPath = "/var/lib/private/photoprism/originals"; + originalsPath = "/srv/cloud/photoprism/originals"; + importPath = "/srv/cloud/photoprism/imports"; settings = { PHOTOPRISM_ADMIN_USER = "admin"; PHOTOPRISM_DEFAULT_LOCALE = "fr"; @@ -23,4 +24,9 @@ }; passwordFile = config.sops.secrets.photoprismPassword.path; }; + + systemd.tmpfiles.rules = [ + "d /srv/cloud/photoprism/originals 0755 photoprism photoprism" + "d /srv/cloud/photoprism/imports 0755 photoprism photoprism" + ]; } From bc7f6a9e4fa79d43ae5b589ec055875e2bc91de9 Mon Sep 17 00:00:00 2001 From: harry Date: Sat, 17 Aug 2024 11:34:53 +0200 Subject: [PATCH 11/29] (bug): added missing arg --- features/server/services/photoprism.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/features/server/services/photoprism.nix b/features/server/services/photoprism.nix index b7f2336..4d8cda7 100644 --- a/features/server/services/photoprism.nix +++ b/features/server/services/photoprism.nix @@ -26,7 +26,7 @@ }; systemd.tmpfiles.rules = [ - "d /srv/cloud/photoprism/originals 0755 photoprism photoprism" - "d /srv/cloud/photoprism/imports 0755 photoprism photoprism" + "d /srv/cloud/photoprism/originals 0755 photoprism photoprism -" + "d /srv/cloud/photoprism/imports 0755 photoprism photoprism -" ]; } From 8909f3fe6ea411e7bf1a5586c8ed8c60d44e9b4b Mon Sep 17 00:00:00 2001 From: harry Date: Sat, 17 Aug 2024 12:09:32 +0200 Subject: [PATCH 12/29] (feat): added users declaratively --- features/server/services/forgejo.nix | 9 ++++++++- secrets/secrets.yaml | 6 ++++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/features/server/services/forgejo.nix b/features/server/services/forgejo.nix index 9e774b3..103deac 100644 --- a/features/server/services/forgejo.nix +++ b/features/server/services/forgejo.nix @@ -1,10 +1,12 @@ -{ config, ... }: +{ config, lib, ... }: { imports = [ ./forgejo-smtp.nix ]; sops.secrets.smtp_address = { }; sops.secrets.smtp_password = { owner = "forgejo"; }; + sops.secrets.forgejoInitialMail = { }; + sops.secrets.forgejoInitialPassword = { }; services.forgejo = { enable = true; @@ -29,4 +31,9 @@ }; mailerPasswordFile = config.sops.secrets.smtp_password.path; }; + + systemd.services.forgejo.preStart = '' + create="${lib.getExe config.services.forgejo.package} admin user create" + $create --admin --email "`cat ${config.sops.secrets.forgejoInitialMail}`" --username you --password "`cat ${config.sops.secrets.forgejoInitialPassword.path}`" &>/dev/null || true + ''; } diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 456aded..38635d3 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,6 +1,8 @@ borgRepoPassword: ENC[AES256_GCM,data:pgaBumNDhis8ftypaz5MdQfY467ToUJLYUs=,iv:rE0kAaAC1NEQgCvEl7f8hnSk0N6jZOAMABrErDudRMQ=,tag:58ZlN1lseFwQFq/T2gLB2g==,type:str] photoprismAdmin: ENC[AES256_GCM,data:kSFgrZKGGMA=,iv:fFkWYgUBfCg3lVLQMTFkabQzJvJ2IsciEiyOkObOL4k=,tag:AylOeAP5Vllx/vlOKAPqsA==,type:str] photoprismPassword: ENC[AES256_GCM,data:3zUZhRZElMmpsBF4zBGz43dci2JC5bc=,iv:qj5wpKHxeu67R3KTDfyjfVbP7Hvydyh7Oxd/FY8YOg0=,tag:bCAQ57eG8CmBdF8oobo3Vg==,type:str] +forgejoInitialMail: