[nextcloud] nextcloud works now

flake.lock

@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1730135292,
+        "lastModified": 1736864502,
-        "narHash": "sha256-CI27qHAbc3/tIe8sb37kiHNaeCqGxNimckCMj0lW5kg=",
+        "narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "ab58501b2341bc5e0fc88f2f5983a679b075ddf5",
+        "rev": "0141aabed359f063de7413f80d906e1d98c0c123",
         "type": "github"
       },
       "original": {
@@ -67,11 +67,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1733951536,
+        "lastModified": 1736373539,
-        "narHash": "sha256-Zb5ZCa7Xj+0gy5XVXINTSr71fCfAv+IKtmIXNrykT54=",
+        "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "1318c3f3b068cdcea922fa7c1a0a1f0c96c22f5f",
+        "rev": "bd65bc3cde04c16755955630b344bc9e35272c56",
         "type": "github"
       },
       "original": {
@@ -109,11 +109,11 @@
         "spectrum": "spectrum"
       },
       "locked": {
-        "lastModified": 1734041466,
+        "lastModified": 1736905611,
-        "narHash": "sha256-51bhaMe8BZuNAStUHvo07nDO72wmw8PAqkSYH4U31Yo=",
+        "narHash": "sha256-eW6SfZRaOnOybBzhvEzu3iRL8IhwE0ETxUpnkErlqkE=",
         "owner": "astro",
         "repo": "microvm.nix",
-        "rev": "3910e65c3d92c82ea41ab295c66df4c0b4f9e7b3",
+        "rev": "a18d7ba1bb7fd4841191044ca7a7f895ef2adf3b",
         "type": "github"
       },
       "original": {
@@ -124,11 +124,11 @@
     },
     "nixlib": {
       "locked": {
-        "lastModified": 1733620091,
+        "lastModified": 1736643958,
-        "narHash": "sha256-5WoMeCkaXqTZwwCNLRzyLxEJn8ISwjx4cNqLgqKwg9s=",
+        "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "f4dc9a6c02e5e14d91d158522f69f6ab4194eb5b",
+        "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
         "type": "github"
       },
       "original": {
@@ -145,11 +145,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1733965598,
+        "lastModified": 1737057290,
-        "narHash": "sha256-0tlZU8xfQGPcBOdXZee7P3vJLyPjTrXw7WbIgXD34gM=",
+        "narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "d162ffdf0a30f3d19e67df5091d6744ab8b9229f",
+        "rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453",
         "type": "github"
       },
       "original": {
@@ -160,11 +160,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1733861262,
+        "lastModified": 1736978406,
-        "narHash": "sha256-+jjPup/ByS0LEVIrBbt7FnGugJgLeG9oc+ivFASYn2U=",
+        "narHash": "sha256-oMr3PVIQ8XPDI8/x6BHxsWEPBRU98Pam6KGVwUh8MPk=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "cf737e2eba82b603f54f71b10cb8fd09d22ce3f5",
+        "rev": "b678606690027913f3434dea3864e712b862dde5",
         "type": "github"
       },
       "original": {
@@ -192,11 +192,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1733759999,
+        "lastModified": 1737062831,
-        "narHash": "sha256-463SNPWmz46iLzJKRzO3Q2b0Aurff3U1n0nYItxq7jU=",
+        "narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a73246e2eef4c6ed172979932bc80e1404ba2d56",
+        "rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c",
         "type": "github"
       },
       "original": {
@@ -208,11 +208,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1733808091,
+        "lastModified": 1736916166,
-        "narHash": "sha256-KWwINTQelKOoQgrXftxoqxmKFZb9pLVfnRvK270nkVk=",
+        "narHash": "sha256-puPDoVKxkuNmYIGMpMQiK8bEjaACcCksolsG36gdaNQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a0f3e10d94359665dba45b71b4227b0aeb851f8e",
+        "rev": "e24b4c09e963677b1beea49d411cd315a024ad3a",
         "type": "github"
       },
       "original": {
@@ -245,11 +245,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1733965552,
+        "lastModified": 1737107480,
-        "narHash": "sha256-GZ4YtqkfyTjJFVCub5yAFWsHknG1nS/zfk7MuHht4Fs=",
+        "narHash": "sha256-GXUE9+FgxoZU8v0p6ilBJ8NH7k8nKmZjp/7dmMrCv3o=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "2d73fc6ac4eba4b9a83d3cb8275096fbb7ab4004",
+        "rev": "4c4fb93f18b9072c6fa1986221f9a3d7bf1fe4b6",
         "type": "github"
       },
       "original": {

machines/.sops.yaml

@@ -74,15 +74,6 @@ creation_rules:
       age:
       - *admin_atlan
 
-  - path_regex: discourse/secrets.yaml$
-    key_groups:
-    - pgp:
-      - *admin_kalipso
-      - *admin_kalipso_dsktp
-      - *machine_durruti
-      age:
-      - *admin_atlan
-    
   - path_regex: nextcloud/secrets.yaml$
     key_groups:
     - pgp:

machines/configuration.nix

@@ -170,27 +170,20 @@ in
     ];
   };
 
