From d47fc2217aaa831cc879135551b21d7a5fd3db63 Mon Sep 17 00:00:00 2001 From: Gerg-L Date: Wed, 20 Sep 2023 22:46:06 -0400 Subject: [PATCH] unix ports cool --- hosts/gerg-desktop/secrets.yaml | 6 +-- hosts/gerg-desktop/services/gitea.nix | 48 +++++++++++----------- hosts/gerg-desktop/services/miniflux.nix | 7 ++-- hosts/gerg-desktop/services/nextcloud.nix | 26 +++--------- hosts/gerg-desktop/services/postgresql.nix | 12 ++---- 5 files changed, 37 insertions(+), 62 deletions(-) diff --git a/hosts/gerg-desktop/secrets.yaml b/hosts/gerg-desktop/secrets.yaml index 1579ad1..19f4964 100644 --- a/hosts/gerg-desktop/secrets.yaml +++ b/hosts/gerg-desktop/secrets.yaml @@ -4,8 +4,6 @@ minifluxenv: ENC[AES256_GCM,data:wgz6sxSbbjXrgBAak0Q0TlvG78+JHPpiPtcbqGo9HpSF3qY gerg: ENC[AES256_GCM,data:iSwWGIIxQenCPMd/Tith/eagjVINn0mgrO99IG85cP4UXtut6GF2R57XDMeD7SU18vW1ULod/lYuTo0SmmrkmX+wlDWgm4cODw==,iv:fHTcn4ZmjSqLC8jQkuualRbp+RwvgblS1ic6WPb2WEY=,tag:rkDuXhvleKekv3bVpdNNuw==,type:str] store_key: ENC[AES256_GCM,data:/1wAHcMZl3loV2IR7mj1z51lwfKmaP24DgEjl2w8qwbrKHBIS09meLXrVTvsvQmFM4AvKig9ADs1aeYoVTTEa4QE9nKJ/LyRI5z8dHe7j7H5Y+UI+Syr0CUKN2I9UuqkOAyWrPM=,iv:5cLxhzNawFMTKn+MT5cHILTvggHmxteycL+2bxUPsoc=,tag:q8voriNRZUL4pYYfOvJT0A==,type:str] nextcloud: ENC[AES256_GCM,data:CJqcH+l7EMwV8q7S,iv:uiq+lRMYR8APoVCmliAvUEthBUABdPXxs53y8I1WB+M=,tag:ObRMNYp9xIKR4VPxQr3JfA==,type:str] -sql_gitea: ENC[AES256_GCM,data:KX6q1xqCgdAzC+A+HadEIo0JrQ8=,iv:Ljqy5VE6PpqZyS27PXRJbVH4yPE2GQBbVYZimNdF4o0=,tag:/wo72SvCfycb5zZ62O480A==,type:str] -sql_nextcloud: ENC[AES256_GCM,data:LzIJ1ikyxBkmCvInmvxZ2KqYHv8=,iv:t3uYBkbLR1U+IKFkF+myZcPUsA1zQs7hU0JAY0ZBvZc=,tag:xQ7Da2c6s9ZFDq13fT54ew==,type:str] gerg_ssl_key: