From c2c5e2c070620404341e9e532adc69a6555776e3 Mon Sep 17 00:00:00 2001 From: tootbrute Date: Thu, 6 Nov 2025 19:49:17 +0800 Subject: [PATCH] cleanup --- FUTURE-SERVER.md | 27 +++++++ TODO.txt | 5 ++ configuration.nix | 44 ++++++----- docker/nextcloud/docker-compose.yml | 74 ------------------- docker/nextcloud/pass.txt | 1 - services/calibre-web.nix | 1 - services/nextcloud-reset.sh | 2 +- services/nextcloud.nix | 59 +++++++++++++-- services/{ => nextcloud}/lup-nextcloud.nix | 0 .../nextcloud.nix} | 20 +++-- services/oldnextcloud.nix | 15 ++++ 11 files changed, 135 insertions(+), 113 deletions(-) create mode 100644 FUTURE-SERVER.md create mode 100644 TODO.txt delete mode 100644 docker/nextcloud/docker-compose.yml delete mode 100644 docker/nextcloud/pass.txt rename services/{ => nextcloud}/lup-nextcloud.nix (100%) rename services/{old-nextcloud.nix => nextcloud/nextcloud.nix} (66%) create mode 100644 services/oldnextcloud.nix diff --git a/FUTURE-SERVER.md b/FUTURE-SERVER.md new file mode 100644 index 0000000..0cbf148 --- /dev/null +++ b/FUTURE-SERVER.md @@ -0,0 +1,27 @@ +# FUTURE SERVER +One day, I would like to move off of Yunohost and do this all by myself. + +Steps I would need to take. + +1. Backup Data +- all data is on ZFS mirrors, no action needed +- other configuration not important +2. Install NixOS +- install with zfs-on-root, encryption enabled +3. Import ZFS Pools +- /mnt/hermes +4. Install Reverse proxy +- caddy-dns-gandi on github +5. Setup services +- user docker or nixos services +- tailscale +- calibre-web +- jellyfin +- immich-photos +- nextcloud (*!) +- whoogle +6. Setup Backups +- zfs mirror pool (name?) + +# Other Considerations +- where to setup docker stuff? diff --git a/TODO.txt b/TODO.txt new file mode 100644 index 0000000..9cde911 --- /dev/null +++ b/TODO.txt @@ -0,0 +1,5 @@ +nextcloud is removed ATM + +purge it from all parts of the system + +go back into GIT history and find nextcloud that worked diff --git a/configuration.nix b/configuration.nix index cdf5801..97b3c7c 100644 --- a/configuration.nix +++ b/configuration.nix @@ -11,18 +11,17 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix - ./services/jellyfin.nix - ./services/calibre-web.nix - ./services/glances.nix - ./services/fail2ban.nix - ./services/transmission.nix -# ./services/nextcloud.nix -# user docker for now +# ./services/jellyfin.nix +# ./services/calibre-web.nix +# ./services/glances.nix +# ./services/fail2ban.nix +# ./services/transmission.nix + # ./services/nextcloud.nix ]; # Bootloader. boot.loader.systemd-boot.enable = true; - # ZFS SSH Remote Unlock, ethernet only + # ZFS SSH Remote Unlock, only works with ethernet now # https://wiki.nixos.org/wiki/ZFS boot = { initrd.network = { @@ -37,7 +36,7 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3Ihu9CsCL17FuHl6EqyMDT5BPjh8GlLTWHM+Y1D1I7 elias@bluenix" #bluenix "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILv96m1nCz3D0lzjzeGa+n4m3krEyl7KZ0tstjIZdTkq elias@bluefin" #acer "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8zlxSVOTCnAgb4U5vkC3ietH3Jd9gLE+FA6UOZp64J elias@arkadi.one" #arkadi - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILLT5HqaL4l0+D4kesHph1pD74VnFy6eMxhGrBdwDThQ elias@greynix" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWN6eeLFbtRJDEebSjoI8FaDOA5bmIzbyTUvX/hPWdh elias@greynix" #asus ]; # to login: ssh -p 2222 root@192.168.15.180 "zfs load-key -a && killall zfs" }; @@ -55,7 +54,7 @@ nix = { settings = { #experimental-features = [ "nix-command" "flakes" ]; - download-buffer-size = "2G"; + download-buffer-size = "4G"; warn-dirty = false; }; # garbage collection @@ -72,6 +71,14 @@ networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. networking.hostId = "0631374f"; # for ZFS +#TEMP + networking.wireless.networks = { + # SSID with spaces and/or special characters + "Suntek 188" = { + psk = "0226203850"; + }; + }; + # Enable networking #networking.networkmanager.enable = true; @@ -93,20 +100,13 @@ LC_TIME = "zh_TW.UTF-8"; }; -nix.settings.experimental-features = [ "nix-command" "flakes" ]; - -#fix later - # Configure keymap in X11 -# services.xserver = { - # xkb.layout = "us"; - # xkb.Variant = ""; - # }; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.elias = { isNormalUser = true; description = "Tootbrute"; - extraGroups = [ "networkmanager" "wheel" "docker"]; + extraGroups = [ "networkmanager" "wheel" "docker" "elias" ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDCbK2VQVSzh/e6qrq66iQnrXGET2JeQsyP+lKhUntlMqTiqMjUAT2cmjIOpspde/VsR60E88FjHpmy1dxrWtvldcLvUXmfjB2Id8zkj28gqPlLlMGyzQQ8M1hokVySFR3sBQESNsow67zg4zgdZESsNplSoxzrGg10Yowo3U6pLv6o/OjrfHeZaeFphEpgjQ+jdNkMS6sAPUKkzCg4zh+24M5cYNSvbXEv1OmSOUq4kZGL96xDt+Ke0rZnew/NBW7m5umh49q4Q0SPwbTf02UFMjAEPBKWREWvjBbreEN9AHytcaWk340bdX5UAsO1W8oA0qj1hrHrsEIw8n9WxoVzTDJrLW1zDFWWQ1L6xKoaawtcpDqg2lmcjaMIwEFvj7HSgn7/Y/UfTV5Gyhed968VqNlC4v4vEXQ5a44T5PFQLmo80PZ6xka4Rsa46n1vIFSdVu3JDr81s3U5pO3QxJMykUzY9Cs7jtQ/AeV9n4Bu6fm1gJzi2G/72SxJJ8OV4BU= elias@socrates" #acer at school "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfnE4JwpIyghoFYurZLjFkzc5G4l1FeS76yYITg9wUB elias@tux" #little hp - tux @@ -114,7 +114,7 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3Ihu9CsCL17FuHl6EqyMDT5BPjh8GlLTWHM+Y1D1I7 elias@bluenix" #bluenix "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILv96m1nCz3D0lzjzeGa+n4m3krEyl7KZ0tstjIZdTkq elias@bluefin" #acer "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8zlxSVOTCnAgb4U5vkC3ietH3Jd9gLE+FA6UOZp64J elias@arkadi.one" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVWt9UsavFfdwQzklW/zSlwGwQXaDvFk+MdzsCp0gnp tootbrute@tutanota.com" #greynix + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWN6eeLFbtRJDEebSjoI8FaDOA5bmIzbyTUvX/hPWdh elias@greynix" #asus - greynix ]; linger = true; packages = with pkgs; []; @@ -134,9 +134,6 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; # Disable sudo password for the wheel group security.sudo.wheelNeedsPassword = false; - # Enable automatic login for the user. - #services.getty.autologinUser = "elias"; - # Allow unfree packages nixpkgs.config.allowUnfree = true; @@ -153,6 +150,7 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; restic git neovim + emacs tmux #like screen wiper #like ncdu diff --git a/docker/nextcloud/docker-compose.yml b/docker/nextcloud/docker-compose.yml deleted file mode 100644 index 704fd71..0000000 --- a/docker/nextcloud/docker-compose.yml +++ /dev/null @@ -1,74 +0,0 @@ -services: - nextcloud-aio-mastercontainer: - image: ghcr.io/nextcloud-releases/all-in-one:latest - init: true - restart: always - container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly - dns: - - "192.168.200.146" #internal DNS ip - volumes: - - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work - - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'! - network_mode: bridge # add to the same network as docker run would do - ports: - # - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md - - 8080:8080 - # - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md - environment: # Is needed when using any of the options below - # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section - # AIO_COMMUNITY_CONTAINERS: # With this variable, you can add community containers very easily. See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers - APACHE_PORT: 8009 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md - APACHE_IP_BINDING: 0.0.0.0 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md - # APACHE_ADDITIONAL_NETWORK: frontend_net # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md - # BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy - # COLLABORA_SECCOMP_DISABLED: false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature - # FULLTEXTSEARCH_JAVA_OPTIONS: "-Xms1024M -Xmx1024M" # Allows to adjust the fulltextsearch java options. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-fulltextsearch-java-options - NEXTCLOUD_DATADIR: /home/elias/nextcloud/ # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir - # NEXTCLOUD_MOUNT: /mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host - # NEXTCLOUD_UPLOAD_LIMIT: 16G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud - # NEXTCLOUD_MAX_TIME: 3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud - # NEXTCLOUD_MEMORY_LIMIT: 512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud - # NEXTCLOUD_TRUSTED_CACERTS_DIR: /path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nextcloud container (Useful e.g. for LDAPS) See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca - # NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup - # NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container - # NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container - # NEXTCLOUD_ENABLE_DRI_DEVICE: true # This allows to enable the /dev/dri device for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud - # NEXTCLOUD_ENABLE_NVIDIA_GPU: true # This allows to enable the NVIDIA runtime and GPU access for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if an NVIDIA gpu is installed on the server. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud. - # NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps - # SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-skip-the-domain-validation - # TALK_PORT: 3478 # This allows to adjust the port that the talk container is using which is exposed on the host. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port - # WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock' - # security_opt: ["label:disable"] # Is needed when using SELinux - -# # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/discussions/575 -# # Alternatively, use Tailscale if you don't have a domain yet. See https://github.com/nextcloud/all-in-one/discussions/5439 -# # Hint: You need to uncomment APACHE_PORT: 11000 above, adjust cloud.example.com to your domain and uncomment the necessary docker volumes at the bottom of this file in order to make it work -# # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588 -# caddy: -# image: caddy:alpine -# restart: always -# container_name: caddy -# volumes: -# - caddy_certs:/certs -# - caddy_config:/config -# - caddy_data:/data -# - caddy_sites:/srv -# network_mode: "host" -# configs: -# - source: Caddyfile -# target: /etc/caddy/Caddyfile -# configs: -# Caddyfile: -# content: | -# # Adjust cloud.example.com to your domain below -# https://cloud.example.com:443 { -# reverse_proxy localhost:11000 -# } - -volumes: # If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive - nextcloud_aio_mastercontainer: - name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work - # caddy_certs: - # caddy_config: - # caddy_data: - # caddy_sites: diff --git a/docker/nextcloud/pass.txt b/docker/nextcloud/pass.txt deleted file mode 100644 index dabcace..0000000 --- a/docker/nextcloud/pass.txt +++ /dev/null @@ -1 +0,0 @@ -enduring expiring venus easter catchable creed material scaling diff --git a/services/calibre-web.nix b/services/calibre-web.nix index 06ebb25..ab540f9 100644 --- a/services/calibre-web.nix +++ b/services/calibre-web.nix @@ -34,5 +34,4 @@ systemd.services.calibre-web = { CacheDirectory = "calibre-web"; }; }; - } diff --git a/services/nextcloud-reset.sh b/services/nextcloud-reset.sh index aee9354..5347d2c 100755 --- a/services/nextcloud-reset.sh +++ b/services/nextcloud-reset.sh @@ -6,4 +6,4 @@ sudo systemctl stop phpfm-nextcloud sudo systemctl stop redis-nextcloud sudo rm -rf /var/lib/nextcloud #sudo rm -rf /var/lib/postgresql -#sudo rm -rf /var/lib/redis-nextcloud +sudo rm -rf /var/lib/redis-nextcloud diff --git a/services/nextcloud.nix b/services/nextcloud.nix index 7b6fe3d..78f86aa 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -1,15 +1,62 @@ { config, pkgs, ... }: { - +# BASIC CONFIG +# user is root +environment.etc."nextcloud-admin-pass".text = "CHANGE_RIGHT_AWAY"; + +/* services.nextcloud = { enable = true; - package = pkgs.nextcloud31; - hostName = "nextcloud.knossos"; - config.adminpassFile = "/var/lib/nextcloud-admin-pass"; - config.dbtype = "sqlite"; + hostName = "localhost"; + config.adminpassFile = "/etc/nextcloud-admin-pass"; +}; +*/ + + +services.nextcloud = { + enable = true; + configureRedis = true; + package = pkgs.nextcloud31; + hostName = "nextcloud.knossos"; +# datadir = "/var/lib/nextcloud/"; + settings = { + overwriteprotocol = "https"; + trusted_proxies = [ "localhost" "127.0.0.1" "100.82.24.89" ]; + trusted_domains = [ "nextcloud.knossos.arkadi.one" ]; + }; + config = { + dbtype = "pgsql"; + dbuser = "nextcloud"; + dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself + dbname = "nextcloud"; + adminpassFile = "/etc/nextcloud-admin-pass"; + adminuser = "admin"; + }; }; + services.postgresql = { + enable = true; + ensureDatabases = [ "nextcloud" ]; + ensureUsers = [ + { name = "nextcloud"; + ensureDBOwnership = true; + } + ]; + }; -services.nginx.virtualHosts."nextcloud.knossos".listen = [ { addr = "127.0.0.1"; port = 8009; } ]; + # ensure that postgres is running *before* running the setup + systemd.services."nextcloud-setup" = { + requires = ["postgresql.service"]; + after = ["postgresql.service"]; + }; + + +# CALIBRE-WEB already disabled? + +# services.nginx.enable = true; +# services.nginx.virtualHosts."nextcloud.knossos" ={ +# listen = [ { addr = "127.0.0.1"; port = 8009; } ]; +# forceSSL = false; +# }; } diff --git a/services/lup-nextcloud.nix b/services/nextcloud/lup-nextcloud.nix similarity index 100% rename from services/lup-nextcloud.nix rename to services/nextcloud/lup-nextcloud.nix diff --git a/services/old-nextcloud.nix b/services/nextcloud/nextcloud.nix similarity index 66% rename from services/old-nextcloud.nix rename to services/nextcloud/nextcloud.nix index e193c5f..679000f 100644 --- a/services/old-nextcloud.nix +++ b/services/nextcloud/nextcloud.nix @@ -16,12 +16,12 @@ services.nextcloud = { dbuser = "nextcloud"; dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself dbname = "nextcloud"; - adminpassFile = "/var/lib/secrets/nextcloud-admin-pass"; + adminpassFile = "/var/lib/secrets/nextcloud/nextcloud-admin-pass"; adminuser = "admin"; }; }; -services.postgresql = { + services.postgresql = { enable = true; ensureDatabases = [ "nextcloud" ]; ensureUsers = [ @@ -29,14 +29,20 @@ services.postgresql = { ensureDBOwnership = true; } ]; -}; + }; -# ensure that postgres is running *before* running the setup -systemd.services."nextcloud-setup" = { + # ensure that postgres is running *before* running the setup + systemd.services."nextcloud-setup" = { requires = ["postgresql.service"]; after = ["postgresql.service"]; -}; + }; -services.nginx.virtualHosts."nextcloud.knossos".listen = [ { addr = "127.0.0.1"; port = 8009; } ]; +# CALIBRE-WEB already disabled? + +# services.nginx.enable = true; +# services.nginx.virtualHosts."nextcloud.knossos" ={ +# listen = [ { addr = "127.0.0.1"; port = 8009; } ]; +# forceSSL = false; +# }; } diff --git a/services/oldnextcloud.nix b/services/oldnextcloud.nix new file mode 100644 index 0000000..7b6fe3d --- /dev/null +++ b/services/oldnextcloud.nix @@ -0,0 +1,15 @@ +{ config, pkgs, ... }: +{ + +services.nextcloud = { + enable = true; + package = pkgs.nextcloud31; + hostName = "nextcloud.knossos"; + config.adminpassFile = "/var/lib/nextcloud-admin-pass"; + config.dbtype = "sqlite"; +}; + + +services.nginx.virtualHosts."nextcloud.knossos".listen = [ { addr = "127.0.0.1"; port = 8009; } ]; + +}