ENC[AES256_GCM,data:kcUIZMQYl5Ast0v/,iv:g+feK0H41ufxUwGbY8euCh2+/Bz45m4CUPlHVI8yY90=,tag:n6bRu2iz/VO1y5jGxtIIwA==,type:str] +forgejoInitialPassword: ENC[AES256_GCM,data:L6moUxZbEpeNStsEM5HMSOcCURxJZ58uvdI=,iv:2rXOsQM+jgSdEawKiwFqQWK5LZXvwNbKiO+BysOtQZE=,tag:B+ZP16gFQLpZXj+WALwktg==,type:str] smtp_address: ENC[AES256_GCM,data:HjF8aPPE6FqdM09lqXLyRQ==,iv:fTgefhxOL4FJ4pKD+Lfox1a27GPlsC+QtMixVOUjQZU=,tag:ridCBcd3ZqswKswackFfTg==,type:str] smtp_password: ENC[AES256_GCM,data:mgQlrXLfLnl2nv7/cdfo0lQz02s4ccunmCJenURA5j2xjX+Ef/vQAacKYofCxCwe3lo=,iv:t1tKu6OFsboovdobb4xHhtC/Fy3R6GoFT2SkUf9Vk3s=,tag:L2cMIBg2LeEu4P1a7Z1y/Q==,type:str] matrix_data: ENC[AES256_GCM,data:VinMt0TvPACJ6iz+9nnjf9SsZhUIkRVbvYHqlpEeIhvuYmjRtnO3frJ46uwYpNcTE+fpYcWu,iv:yc/EKM4UFe23wAe6fuGrmPtdIpEZ5XSW/9YzZY3P7yw=,tag:5qZiO4kmnsYHIsINB00gBQ==,type:str] @@ -33,8 +35,8 @@ sops: UTYrZ1dWUG5ka1p0b3JrREZXUzZiWlEKBFn4I/U3bwyurfa8gyfy7D3wYAwOtDw7 K0jQE5SeExD9kluwH0gyGDZbk/DWn+ppWoMNqQKDmICrUQpns6GJnQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-12T15:57:34Z" - mac: ENC[AES256_GCM,data:Y4MEQSgqvALcP0K92TlAaqFylk5YRTHXLRSUJmKV3ShFrdHg/iQdpcZndpX0qEynGnLooKJHfc2XpNuNVn+Z4r8jKNbI0veHdyDUWR342na9nQ3iQhccNrPxNLQ/QtOrHx4RDMv65n91XDqdWOpbzDG5gaNvk5t+hPLRY+cDUas=,iv:9qdunFsspOKcJOYdlQuAcGR16oWKCe4uzLcmwEgCy78=,tag:SSO/6Y0YTmz332ysQeP55A==,type:str] + lastmodified: "2024-08-17T10:09:08Z" + mac: ENC[AES256_GCM,data:cREWNP3tUUzJETDE3FXKaUrT1yn4b9RezCOvjf+DywYbPLPECKAWThhbDw8xJHvjoUWlPIaQ7eOTbiYIJbPY2k8ZYsXjbzuag2BZhOby2f+Z+09lDpI/sSUkYHei3wRSJnbE7/L5DD6XR8naIoAh3IzCmEtlsKh5m4y89Y157A8=,iv:1RlpPvekxjsN4Pk9rcd5cRY+PWK2abgZYT3eoiYDLBU=,tag:mVKBGJ7gYqxNGsEQ5ic06g==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 From e2c2e739aaa85dd20f9334e8b65d5c089fa7a2ce Mon Sep 17 00:00:00 2001 From: harry Date: Sat, 17 Aug 2024 12:10:45 +0200 Subject: [PATCH 13/29] (bug): added missing path arg --- features/server/services/forgejo.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/features/server/services/forgejo.nix b/features/server/services/forgejo.nix index 103deac..39543e4 100644 --- a/features/server/services/forgejo.nix +++ b/features/server/services/forgejo.nix @@ -34,6 +34,6 @@ systemd.services.forgejo.preStart = '' create="${lib.getExe config.services.forgejo.package} admin user create" - $create --admin --email "`cat ${config.sops.secrets.forgejoInitialMail}`" --username you --password "`cat ${config.sops.secrets.forgejoInitialPassword.path}`" &>/dev/null || true + $create --admin --email "`cat ${config.sops.secrets.forgejoInitialMail.path}`" --username you --password "`cat ${config.sops.secrets.forgejoInitialPassword.path}`" &>/dev/null || true ''; } From 0e7a614f10afb23e9403867f284c0cb437216029 Mon Sep 17 00:00:00 2001 From: harry Date: Sat, 17 Aug 2024 12:15:13 +0200 Subject: [PATCH 14/29] (bug): fixed permissions --- features/server/services/forgejo.