ENC[AES256_GCM,data:F51mBHbLzfgJ8SdFQwxRIHOfG/iYi35EwOzQ/PlWkI6VzAGoFn3K/Team1dMAS62CxIq96WByqctLhfgNl/sI63LT9KoGAKV/8sLKXav9FtVJlrsqWCCswMRV95ia6vUj6yiqCdX2qgawq+sYO1ztUu5pTfvG2DEO+2r+SXCFPBARJ5CQl39i+clnyjVSsZLHlRwdqSG5uzfNyjMand/0jgQ6yxFExaqahSiyf20H7liK0G8vnv4R4X1Gs+6Cqm2nMRy89rSLVndoX+IH7tvfjxMB+oHJkjdYqcznfUuIDeRMTxeQq6RiQuSmBYgPfYBWenMgMgt0IiuTRxfCdShjveDGXJr1lO8ZkmxPV6VUgL7stbRUs+UkWgpct7cUbgwcsbdgUvo3SiHRDHikqAJgWihV3V8jOUBsJrNbCyam999cZtyTCHRxnpHYR+zEfqA4823c9tW6KYQRr+FW8mHYxGCPLyDgXzCsNYf3bOzkKx6UIw5iNjRfQIPVlQinJtTfcYY20CXn25k+V15wRWMvs2QrOWj7qdssIyPgDalb70mj0lrLbdceHWW6JTmHiSQAjFK1pYEmXIEa9G1jES3Zq3G9Ty0/XUmt3yGUJr2TBQxhDbryr5Kd6PLfIrHBh/msw1QlSbdSv4a4BeGos1qD0HJgXrE/xqHPCUX07wCYpXVeEHR5OXF0SVgc6dCWo+s5iE7AggS4j3dKqZoDV2l0rZGI7RQvf8BoEAl+RwsCgrgY2zo7qeSb12NVP8Kb/wA0hIWT3IFrj4wLyk93vjsHwdbt9QJWf7yAFqIkB3y2MwPGQdn0s88FzZTeZCqDo+Q2vH0+GhzNozg1NV6XorV8kRO5t0hTM8fw8PGFdt7cUm1PGg60Fg5lBOs3t/y9OFDZcfsgEuxnOwZeslzkPmnLHf3DBPizdc2XCXuYmEKGiBiiFSC+zJF6+3S9W9/6uHvHEffJrIRSPxC4ElDfyvpxxY4kA5BMCXALpkYDaDCRPQSpu1EF1bi0mBSONHl6in+aYr1leVG185n+AOR3SsaY8jftN/rU4VxV2W5zszx2KZk/LzAjoDAZbBHgBVgY7KsD8Zs2+TBJppnxg35S4s0+PRQM/0t7mFfSNGv75ih98UX9jzvIpb/evR5vD8ImUJy1BzO1nVyzKHQiILETixxz6kRMDUlvP6OpsBXcAWR0w0AKX4irAXT6xVyaSYfIBIJuwzE/mN68kNhPT62eaFnTUTV7KLf7yM/3+blXHcELtEVO2z1WcC3QJZNTA9WVTli+YTeJ//2M5gyBKOAQ3bfYeNz8mubxJQh0XpZaVdUu6TGVG3bIjbj0ixnnuAt6IVlZQK74h/Ah542oSuqLclrXlmNYn5vU5OdxjRgThZZKhZFoqiY+W79OulXDzSbhlMvI5tiGGjiIc31iFSKS0JYyISt1jdiwogv/b8/d7whQCwh9IvG7loKFsPBP2NgW6hYlixqcdaSpP9S7hrG54BPZe2o2S0Ci3BMasits2WFr6u7Qsx1AvuWyJ/rO+llmuvWVl64WNQxi8EYKiMJx0QI3Pr1Od66wVir/LtAlR04vsNHAvzM6gjuQYefWV9X2cXlklbGJYrE/9DCWr8fvUzmh659/81d2+CCkd7jxxFh8BHTR7oFHhM/H21BEUzOSu35vrMTPwy8y4mLhywNqmbLdOiOIGgkw4g+q5r4v9Byf15PqGcR02K+TmpQpF3HIpnv/3UH3lD4TtjIzWocTIdlKuriHsZcIIlHDxoWj/2mlo6+QxOiiTyR0jhQA372T2tlEo5/v3VFDuWikrBhgnmVe5zngkTqUUghrucbxJDDsehlwzSbrcczvYGwSNYu+DdS+57WDUGoLTJ7oOWovz5XCbV11LOQUNP8TYP597YzeV/eVguYvjUoSqSmo0m6kHGkhLZWbWyZrl7e2F7cOf+S6cdheREkp2Q/Eet8/B9fVWxRBBTXTLnOCC2q/Y1A9Ls+lpW4OXYO7QJjQAx9SKXfrjGgujrXH7oLMxQZfORwjnZzT1LQU7T0wNhQvZLHmUoA0VRZdSxSqEWlEjSF0eJjx/SNoKOacinHTCiT3r0P0cKmIypENef9czRURKgiunmlvSgQ5jOeu2C69KmF9Qau5YnRt6rXjkJzu+lji5ArVfkDxDG+mx5dtVSxwovbdAh065JDHo52ROaXLCb3nfFWKWSgoemYXrsbH9lT4/Ro3P2JC+iDeJFwz4r9OjTvPDWh9YTfzOlhfvg7m+2lg9vV74gmXd+IgSKh,iv:aE4/hxhfju3jJXjwK0TrfI/cbLsFgDEDspg2zTgqo4M=,tag:LAmit77WTZnpoCX1iuhkbQ==,type:str] gerg_ssl_cert: ENC[AES256_GCM,data:ByPI7ACEz9IvUmVcFvnuJ4+GQmccF+REH55/zgf4CpKMW2MB6jEurGjNXKmCxv/ac4CTHxk9iMKCbHm5Nt+C7sfCSBUbgxXOcRnnVkTKUtV8P6bdWFDtWWFx3xcxpNraGXhIoPTTNm4fFkE/wmYOv0nJylYiPO5JOMg86AilAvhVK3g9y/zu4Z6c0P4ZxfmXkXyBJRMXhPCRu/Y8FSNmepXTxBdq4AmmQpcMogCVcmr2X/PH/zWxb+akGaIbxZHngb1YQWrcXiKFN0kteprVaFb2M20sbp5A/jPsZvXc9nUk961oOd9/0UpUmv/ZpwbF8vQQKg9vZu+fKDP2GuWxNJfwASQEEv41t+3wi51rnCPRlzcuhUsHxPv7jtGeQKcjZ1SehgS2SBDnZvCf16c13RIm1HiyBIVJryaHUm0j4hgFOAsrSBzg/D5KJGYmC10AhoL3JNmcK3yOpH1KHvJ/8Yjxkws7QQlIJ8duS0lMcPLDlHi8Bx6safQeAA9MbNEN/cZxy7DluvuqO9pIihpaY7sh3SD6LWZoXP4BPvw7iZgo4oMacchsYB9RRRr6sNCAo1391BOzaB3gYyMkOz9DGjbOk9UXvINhpAWjSGXKxOik179+CAWNIPK5AclyV/2A5DAoXYQi1Ix7dxZ2HFx8p9fVRn8RdtwnXqyq/NtJKHNTKcUCYbgBAkcAcfC8ha75l7VQjPY9pShjf1H4e4k+bPEklC0P/J4liCLAppIu8D1hoQED/wDd3ah1IFrW8ClCyU4oal5y3ezBrzJHbVBibQhaIS/kH9KW4aqlLRWm+Ec/AduHaaUO3iH6yzSrB5bMQblk2B/N/KdySMOJ9ZIusn+iPcjWghgZSAdY8yObqoZkbTOhzkml0Y+tR4BNH8edKNBnN6TdqVYhqh3KqvuNCf6W2v8sQ9YdVnT0mEOH3dvWfGDMg+XIRPEpFF9ukYGfxQzFtKuLc6gA7l4dPRzdkXGwdQsu8YfQBvw1i3Nw6EHe8J05Wa9yEK8b4xSiZiCavnAKivLQAQZiQmaOanbyR2aS6ItN7S2X4GMxJfqazxWJm2y9RI/OdU6bU8xUx/kNi4+UPkh2e9IGo3kmv8eyA5hRtW2poMmHxRaCE0yJqP4llEy5rnW+S3Atfm3axC89ZpD+5wgmtV/BeIexZRUOZVSXSvlBtC4bmyWOfJCck8FoBSXmwvm4u4VB1bi9bTj0IAkTtcgRuNQOVf54XuhIrprMKtbiEa2/HbLcFB5Vox7aWJbq+HrAbVUUqBLSJwv6t6/5y0Gby1LPSicTvQ0tqWzmgPGxO2luvV7PeeqJcKJFAeqq31bgM7w861qz1KbATUsgx3gZD2y3QvtSwdRGYiNPPYnsG8O62tnulF9VgV5DO0fKMLJbE+q5+tWLscux1iyvzAZfgL5pSS+0ODmWCDr9H8RMhxElAEGDbsuhrOq6pyUiNmosKZ85xOf9qFtwgpEk5PDbWF9n/4qc+LXML3X8IOkABI54DtVqDTzssaNjW/rowcAgCOm7/Py1//anTxzD5RgOWfOEk3AO6dURpXwheB+cSdELt4b6vt1lTiEtcFBBc4Xif31/5eDDu7hRk+61medR1GZMEvs6VgnMbxoBia2MjdN5MAHNJFePiuabUsJeCOTVhO+OTRpq3Ni37xnJc2VieGIBwzaYaBE5p5HEkyiX76VYwpkE2C0Zi72DWLLLtyGX+FGFJpzIlNuYaJauzPQgPSbAHlZ8GSMtRiiEszhGvht77G87iBx3rut3YCkN63cLpKv08ah3/C4HBjG25viQR5u1S1e8jnCmzQyQYHrefgJim+nayriZdF2BqsLzOZwrgSEjKpQJ2UlSCQdoJoBf+5ceqz/noxEHjr2b6EIZL/omvMWdolH1BzapAbaAI5iQ0hDGMCVPbGi2C0dmRFKRTfEqR534b2Xy7+FknLifeRCQX4HMiDmYsjlWLlMdIGqtMkodHtPT387PGYJznzUAlWACGbC0qzOdi7Gaaa2AUHpPK9VwgQHeA2MuaK1LuZQoIbq4y4NE47MDdKKZH+/LB71JR7TjrrLZRvFdfp+HpK1YZymoHRgR+1NKWKKP+xpFlAsUa+7IDACBEzcBehkWlM0g22Ii7GEad/kxsQbExNDxg9gTspRPtT7cMAlQON7BRdjTT/emJGI5AOogPR4vkORwODV1cY3TvRDyE1Kqpw4KVRLWhf4e3w==,iv:ncEJNbY/7oUGNKRvhRHLq7Z8J5dCXl91oT5BYuOV5ZE=,tag:Us+lhVE7d5eeix1Iw/08+w==,type:str] nixfu_ssl_key: ENC[AES256_GCM,data:gwMbdsu2mlcZvCFrh6G/SQoIJLcUNyMkInw73+gUqR1EJH/kShqQGkQluE1lEoXobnh6wK5Rqz9yN4EJwWw/u4W6gYnXKOIHlb13faJHpRwTu1RPMmiJdJcCfjmW7sx+Yao1WjPq9h5Wr6CQjsACU4KPpIp0FWkVr5I6gGX91gkXyQgksGOKUcLQJYJDKLYbvTBnSA68Yoho4Tv5USG+GuxE1NQn3mc3cysA8V9sSZiR54cx2zK+u5l+MeC1Kcxh2KU9CER+B43jOonYxPj5EID0ZTv8aovkRcxkTTBzSdUvwCiUUx6IEectW0xtMeHxXrdDXwsxyuVCNPfmtgsqt5jIIJmEy985zLFjXNddG1CBgGTqxGamsMZ+McXCSb9ZD0wiMp9KVa6+ohLnc8PLIiN2qGFg1X2PNYzTTyesM6qja/9cV6A1raoQWhZOFfjEbsLmVtTI99QuBUtVJP6Q5lHeELIVm9ALc2W13P4/4waeCo2lQbI0hmU9FcL5hd3oiot0/DotnlqXhi6a9Qa2OSwBgpTHzZIihAPkMnxSskgymcK6CAX6es9m1v+526XG4gRAcSZ0nQWLRnF3++2g7jNCU/ivAdu1exzQRw6Y3UaluyaY46i67V53zVtddgsQlyRAxtCouJNFFCJp5KJ8+6J6ohF4wuN2L8ABR/DrrZ+piiAfgwnrOevGxRwKyKOzL+SjSLwM/ybxhgSDcM0LffMcs8FdUHgV7Qtr4lBvhluFGKza4N5ZYTe5bJLnm2poIKiXjsUPKSJmuipmYzPbRwOm8Y329J418MXNQNhDr8DV/BzOyzzWSWM//B2FMLTgJrn69VWrsdGGUKv/j5dwRRU1iYpO5Of83JiIJzHbWL35iQ0RsfC/O+oTrjYGNw3Bc3XyIogCW054u6kDjxBDTcG+26kSPujUz1D7DxJ4hZwMnr84/CkR5qmktgn1rpH4caz3bUjJjmrO4jeLYQP3eTEXnahTU2N81SjzCekvYsiIB/nq3oVtxnSFlEiAu5KiqswqBv0j8XOABbPu4elyUi09ekYz2ZQ2DtBLz+I5r6seDykIVL9zWmBEJHawGAC1yRAI4CWe28cCTOnpkt2keewBmZG1QwbINvEc21Q0NutGdZ3s27RHkGnsoda8tk5DipF8k5dyxmLy8jzFmHAwNB7m1UG5IYhFy95+C8ihfQF2tJfmO6VEDHuAviSdso/+wgYVsfp1MbtK9w+ACQvEbO90yRDBQ9VBg326C87kk9pXLal7l94JkBMR7cbLTAKH60ApYpLPVIZDvaHV2jxSrXypK6hdyTjpVnpyyC3SQXo1bn/Ixtd/tfA2fP5/IPB7xdNYEYu7lJWa7sY91BjhnnxRPkfCINt491MIXGqTO6LpGc/hJBukQI7rTr+mxJK5ajkvBpgDg7O+