From 9afa8987e7985f6bbab15603ab678645fff248df Mon Sep 17 00:00:00 2001
From: ahtlon <atlan@ahtlon.de>
Date: Tue, 26 Nov 2024 21:00:54 +0100
Subject: [PATCH] nextcloud minimal

---
 machines/.sops.yaml                  |  9 ++++
 machines/configuration.nix           | 11 +++-
 machines/nextcloud/configuration.nix | 35 ++++++++++++
 machines/nextcloud/secrets.yaml      | 79 ++++++++++++++++++++++++++++
 4 files changed, 133 insertions(+), 1 deletion(-)
 create mode 100644 machines/nextcloud/configuration.nix
 create mode 100644 machines/nextcloud/secrets.yaml

diff --git a/machines/.sops.yaml b/machines/.sops.yaml
index 5ef9757..3eda966 100644
--- a/machines/.sops.yaml
+++ b/machines/.sops.yaml
@@ -75,6 +75,15 @@ creation_rules:
       - *admin_atlan
 
   - path_regex: discourse/secrets.yaml$
+    key_groups:
+    - pgp:
+      - *admin_kalipso
+      - *admin_kalipso_dsktp
+      - *machine_durruti
+      age:
+      - *admin_atlan
+    
+  - path_regex: nextcloud/secrets.yaml$
     key_groups:
     - pgp:
       - *admin_kalipso
diff --git a/machines/configuration.nix b/machines/configuration.nix
index 6530015..51bc0bc 100644
--- a/machines/configuration.nix
+++ b/machines/configuration.nix
@@ -180,8 +180,17 @@ in
     system = "x86_64-linux";
     specialArgs.inputs = inputs;
     specialArgs.self = self;
-    modules = makeMicroVM "durruti" "10.0.0.7" [
+    modules = makeMicroVM "discourse" "10.0.0.7" [
       ./discourse/configuration.nix
     ];
   };
+
+  nextcloud = nixosSystem {
+    system = "x86_64-linux";
+    specialArgs.inputs = inputs;
+    specialArgs.self = self;
+    modules = makeMicroVM "nextcloud" "10.0.0.11" [
+      ./nextcloud/configuration.nix
+    ];
+  };
 }
diff --git a/machines/nextcloud/configuration.nix b/machines/nextcloud/configuration.nix
new file mode 100644
index 0000000..09ae050
--- /dev/null
+++ b/machines/nextcloud/configuration.nix
@@ -0,0 +1,35 @@
+{ config, lib, pkgs,  ... }:
+
+with lib;
+
+{
+  sops.defaultSopsFile = ./secrets.yaml;
+  sops.secrets = {
+    nextcloudAdminPass = {};
+  };
+
+  networking = {
+    hostName = mkDefault "discourse";
+    useDHCP = false;
+    nameservers = [ "1.1.1.1" ];
+  };
+
+  imports = [
+    ../modules/malobeo_user.nix
+    ../modules/sshd.nix
+    ../modules/minimal_tools.nix
+    ../modules/autoupdate.nix
+  ];
+
+  services.nextcloud = {
+    enable = true;
+    package = pkgs.nextcloud30;
+    hostName = "10.0.0.11";
+    config.adminpassFile = config.sops.secrets.nextcloudAdminPass.path;
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  system.stateVersion = "22.11"; # Did you read the comment?
+}
+
diff --git a/machines/nextcloud/secrets.yaml b/machines/nextcloud/secrets.yaml
new file mode 100644
index 0000000..84f38cf
--- /dev/null
+++ b/machines/nextcloud/secrets.yaml
@@ -0,0 +1,79 @@
+nextcloudAdminPass: ENC[AES256_GCM,data:es9hhtCcqBqPbV2L,iv:Kyq5kqao0uaMPs0GeRkJT9OWYSZfImBXngg51k0uQ0M=,tag:zN/u90/j4rmdo0HtY+cF9w==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmVGxsNmZ3Z0RIYmMyL0Mr
+            UUpaMEZLTCtQaGFrL1YwOVBicEtNRTVaVGhRCmhDSUgxYXpRcldaMngvOWJDdnNo
+            b2ZFbUdmcE9EV2E3SkMvZ1RpKzZmeU0KLS0tIE5hNmVFTXpBZFZ3bHYwQlJQaUtw
+            UFJmTVFaOTJXN09QLzY4emh5Z3hqRjAKXk1PSwR2x0H2cMN06fyigiusz8v2IRIg
+            S4ZTq/JX39U4QQHgWA1dFPfC636LNBo+QKdl/2mjwnXW7duqDJ+5kA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-11-26T20:00:50Z"
+    mac: ENC[AES256_GCM,data:qoY9SfpoU+8HfvD5v/1S6BOkbnZUmHIbtwr0tTSuPETjnFNgr1VVw9mnRatJKPYYFb9/rMZQWIqTY+iUIEkcTVyVXhd6ki5CHW+uxCeBIyMzq33rtEa/btkEUoii4iPieamBCIY21W0znE+edxfR04yRJtLxMICEbuW4Hjf6bwk=,iv:nG42fRgjpuIjPMYnn/6egEdzYolcUBsspaZ8zMv4888=,tag:C6apGoAvVLsWdLWSCwrx6w==,type:str]