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/features/server/services/forgejo.nix b/features/server/services/forgejo.nix index 39543e4..6e5d50a 100644 --- a/features/server/services/forgejo.nix +++ b/features/server/services/forgejo.nix @@ -5,8 +5,12 @@ sops.secrets.smtp_password = { owner = "forgejo"; }; - sops.secrets.forgejoInitialMail = { }; - sops.secrets.forgejoInitialPassword = { }; + sops.secrets.forgejoInitialMail = { + owner = "forgejo"; + }; + sops.secrets.forgejoInitialPassword = { + owner = "forgejo"; + }; services.forgejo = { enable = true; From 86dbc6e3c415cc9b66d551eb16b95afdaf21a8e6 Mon Sep 17 00:00:00 2001 From: harry Date: Sat, 17 Aug 2024 12:21:04 +0200 Subject: [PATCH 15/29] (bug): fixed root url --- features/server/services/forgejo.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/features/server/services/forgejo.nix b/features/server/services/forgejo.nix index 6e5d50a..708d1c6 100644 --- a/features/server/services/forgejo.nix +++ b/features/server/services/forgejo.nix @@ -21,7 +21,7 @@ settings = { server = { DOMAIN = "git.hypervirtual.world"; - ROOT_URL = "https://hypervirtual.world"; + ROOT_URL = "https://git.hypervirtual.world"; HTTP_PORT = 3333; }; actions = { From fca1497885ece8b1f8e9c6e14310420ba7f3e102 Mon Sep 17 00:00:00 2001 From: harry Date: Sat, 17 Aug 2024 14:52:36 +0200 Subject: [PATCH 16/29] (feat): replaced photoprism by nextcloud memories --- features/server/services/default.nix | 4 +- features/server/services/nextcloud.nix | 52 +++++++++++++++++--------- 2 files changed, 36 insertions(+), 20 deletions(-) diff --git a/features/server/services/default.nix b/features/server/services/default.nix index 4601715..9c31a01 100644 --- a/features/server/services/default.nix +++ b/features/server/services/default.nix @@ -1,9 +1,9 @@ -{config, ...}: +{ config, ... }: { imports = [ ./homelab-dashboard.nix ./nextcloud.nix - ./photoprism.nix + # ./photoprism.nix ./grafana.nix ./forgejo.nix ./synapse-matrix.nix diff --git a/features/server/services/nextcloud.nix b/features/server/services/nextcloud.nix index 1bf28aa..3b0e9ad 100644 --- a/features/server/services/nextcloud.nix +++ b/features/server/services/nextcloud.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, pkgs, ... }: { imports = [ "${ @@ -24,25 +24,41 @@ dbtype = "pgsql"; adminpassFile = config.sops.secrets.adminNextcloudPass.path; }; - settings.enabledPreviewProviders = [ - "OC\\Preview\\BMP" - "OC\\Preview\\GIF" - "OC\\Preview\\JPEG" - "OC\\Preview\\Krita" - "OC\\Preview\\MarkDown" - "OC\\Preview\\MP3" - "OC\\Preview\\OpenDocument" - "OC\\Preview\\PNG" - "OC\\Preview\\TXT" - "OC\\Preview\\XBitmap" - "OC\\Preview\\HEIC" - ]; - settings.trustedDomains = [ "cloud.hypervirtual.world" ]; - settings.overwriteprotocol = "https"; - settings.log_type = "file"; - settings.default_phone_region = "FR"; + settings = { + enabledPreviewProviders = [ + "OC\\Preview\\BMP" + "OC\\Preview\\GIF" + "OC\\Preview\\JPEG" + "OC\\Preview\\Krita" + "OC\\Preview\\MarkDown" + "OC\\Preview\\MP3" + "OC\\Preview\\OpenDocument" + "OC\\Preview\\PNG" + "OC\\Preview\\TXT" + "OC\\Preview\\XBitmap" + "OC\\Preview\\HEIC" + ]; + + trustedDomains = [ "cloud.hypervirtual.world" ]; + overwriteprotocol = "https"; + log_type = "file"; # temporary fix for https://nixos.org/manual/nixos/stable/#module-services-nextcloud-warning-logreader + default_phone_region = "FR"; + }; + phpOptions."opcache.interned_strings_buffer" = "23"; + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) + contacts + calendar + ; + memories = pkgs.fetchNextcloudApp { + sha256 = ""; + url = "https://github.com/pulsejet/memories/releases/download/v7.3.1/memories.tar.gz"; + license = "agpl3Only"; + }; + }; + extraAppsEnable = true; }; } From a5f2697c72a9364940171c8c081bb803b25d67c2 Mon Sep 17 00:00:00 2001 From: harry Date: Sat, 17 Aug 2024 14:55:40 +0200 Subject: [PATCH 17/29] (bug): added missing checksum --- features/server/services/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/features/server/services/nextcloud.nix b/features/server/services/nextcloud.nix index 3b0e9ad..49295cf 100644 --- a/features/server/services/nextcloud.nix +++ b/features/server/services/nextcloud.nix @@ -53,7 +53,7 @@ calendar ; memories = pkgs.fetchNextcloudApp { - sha256 = ""; + sha256 = "sha256-DJPskJ4rTECTaO1XJFeOD1EfA3TQR4YXqG+NIti0UPE="; url = "https://github.com/pulsejet/memories/releases/download/v7.3.1/memories.tar.gz"; license = "agpl3Only"; From ec9d28d0b48a129d119e7be0a3ec660adb944257 Mon Sep 17 00:00:00 2001 From: harry Date: Sat, 17 Aug 2024 15:13:08 +0200 Subject: [PATCH 18/29] (bug): fixed wrong domain for mails --- features/server/services/forgejo-smtp.nix | 10 +++++----- secrets/secrets.yaml | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/features/server/services/forgejo-smtp.nix b/features/server/services/forgejo-smtp.nix index 0000234..837585b 100644 --- a/features/server/services/forgejo-smtp.nix +++ b/features/server/services/forgejo-smtp.nix @@ -1,5 +1,5 @@ -U2FsdGVkX18oY3efQYeXqacnpNaOkre/hn/Ck1shbtZiKPQbD7G+tdQBjxPdZxIL -7oZi2qay/Z6ZKgjmd5zMW+jFejxl9/PSbDFbydn3nADkOCgPO5QSjN2QX+cswV/T -MlSQovYhJzhBgy37cPNU4oZBM8u5ZyRKLgBdUcbaKOJShyzirwKaKdn4abN0QC9B -nPIRIY5INzJPDHJEi/hgOfp4PLeiJTOvrGjvKF2N65f4Uyi8BOW3NSDK+qp6VcUI -tfF/C6r6XQF4w3p9GD2Zxw== +U2FsdGVkX1+OxQJs9k/4JL1g9iZi/V4LYrvEhkf6JFwvTFhv+sIYDI9YFXpGFk2f +DxWy76EO2LgRWZxTeBAQWTyinbDpYM2Efr3EqJvZmocBsrzrAIOfUyQ5gX9a3f9v +QHIYSPSwapr9qVEkl92bbdLKw8aQExz7SLG4viIouIb8sXShq7HGeajwrXgpj8F9 +UsFVRnrsWznu5Ubg5X40Q7EQy3vswzACkL65MeeT1AlF//vbPs/CAqa9zyc1pkoa +QGHEinlNI/0Rb/RJ7rzmuEU28Z8M24tMajQWt5JmJ6Y= diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 38635d3..1c6e367 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -35,8 +35,8 @@ sops: UTYrZ1dWUG5ka1p0b3JrREZXUzZiWlEKBFn4I/U3bwyurfa8gyfy7D3wYAwOtDw7 K0jQE5SeExD9kluwH0gyGDZbk/DWn+ppWoMNqQKDmICrUQpns6GJnQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-17T10:09:08Z" - mac: ENC[AES256_GCM,data:cREWNP3tUUzJETDE3FXKaUrT1yn4b9RezCOvjf+DywYbPLPECKAWThhbDw8xJHvjoUWlPIaQ7eOTbiYIJbPY2k8ZYsXjbzuag2BZhOby2f+Z+09lDpI/sSUkYHei3wRSJnbE7/L5DD6XR8naIoAh3IzCmEtlsKh5m4y89Y157A8=,iv:1RlpPvekxjsN4Pk9rcd5cRY+PWK2abgZYT3eoiYDLBU=,tag:mVKBGJ7gYqxNGsEQ5ic06g==,type:str] + lastmodified: "2024-08-17T13:12:06Z" + mac: ENC[AES256_GCM,data:Ojux0nJZptl1sZ0/TppLF/fiE6Iq9hh+s6ywqe3ulOGCVznzygfXcGjQTKsdJJEcRU4I0bdq38mWfFADPj2j86MUPQq9kBYjpwGSNyndIWBpGHf0XEBCMEXNHAtGr1xIBRfYZ6L61hcKNCjdCOBDcnAfM2HLNx4qFI2mqPDf+eg=,iv:QrKqh9lwP+K3rVNKJFw/Hi7WcDgXIzROwy0Q6wE83DE=,tag:ae5DgEKQ0qktNv3FZHn/2w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 From 4198a74036bab4d38d282ac7ecc965edc4a809ef Mon Sep 17 00:00:00 2001 From: harry Date: Sat, 17 Aug 2024 15:31:10 +0200 Subject: [PATCH 19/29] (feat): added more plugins --- features/server/services/nextcloud.nix | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/features/server/services/nextcloud.nix b/features/server/services/nextcloud.nix index 49295cf..afa6673 100644 --- a/features/server/services/nextcloud.nix +++ b/features/server/services/nextcloud.nix @@ -51,13 +51,28 @@ inherit (config.services.nextcloud.package.packages.apps) contacts calendar + previewgenerator + twofactor_nextcloud_notification + photos ; + memories = pkgs.fetchNextcloudApp { sha256 = "sha256-DJPskJ4rTECTaO1XJFeOD1EfA3TQR4YXqG+NIti0UPE="; url = "https://github.com/pulsejet/memories/releases/download/v7.3.1/memories.tar.gz"; license = "agpl3Only"; - }; + + registration = pkgs.fetchNextcloudApp { + sha256 = ""; + url = "https://github.com/nextcloud-releases/registration/releases/download/v2.4.0/registration-v2.4.0.tar.gz"; + license = "agpl3Only"; + }; + + facerecognition = pkgs.fetchNextcloudApp { + url = "https://github.com/matiasdelellis/facerecognition/releases/download/v0.9.51/facerecognition.tar.gz"; + license = "agpl3Only"; + }; + }; extraAppsEnable = true; }; From efa25914cb480a39a8ea594228d078d86af8a45e Mon Sep 17 00:00:00 2001 From: harry Date: Sat, 17 Aug 2024 15:37:25 +0200 Subject: [PATCH 20/29] (feat): fix sha256 --- features/server/services/nextcloud.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/features/server/services/nextcloud.nix b/features/server/services/nextcloud.nix index afa6673..2540dec 100644 --- a/features/server/services/nextcloud.nix +++ b/features/server/services/nextcloud.nix @@ -53,7 +53,6 @@ calendar previewgenerator twofactor_nextcloud_notification - photos ; memories = pkgs.fetchNextcloudApp { @@ -63,12 +62,13 @@ }; registration = pkgs.fetchNextcloudApp { - sha256 = ""; + sha256 = "sha256-dDaQHyHdkkd8ZammLdck2HNGqqfEaunwevdPzbWzB8Y="; url = "https://github.com/nextcloud-releases/registration/releases/download/v2.4.0/registration-v2.4.0.tar.gz"; license = "agpl3Only"; }; facerecognition = pkgs.fetchNextcloudApp { + sha256 = "sha256-1dfpmnyyrjyn7wbjfj3w072rzfl7zwm8ppphgsg8ampw2dy7y6yk"; url = "https://github.com/matiasdelellis/facerecognition/releases/download/v0.9.51/facerecognition.tar.gz"; license = "agpl3Only"; }; From 2ae226c5ef609da22951d37e2edc70552e643cf3 Mon Sep 17 00:00:00 2001 From: harry Date: Sun, 18 Aug 2024 15:34:52 +0200 Subject: [PATCH 21/29] feat: closed ports and using reverse proxy only --- features/server/caddy.nix | 12 ------------ hosts/sisyphe/server-configuration.nix | 6 ------ 2 files changed, 18 deletions(-) diff --git a/features/server/caddy.nix b/features/server/caddy.nix index 9dbdd2f..30ab50e 100644 --- a/features/server/caddy.nix +++ b/features/server/caddy.nix @@ -4,10 +4,6 @@ enable = true; virtualHosts = { - ":5050".extraConfig = '' - reverse_proxy :8083 - ''; - "http://sisyphe.normandy.hypervirtual.world".extraConfig = '' reverse_proxy :8003 ''; @@ -16,10 +12,6 @@ reverse_proxy :3333 ''; - "http://photos.hypervirtual.world".extraConfig = '' - reverse_proxy :2342 - ''; - "http://books.hypervirtual.world".extraConfig = '' reverse_proxy :8083 ''; @@ -28,10 +20,6 @@ reverse_proxy :3030 ''; - ":2344".extraConfig = '' - reverse_proxy :2342 - ''; - "http://jellyfin.sisyphe.normandy.hypervirtual.world".extraConfig = '' reverse_proxy :8096 ''; diff --git a/hosts/sisyphe/server-configuration.nix b/hosts/sisyphe/server-configuration.nix index ce8855b..c673d69 100644 --- a/hosts/sisyphe/server-configuration.nix +++ b/hosts/sisyphe/server-configuration.nix @@ -38,12 +38,6 @@ in 22 # ssh 8008 # matrix-synapse 8448 # matrix-synapse - 3030 - 3333 - 2344 - 4000 - 5050 # calibre-web - 9091 # transmission ]; allowedUDPPorts = [ ]; }; From 0124543874ef3679e79902141d193a0d03aaf165 Mon Sep 17 00:00:00 2001 From: harry Date: Sun, 18 Aug 2024 15:35:30 +0200 Subject: [PATCH 22/29] (bug): removed unused packages --- features/server/services/nextcloud.nix | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/features/server/services/nextcloud.nix b/features/server/services/nextcloud.nix index 2540dec..80455cf 100644 --- a/features/server/services/nextcloud.nix +++ b/features/server/services/nextcloud.nix @@ -45,7 +45,11 @@ log_type = "file"; # temporary fix for https://nixos.org/manual/nixos/stable/#module-services-nextcloud-warning-logreader default_phone_region = "FR"; }; - + phpExtraExtensions = all: [ + all.pdlib + all.redis + all.bz2 + ]; phpOptions."opcache.interned_strings_buffer" = "23"; extraApps = { inherit (config.services.nextcloud.package.packages.apps) @@ -60,13 +64,14 @@ url = "https://github.com/pulsejet/memories/releases/download/v7.3.1/memories.tar.gz"; license = "agpl3Only"; }; - - registration = pkgs.fetchNextcloudApp { - sha256 = "sha256-dDaQHyHdkkd8ZammLdck2HNGqqfEaunwevdPzbWzB8Y="; - url = "https://github.com/nextcloud-releases/registration/releases/download/v2.4.0/registration-v2.4.0.tar.gz"; - license = "agpl3Only"; - }; - + /* + not useful for me + registration = pkgs.fetchNextcloudApp { + sha256 = "sha256-dDaQHyHdkkd8ZammLdck2HNGqqfEaunwevdPzbWzB8Y="; + url = "https://github.com/nextcloud-releases/registration/releases/download/v2.4.0/registration-v2.4.0.tar.gz"; + license = "agpl3Only"; + }; + */ facerecognition = pkgs.fetchNextcloudApp { sha256 = "sha256-1dfpmnyyrjyn7wbjfj3w072rzfl7zwm8ppphgsg8ampw2dy7y6yk"; url = "https://github.com/matiasdelellis/facerecognition/releases/download/v0.9.51/facerecognition.tar.gz"; From 4b7a5ce7cb1bb8c1019254813357be3a2f42ed12 Mon Sep 17 00:00:00 2001 From: harry Date: Sun, 18 Aug 2024 16:03:04 +0200 Subject: [PATCH 23/29] (feat): added transmission url --- features/server/caddy.