5sS/kmCbcFSAFw/T85n+WDo6QMQbrZqgrqmT6PaRtCLVWAIVX5UBDNUvXf6gUX/8WnSdQZtOPfkTBu3JEyDCkF/ETI+OZDnXVnOXKmYT7SMVHbPWxsTtmBuH1FZYi1aw7wyj/M7IC3k1ytm2YfOtRgO+xUi402gWS09fdENVWQ4fyRkNmwFvi9lBBvi9W2gCFWe53X2GO4Z3MQnKAtVCi0Rv8Xwh+hu8MijMwrs3CSSDAX1C3MAYQ9enzSXPeMQuZ84MQi4P664saNBd3gPRHQT52yH3tobpIwIZ8xUnHJ/Q6Rw6HRMtAqE8XWIxBGf7b0qqYkfwquE1uwiCVuq/j/af6qX3aNro1GyRymcPJN0Ko9JNOSn39SQxCqKawPHaFv7HX3JjEI299KNMGlD7lu8RKorD/+gIoz/7BTe1kmoUZDVPrgzudRvFAOrOATCoV/+FC48OQYoa24CITQx5ymJ1zTLE9d4M8vwNiOCpcVPyjabn8kt8rJmajjSidPAY+OX6lHpNbjcORZmjExZNMO5qApIqdl4WW9/pVq/pZSUwM31WbM0/JpJdws1LX5Ao+G2m/CO2fJqQS53mXMHfF85UWkJ1BuO5Be4Z54AWDDp4ZJzNfnQS/Ee84peTEExJ9mFvWYSlPLtzFOeUvI22RAcUJpQ/2vo8pI8S8h3BYCfSRyRW7ISYBCcRCpw/AkLWkgvOvXDYNj8xvPAtzftiP1GkMwjJSpbX3QGOYgO31KTy8lh836ePrJWsZa1MPD9nxyhajxs4MwKm2384UMtqu53mTtx7s2MchhiqrJoRUJW0Brq/oZM/WhhKHSjWssYrwLx5bymhg//Oa9PBP30j,iv:BbD2i/35D8p0/eEQ6RuM5nsDnQV+x2nTLU890LSju38=,tag:to2mYPiNkdYBHsgG7NJDbQ==,type:str] @@ -25,8 +23,8 @@ sops: dGhDRXRTWE9xSGtxQU80RVpuL1A5MkEKxAxC/wDkq+6hM8eXkWd/RBDNIUtGYnPy MvVxB6dkj+S11oRcMpdFqiM9jSzz/gYecB2tfuDgj+UX/VAzSkvPxA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-09-19T22:04:42Z" - mac: ENC[AES256_GCM,data:Z9AH0zxbtwamsWP5htqQJmnsZZcZQ2PElqevQZ8E25EO8mM7NktgYs5ad372y/ZxIuQpxe5YSjBhxv14YBvlyqx0+oU6Bxsnvfg15fPVtJgRj8H+vTNQahvESoh6yX7iuae7sqN1daYm7Ye02BymDL9VotjQtmQRQYCs7xA6oK0=,iv:nBm1F6KhKF8QvkKlPnIlt/zIxdtComIMBs1vK1FbykE=,tag:6BrQ2AUtX6lQ7s111mQh1w==,type:str] + lastmodified: "2023-09-20T22:58:46Z" + mac: ENC[AES256_GCM,data:9H2GYiOCifDR2yv/rju2/5Gc5DfovhhS3c1IFCqvLdaWZGcwvXx4/72YnOjtZ3VNB4XSsuDSGU07wEZp+6pRtBJ7Zdq2bF2bzbZHt32hTNv1BYKNMaJpebOO0I2+DH4qWMhqDYW7leZqNsApir75/O/ixjwzomTiXmwUi7jrkYU=,iv:zjMl+DfPa2S9C+pEmBxjnPTdvY1P1s/ISN3st/jvnDk=,tag:wbc8OIgsC+oEE75M5U0jhQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.0 diff --git a/hosts/gerg-desktop/services/gitea.nix b/hosts/gerg-desktop/services/gitea.nix index 5124034..6fd11d5 100644 --- a/hosts/gerg-desktop/services/gitea.nix +++ b/hosts/gerg-desktop/services/gitea.nix @@ -1,33 +1,31 @@ _: {config, ...