+  nextcloud = nixosSystem {
+    system = "x86_64-linux";
+    specialArgs.inputs = inputs;
+    specialArgs.self = self;
+    modules = makeMicroVM "nextcloud" "10.0.0.13" "D0:E5:CA:F0:D7:E9" [
+      ./nextcloud/configuration.nix
+    ];
+  };
+
   testvm = nixosSystem {
     system = "x86_64-linux";
     specialArgs.inputs = inputs;
     specialArgs.self = self;
     modules = defaultModules ++ [ ./testvm ];
   };
-  discourse = nixosSystem {
-    system = "x86_64-linux";
-    specialArgs.inputs = inputs;
-    specialArgs.self = self;
-    modules = makeMicroVM "discourse" "10.0.0.7" [
-      ./discourse/configuration.nix
-    ];
-  };
 
-  nextcloud = nixosSystem {
-    system = "x86_64-linux";
-    specialArgs.inputs = inputs;
-    specialArgs.self = self;
-    modules = makeMicroVM "nextcloud" "10.0.0.11" [
-      ./nextcloud/configuration.nix
-    ];
-  };
 }

machines/discourse/configuration.nix

@@ -1,47 +0,0 @@
-{ config, lib, pkgs,  ... }:
-
-with lib;
-
-{
-  sops.defaultSopsFile = ./secrets.yaml;
-  sops.secrets = {
-    discourseAdminPasswordFile = {};
-    discourseSecretKeyBaseFile = {};
-  };
-
-  networking = {
-    hostName = mkDefault "discourse";
-    useDHCP = false;
-    nameservers = [ "1.1.1.1" ];
-  };
-
-  imports = [
-    ../modules/malobeo_user.nix
-    ../modules/sshd.nix
-    ../modules/minimal_tools.nix
-    ../modules/autoupdate.nix
-  ];
-
-  services.discourse = {
-    enable = true;
-    hostname = "forum.malobeol.org";
-    admin = {
-      email = "admin@example.org";
-      username = "admin";
-      fullName = "Admin";
-      passwordFile = config.sops.secrets.discourseAdminPasswordFile.path;
-    };
-    secretKeyBaseFile = config.sops.secrets.discourseSecretKeyBaseFile.path;
-    database.createLocally = true;
-    enableACME = false;
-  };
-  services.postgresql = {
-    enable = true;
-    package = pkgs.postgresql_13;
-  };
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-  system.stateVersion = "22.11"; # Did you read the comment?
-}
-