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/features/server/caddy.nix b/features/server/caddy.nix index 30ab50e..101e08e 100644 --- a/features/server/caddy.nix +++ b/features/server/caddy.nix @@ -51,6 +51,10 @@ "http://status.normandy.hypervirtual.world".extraConfig = '' reverse_proxy :4000 ''; + + "http://transmission.normandy.hypervirtual.world".extraConfig = '' + reverse_proxy :9091 + ''; }; }; From e7d916476f6ef0135a01e331f3b7910b8cd28cbf Mon Sep 17 00:00:00 2001 From: harry Date: Sun, 18 Aug 2024 16:05:23 +0200 Subject: [PATCH 24/29] (bug): fixed wrong hash --- features/server/services/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/features/server/services/nextcloud.nix b/features/server/services/nextcloud.nix index 80455cf..d6ff1ea 100644 --- a/features/server/services/nextcloud.nix +++ b/features/server/services/nextcloud.nix @@ -73,7 +73,7 @@ }; */ facerecognition = pkgs.fetchNextcloudApp { - sha256 = "sha256-1dfpmnyyrjyn7wbjfj3w072rzfl7zwm8ppphgsg8ampw2dy7y6yk"; + sha256 = "1dfpmnyyrjyn7wbjfj3w072rzfl7zwm8ppphgsg8ampw2dy7y6yk"; url = "https://github.com/matiasdelellis/facerecognition/releases/download/v0.9.51/facerecognition.tar.gz"; license = "agpl3Only"; }; From 7dd0e90312a8612a0c9dd68c4b538eecd6338e03 Mon Sep 17 00:00:00 2001 From: harry Date: Sun, 18 Aug 2024 19:58:22 +0200 Subject: [PATCH 25/29] (fix): used correct language --- features/server/services/nextcloud.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/features/server/services/nextcloud.nix b/features/server/services/nextcloud.nix index d6ff1ea..c8b7fa1 100644 --- a/features/server/services/nextcloud.nix +++ b/features/server/services/nextcloud.nix @@ -1,4 +1,9 @@ -{ config, pkgs, ... }: +{ + config, + pkgs, + lib, + ... +}: { imports = [ "${ @@ -44,7 +49,11 @@ overwriteprotocol = "https"; log_type = "file"; # temporary fix for https://nixos.org/manual/nixos/stable/#module-services-nextcloud-warning-logreader default_phone_region = "FR"; + default_locale = "fr_FR"; + default_language = "fr"; + default_timezone = "Europe/Paris"; }; + phpExtraExtensions = all: [ all.pdlib all.redis @@ -80,5 +89,8 @@ }; extraAppsEnable = true; + appstoreEnable = true; # why i would want appstore to be disabled ??? + autoUpdateApps.enable = true; + extraOptions."memories.exiftool" = "${lib.getExe pkgs.exiftool}"; }; } From 547b0df57aa58e4d3c3d8d2cc92a58ec14c8fcc3 Mon Sep 17 00:00:00 2001 From: harry Date: Mon, 19 Aug 2024 13:18:06 +0200 Subject: [PATCH 26/29] disabled subnets --- features/server/tailscale.nix | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/features/server/tailscale.nix b/features/server/tailscale.nix index 7df0312..31e9dc1 100644 --- a/features/server/tailscale.nix +++ b/features/server/tailscale.nix @@ -2,16 +2,18 @@ { services.tailscale = { enable = true; - useRoutingFeatures = "server"; + # useRoutingFeatures = "server"; }; - services.networkd-dispatcher = { - enable = true; - rules."50-tailscale" = { - onState = [ "routable" ]; - script = '' - ${pkgs.ethtool}/bin/ethtool -K ens18 rx-udp-gro-forwarding on rx-gro-list off - ''; + /* + services.networkd-dispatcher = { + enable = true; + rules."50-tailscale" = { + onState = [ "routable" ]; + script = '' + ${pkgs.ethtool}/bin/ethtool -K ens18 rx-udp-gro-forwarding on rx-gro-list off + ''; + }; }; - }; + */ } From fde7763f2911d7e1cc7541b1ddb30d4a3c0e66fb Mon Sep 17 00:00:00 2001 From: harry Date: Mon, 19 Aug 2024 15:27:33 +0200 Subject: [PATCH 27/29] (bug): fixed metrics not working --- features/server/services/synapse-matrix.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/features/server/services/synapse-matrix.nix b/features/server/services/synapse-matrix.nix index 19630b4..d5b552a 100644 --- a/features/server/services/synapse-matrix.nix +++ b/features/server/services/synapse-matrix.nix @@ -21,6 +21,7 @@ in server_name = "hypervirtual.world"; public_baseurl = baseUrl; enable_registration = false; + enable_metrics = true; listeners = [ { port = 8008; @@ -36,7 +37,6 @@ in names = [ "client" "federation" - "metrics" ]; compress = true; } @@ -48,7 +48,7 @@ in tls = false; bind_addresses = [ "::1" - "0.0.0.0" + "127.0.0.1" ]; resources = [ ]; } @@ -87,7 +87,6 @@ in }; }; - */ } From 84188189f9db9be8d9a3d216875430b977d76ade Mon Sep 17 00:00:00 2001 From: harry Date: Mon, 19 Aug 2024 16:02:07 +0200 Subject: [PATCH 28/29] (feat): jellyfin transcoding support --- features/server/multimedia/jellyfin.nix | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/features/server/multimedia/jellyfin.nix b/features/server/multimedia/jellyfin.nix index f7b847e..13ec5f9 100644 --- a/features/server/multimedia/jellyfin.nix +++ b/features/server/multimedia/jellyfin.nix @@ -1,5 +1,22 @@ -{ config, ... }: +{ pkgs, config, ... }: { + # 1. enable vaapi on OS-level + nixpkgs.config.packageOverrides = pkgs: { + vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; + }; + + hardware.opengl = { + # hardware.opengl in 24.05 + enable = true; + extraPackages = with pkgs; [ + intel-media-driver + intel-vaapi-driver # previously vaapiIntel + vaapiVdpau + intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in) + vpl-gpu-rt # QSV on 11th gen or newer + intel-media-sdk # QSV up to 11th gen + ]; + }; services.jellyfin = { enable = true; openFirewall = true; From 68d2b4eb958ed9751df0ee784d10e499a935471f Mon Sep 17 00:00:00 2001 From: harry Date: Mon, 19 Aug 2024 16:04:07 +0200 Subject: [PATCH 29/29] (bug): fix for older than 11th gen --- features/server/multimedia/jellyfin.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/features/server/multimedia/jellyfin.nix b/features/server/multimedia/jellyfin.nix index 13ec5f9..5024104 100644 --- a/features/server/multimedia/jellyfin.nix +++ b/features/server/multimedia/jellyfin.nix @@ -13,7 +13,6 @@ intel-vaapi-driver # previously vaapiIntel vaapiVdpau intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in) - vpl-gpu-rt # QSV on 11th gen or newer intel-media-sdk # QSV up to 11th gen ]; };