+    pgp:
+        - created_at: "2024-11-26T19:59:36Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQGMA5HdvEwzh/H7AQv+KkX46UGQzLvhrk/VUCnnMdLEcNbYfk4h+sZJzs1riOGA
+            LAKYNeaeN6iLLeZX+T2/s5OT4WkIEKGg8/gziurdx01BR70M96Faubp6EVtdK44+
+            6F5BLLrDhlEKDNOx48qPwJdFjbYW4wZLWmv5nzwPmmRCKO7MoI9UHKq69msCor1i
+            ralbjlVHyKSuRfvflKAlxFoEqeB6H+ryc54g3stk1j2eFiMNuF/oKDJZT+XI5LHZ
+            Ai80DAWoUBYgpP4aWiNC075GPutdPlZ3mrGf5+7QnNm7GmNUdJN5VAWmI2NUGr1J
+            BLopnPFo4juWNsZkLMj2aAuKvGTkhz2PuFKfLj6Erpu82RAjadpFWx239n+i4Ryq
+            wSquYshpuiecLEejntTBKLEacwp+aPx8IHKnOOKBTdJj+YYaISiznQAlkF7WS+lg
+            MTZR85BvCxiPogujL7uhYSx1wM5FVkuAIPf1JOJCRvQt30eRRrR0VMrmqQ1Kl5OT
+            VMzZRIGIoC5vrKGeIIjJ0lgBWQ3bYFh/LGrwKetku6TRAH29mp/XwQqBC97RsUYb
+            EOxft5sUWaYrXK+z2yzCxOQBWKJISPgcyhdoKfYGnRkHXHi2Uay84oQP4co72eVF
+            cAhEJOxMw36e
+            =bSaN
+            -----END PGP MESSAGE-----
+          fp: c4639370c41133a738f643a591ddbc4c3387f1fb
+        - created_at: "2024-11-26T19:59:36Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA98TrrsQEbXUARAAmG88ZDt43zj6dCJkYYVj7MGIhIviJzilTvX4+EfNobtA
+            tll60GYfRotKnwbuqzSVaaIcV+6cDQ5I1hG5WNFJSXm7DpJ0W1Ir1x2hpxektXFa
+            fQ+9HiCOfEqUu5PEynCAD1jN6CQLdl87hLQx9TqbZnHuUYPSH1o9Y6kbA/Vp3bpy
+            evJc8qa66WHYH1kjdEw+qneD5HzZQOLOtXZ7xkxjGbyMcYex9JfyGHohO5dpLg6B
+            3XrLlIWWERVz04MlnzlaMKfzhoMCU9ByqJSQ3VBm9kblQqu54fOZD2sN8j9ACEfL
+            YNC7Jm2rasVSqv09G1kso9/VNDw3kNCLvjnpE5rJRP7Ckfj+4FxQN/zPVUwQ1e1k
+            upoQ8MHyf1bJr8vspm/prm9zp+PRRTUwY1Yyts/ffj+CF5ec9M3jr/RSeEAdswsL
+            6dLKBL1LuLAjKXOuVnQ7E6gN940Y994sDFkbqEmzzCUHGcfxSF3IDn/qpkQlqerU
+            B/D43Yef+rtsUDyTA5RUpxKleGORcS4sV0BhQrNXeFclaMTyMr+AbOei4Y77qlD1
+            x/fHB3IT4Intvp9k4m6jJ86RtLpVhEoA4cHEdCCiXHzUpA6aVtNHVAOqT/aBykrf
+            uSm1wu/nl6yKbIwTJueli1OfQYKEYcUdjOrEOwXb+UDQKSohWZrMg0sj7/S6Pl/S
+            WAG1BZ20HXD2ZrVqESV87Pl04nKMqswrio+BINfAT9X3ya7L3DF69MR18bDt+ZIB
+            0F3+9WUREGI5in4S3hXNxrgfLNFl1YLklfWLYcx0HXJN3z6F2eJOUvM=
+            =aT3U
+            -----END PGP MESSAGE-----
+          fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4
+        - created_at: "2024-11-26T19:59:36Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA1kR3vWkIYVnARAAqFyuCtvu6AidWg/9+btEcjWv0sBZaIRpYfX3p2QECwCu
+            UYAtssvSHgHdBEQzU27MA/5CGmEreB3NhWrjGquv88RojLO1JuhNHGYPZKeIcBKr
+            I2oS79RKuYs+d2Qu0KUYDaVoY9M5YJsfkju2FOXqMNYlbqX+lDuWnisigj3n2N4e
+            OEBnVIpfPBQE6c1Z9DaQJE7MyBbKfg5YeWjlwwh+fCf1dV/nGp+QdD88F3dzWMoK
+            xNGt69TwZ8JUVmElAIJqLJTpyDI5xHQUw2A6ddPSTk/u363eHhOnZZUNAAm3FdO5
+            0x+4QhcBaH59S8WDZhw4MVmZN7v4+3l3mf7Rx/TXSz4oJg+U7RMgvc291/gowNVm
+            /cVhBlMYz4Ogx/OYR/t+nzq35r+eBungTB+dRXw7qTTfkCtNgp34JMCkGAq5WWnY
+            57H2HtssGiMF0qN4SfWxw7317oUmqHI2XvG0yWt42G++jNgIGbDOtuc/7wATEbhK
+            SBX2aLqDIB1OUwLHQeawyKkB0qGmRSVPkPg8JLwRp43ICETH1WPkY5m/a2slVlDj
+            qgdw00clTI5Fgu/5G5QBD4Ds9f9ZwjrMD4v+NYfGxa0ajisXl1X6CL1+YvQ6Uicf
+            QmIRJYxyVd0VoXScZnsk0T/XTKjJB/fRLRalA2PmlZ1v+gisCUz2dhM+OHtSjGTS
+            WAG5znRbP8UMVt02O0PgbzHYtIUAtQLCuBnzfEKJn721rqCXf7DXU3jrR73Ys6ce
+            VJzkVBMnBszF71GN56t0PaUYIDOnaGvgjMtHHtOCLQHSK7asnm/Bc+E=
+            =Znii
+            -----END PGP MESSAGE-----
+          fp: 4095412245b6efc14cf92ca25911def5a4218567
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1