machines/discourse/secrets.yaml

@@ -1,81 +0,0 @@
-discourseSecretKeyBaseFile: ENC[AES256_GCM,data:XKjcm+sOt4HazADjcJ6MilYNZMbO5IVMGnfdUXyx+9OjmEfk/zb0dhIjpZ2t6P1UfQUFI7NT2BMKgEjb2EG+5Kjxsq4mN+zoBxZAZI0WM6/WoF3ydwuqVamr1rIXfGN/W58UAink8K4SW7B6sbb76yQOWoP/GRHEaIxNvdnsGyE=,iv:LaoFS0O1qIpL/w1Gp98Em14hRohNR/FNqir38hBbCac=,tag:2zV5XRSkL6zYxylJoJ/OLQ==,type:str]
-#ENC[AES256_GCM,data:sCvaoU2W7sc=,iv:iZdeM7YEkyOhkQUrHoRFJEnWw47OmBvi5AJ3ZEXck8k=,tag:wnh19onScSBPkyZw8PLQiA==,type:comment]
-discourseAdminPasswordFile: ENC[AES256_GCM,data:01pJVQ==,iv:FjU8sM0n1YDhywUoaWHnvBcsNMFeqqxp+eYyAKByT1E=,tag:LR70T8ywo80PQHNHj6aJEA==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyVG1UYmZyWk8vZXJPdFBm
-            bHlwMUJ0ZjJQS3A0ZytLbXRCbGxyREZKajJjClI3NEt3c0RyOVZrZzh4ZGFsQ1Ft
-            NFdJd3hhRTNaV0ZGRHdBdEVOdm4wR0EKLS0tIDlvcFB0Z1VtRUVQVFBKRVRuN3Jn
-            RmI4OWI3YU5PUkFpeUROMEJHbXU1MjAKOOt7LCeH4mJtm+ngT9A2Ubzdje435RK+
-            PomvgpBQ3t3ry+mBMz25DdgIYgBsnDS2ji5mavd3Zx2dbah0q4Cdrw==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-26T17:23:55Z"
-    mac: ENC[AES256_GCM,data:axeHNSEsXZu4LCaQoy8FzDd7yBjy5nrjDmEF5pEwxmCw4bp1Gssdy2CVs0oDqU0UbOQ8D5Q8tevhdhxSTx19JF9HnaD4b3NL6+bmObx+d67zVqtyv1E0hHDgfsQBuoMQOou2ht6hhkz/VRUmbBICOZERc7o87uzXNXG2pP34vNY=,iv:jaBiGbxC62rnhotquYZ6id0f94+crve7Cnn8dFnzdC4=,tag:7lCHK6HvqDmOEfCA+wHtIg==,type:str]
-    pgp:
-        - created_at: "2024-11-26T17:23:19Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQGMA5HdvEwzh/H7AQv9EDScYMdx0QPqz9ipgvsZTBOqsrLUvGOYcwod9412bMzO
-            Oic5VkkiCSDPARP2JRGlS1Qvr3Oecdvo/TBpThWrWgaxS6THHPUyiaZGQhQXUnHo
-            d6u+OPMH4eZ3Vmn5pzbRwTg1mpKKwtvtMo+xCEaygPFGoIMMlmDr/q3agsJ07YBI
-            Ip9764gqBS6N+J3KN6j3XM/LHEu3e/qwp049BCslfWqVKZB7lQ7NbVkyGCM37aL9
-            /GQSUvD+MU6WeIGd4Hr73pbc+MrB/KbSbufuwOVIUdZU/n6znusa1LjMuFgg9iOU
-            jsUmsdt7EhVpz7aQ1obFIcDVa7HFNF+Lp+78QgAInMK9QNWzH4OJumhrqovtbajg
-            xGfe0AJnkctYMOA3a6SHT2YZv3/iLqMkz/ioEVInlB9BAfNFK9UZWadVLEYyzJQR
-            1rs54kbtm71/eTi3eadS3yRfEHoSgHrrPuRN2tzSCi1w2QK0a724v5Jtr/epzycT
-            oA4ha42dC4z1n66b7NAb0lYBSqZhcVm6wStypBGtCd0B08bFDzXng3PtfeVrD1jg
-            b37smpXoQNe6vvG6M9yr2qg6V21SZWw3a4K93qDn+mihbOsnpZj24L0fJctIZSC3
-            la3aPsVYQg==
-            =G43o
-            -----END PGP MESSAGE-----
-          fp: c4639370c41133a738f643a591ddbc4c3387f1fb
-        - created_at: "2024-11-26T17:23:19Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA98TrrsQEbXUARAAlFNovLVBXXDUSMxBYsZll4UZ7+sPAdLZ+kDu49JlX4rJ
-            zNo3NiNrVMfUUZpWx3q5mYGUR5Ys441kwhDlUhj5Jv7X7PkTl2KU+pZZBr5DBnD0
-            8Nzm8CeI+3gphujX7CGjUcRUKjOMSa8nhIvz919TW1KCmr1xLDQw8yZGWn+VVBe1
-            g3ut0OEDFHBcU4T3DcFq7UMUCPpwo1Eas2tcLg4N18YCZanL34ziVlHlzocvE4Jz
-            1Y/tWvYj/OytktRDITi9/OIdS4hmSSPe8Qzb5abSCz20CzojVaDwEFGgwv9IRkBQ
-            C7RmPyd3u8Y/13tMORKz65LExmolhQyW4GVozDdEFQckwBYxMmaY9q7JVgKi5WD+
-            8s3r4vcIdISKlWH0E3qmJhkHxpoDmAS7NLXb8ROpCjKZKTK+XE0AEK8S3CFNgbvA
-            yKAnr7MVMJJBjbgxKJaoIjwNwkXQWCvm1f2s+xJTGQGHG+2hMgVoYb6dlpir08jR
-            yDHYxtpz/tRSXkjM7C6+r3SzZub/xowtWNUeZJqhsBhpP7cVT/dkd9cKvL+LTYM5
-            nQpczoNfBSn/wt87rCV6lFRyUsqhqUfMIR4T8mpa+2weneqX8olb8CT4312E9eEw
-            mqVX+fGETWpUN/cEpnFFcXS/MPAJCHyedov5MgdmBL/XEVKbWAPk22CGgFv8GHTS
-            VgEKUaeKWKThwCYl8ylTpgO7eZ+retflRpoVUddWyAiTe/rTvrBfR9hayZPYp2Lf
-            vmQLDfcHAH/DmazB7CAlomaLS/1ab1zHltvSw4HFKFy9lxl692Fk
-            =BnOX
-            -----END PGP MESSAGE-----
-          fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4
-        - created_at: "2024-11-26T17:23:19Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA1kR3vWkIYVnARAAm1JETHrYuQ282GaaCLC9ZRjtskt3Tt9sAveKoltS6PgG
-            zDE1L5XFgWMg+IrxISqw4a6dIoJcJVlSIaojPkAENqjeHWEFdI6QoQ2P3yNgU8Fd
-            MzTukSmPZwP/XMLE73SIWU7+23qlnnCQrHzqNHZh6vijz6fIjQ4xfvGnV2n0MD/V
-            BVjPZJv3BbV+Xaf43hwEsFfn90h8wyd1Ls3Q7PlQA9lL952B9IAm3koN/LWAbYqo
-            oxSXb13kQuvtL6TwsHc1QGlHWaEdJRgTLnYxroqgOC6PXKqoTSmX4adeExWCMg7E
-            HGe/S/PG6xBJlWhZcDS2ldZjFCHojy43NsJj/0ir4onBqehvb/Bw2RiVrRW9ZCNx
-            Ydk1UXdk/2bFeHSTaSNEgXEsU6GQNFRKS+PkxLst5xT2GLnPAQu1vCxVsYOze8BX
-            AwySIEEZikqb9ycP0eJGOYRPW1Vw43xUaexClLa6zFi+o45jxbzCOChpAobjIQ4t
-            kOdtEnKYTg9jWuK57zCD8/EmY98kfSSRas119fJ/8eeFib2I4WT9WwAbD4+8Ld4c
-            GzUg00mim2Xz6LPJkqX3SNL9/ZHqlirJMoMcltIro14dT+BsgBL/8OnHXQ0SMRhg
-            wz+Dx7fUcP+rkN8tSG/wXQ3CAMv8lfOw1XqKzx4mMqjaVoqbhKNPUtYRUAWWPx/S
-            VgEmV0aoiD0ar/QxZRUZwWawTPsJOCxZptvvsW22jWq/G7VyX6OR56XmI+jPUCFm
-            1WN8TkplHFtFqUTyQL8lI66iQiaYMmpjjVU6TKqNGShHSj65cB/n
-            =38qM
-            -----END PGP MESSAGE-----
-          fp: 4095412245b6efc14cf92ca25911def5a4218567
-    unencrypted_suffix: _unencrypted
-    version: 3.8.1

