flexing on Plumeria

2025-12-10 08:53:56 -05:00 · 2023-03-12 03:28:57 -04:00 · 2023-03-12 03:28:57 -04:00 · 04d0e3e9a7
commit 04d0e3e9a7
parent fa8e9e6bc8
2 changed files with 68 additions and 6 deletions
--- a/systems/gerg-desktop/containers/website.nix
+++ b/systems/gerg-desktop/containers/website.nix
@ -1,5 +1,15 @@
 _: {...}: {
-  sops.secrets."website/sql" = {};
+  sops.secrets = {
+    "website/sql_gitea" = {
+      mode = "0444";
+    };
+    "website/sql_nextcloud" = {
+      mode = "0444";
+    };
+    "website/nextcloud" = {
+      mode = "0444";
+    };
+  };
  containers."website" = {
    ephemeral = true;
    autoStart = true;
@ -31,7 +41,6 @@ _: {...}: {
        defaultGateway = "192.168.1.1";
        nameservers = ["1.1.1.1" "1.0.0.1"];
        firewall = {
-          #allowedUDPPorts = [giteaPort 80 443];
          allowedTCPPorts = [giteaPort 80 443 22];
        };
      };
@ -46,7 +55,7 @@ _: {...}: {
      services = {
        gitea = {
          enable = true;
-          appName = "WEEEWOOOO";
+          appName = "Powered by NixOS";
          domain = "git.gerg-l.com";
          rootUrl = "https://git.gerg-l.com/";
          httpPort = giteaPort;
@ -61,9 +70,52 @@ _: {...}: {
              DISABLE_REGISTRATION = true;
            };
          };
+          database = {
+            type = "postgres";
+            passwordFile = "/secrets/sql_gitea";
+          };
+        };
+        nextcloud = {
+          enable = true;
+          package = pkgs.nextcloud25;
+          hostName = "next.gerg-l.com";
+          nginx.recommendedHttpHeaders = true;
+          enableBrokenCiphersForSSE = false;
+          https = true;
+          autoUpdateApps.enable = true;
+          config = {
+            dbtype = "pgsql";
+            dbhost = "/run/postgresql";
+            dbpassFile = "/secrets/sql_nextcloud";
+            adminpassFile = "/secrets/nextcloud";
+            adminuser = "admin-root";
+            defaultPhoneRegion = "IL";
+            extraTrustedDomains = ["[2605:59c8:252e:500:200:ff:fe00:11]"];
+          };
+        };
+        postgresql = {
+          enable = true;
+          package = pkgs.postgresql_13;
+          ensureDatabases = [config.services.nextcloud.config.dbname];
+          ensureUsers = [
+            {
+              name = config.services.nextcloud.config.dbuser;
+              ensurePermissions."DATABASE ${config.services.nextcloud.config.dbname}" = "ALL PRIVILEGES";
+            }
+          ];
+          authentication = ''
+            local gitea all ident map=gitea-users
+          '';
+          identMap = ''
+            gitea-users gitea gitea
+          '';
        };
        nginx = {
          enable = true;
+          recommendedGzipSettings = true;
+          recommendedOptimisation = true;
+          recommendedProxySettings = true;
+          recommendedTlsSettings = true;
          virtualHosts = {
            "git.gerg-l.com" = {
              forceSSL = true;
@ -72,6 +124,10 @@ _: {...}: {
                proxyPass = "http://localhost:${toString giteaPort}";
              };
            };
+            "next.gerg-l.com" = {
+              forceSSL = true;
+              enableACME = true;
+            };
          };
        };
        openssh = {
@ -83,6 +139,10 @@ _: {...}: {
          };
        };
      };
+      systemd.services."nextcloud-setup" = {
+        requires = ["postgresql.service"];
+        after = ["postgresql.service"];
+      };
      security.acme = {
        acceptTerms = true;
        defaults.email = "gregleyda@proton.me";