machines/nextcloud/configuration.nix

@@ -5,7 +5,10 @@ with lib;
 {
   sops.defaultSopsFile = ./secrets.yaml;
   sops.secrets = {
-    nextcloudAdminPass = {};
+    nextcloudAdminPass = {
+      owner = "nextcloud";
+      group = "nextcloud";
+    };
   };
 
   networking = {
@@ -21,22 +24,31 @@ with lib;
     ../modules/autoupdate.nix
   ];
 
-  environment.etc."nextcloud-admin-pass".text = "hXz5vspPsFPY";
   services.nextcloud = {
     enable = true;
     package = pkgs.nextcloud30;
-    hostName = "10.0.0.11";
+    hostName = "cloud.malobeo.org";
-    #config.adminpassFile = config.sops.secrets.nextcloudAdminPass.path;
+    config.adminpassFile = config.sops.secrets.nextcloudAdminPass.path;
-    config.adminpassFile = "/etc/nextcloud-admin-pass"; #user=root
+    #https = true; #disable for testing
+    database.createLocally = true;
+    config.dbtype = "pgsql";
+    configureRedis = true;
+    caching = {
+      redis = true;
+      apcu = true;
+    };
     extraAppsEnable = true;
     extraApps = {
       inherit (config.services.nextcloud.package.packages.apps) contacts calendar;
       collectives = pkgs.fetchNextcloudApp {
-        sha256 = "sha256-ErCWmQCI+ym9Pvsf84Z9yq4CyYJ1uVhyhhlS2bVSJ54=";
+        sha256 = "sha256-cj/8FhzxOACJaUEu0eG9r7iAQmnOG62yFHeyUICalFY=";
-        url = "https://github.com/nextcloud/collectives/releases/download/v2.15.1/collectives-2.15.1.tar.gz";
+        url = "https://github.com/nextcloud/collectives/releases/download/v2.15.2/collectives-2.15.2.tar.gz";
         license = "agpl3Plus";
       };
     };
+    settings = {
+      trusted_domains = ["10.0.0.13"];
+    };
   };
 
   networking.firewall.allowedTCPPorts = [ 80 443 ];