}: { - sops.secrets.sql_gitea = { - owner = config.services.gitea.user; - inherit (config.services.gitea) group; - }; users.users = { - ${config.services.gitea.user}.openssh.authorizedKeys.keys = [config.local.keys.gerg_gerg-desktop]; + ${config.services.gitea.user} = { + openssh.authorizedKeys.keys = [config.local.keys.gerg_gerg-desktop]; + extraGroups = ["postgres"]; + }; ${config.services.nginx.user}.extraGroups = [config.services.gitea.group]; }; - services = { - gitea = { - enable = true; - stateDir = "/persist/services/gitea"; - appName = "Powered by NixOS"; - settings = { - server = { - DOMAIN = "git.gerg-l.com"; - ROOT_URL = "https://git.gerg-l.com/"; - LANDING_PAGE = "/explore/repos"; - HTTP_ADDR = "/run/gitea/gitea.sock"; - PROTOCOL = "http+unix"; - UNIX_SOCKET_PERMISSION = "660"; - }; - ui.DEFAULT_THEME = "arc-green"; - service.DISABLE_REGISTRATION = true; - }; - database = { - type = "postgres"; - passwordFile = config.sops.secrets.sql_gitea.path; + services.gitea = { + enable = true; + stateDir = "/persist/services/gitea"; + appName = "Powered by NixOS"; + settings = { + server = { + DOMAIN = "git.gerg-l.com"; + ROOT_URL = "https://git.gerg-l.com/"; + LANDING_PAGE = "/explore/repos"; + HTTP_ADDR = "/run/gitea/gitea.sock"; + PROTOCOL = "http+unix"; + UNIX_SOCKET_PERMISSION = "660"; }; + ui.DEFAULT_THEME = "arc-green"; + service.DISABLE_REGISTRATION = true; + }; + database = { + type = "postgres"; + socket = "/run/postgresql"; + createDatabase = true; }; }; _file = ./gitea.nix; diff --git a/hosts/gerg-desktop/services/miniflux.nix b/hosts/gerg-desktop/services/miniflux.nix index 31d330f..c7a1853 100644 --- a/hosts/gerg-desktop/services/miniflux.nix +++ b/hosts/gerg-desktop/services/miniflux.nix @@ -4,10 +4,7 @@ _: { pkgs, ... }: { - sops.secrets.minifluxenv = { - owner = "miniflux"; - group = "miniflux"; - }; + sops.secrets.minifluxenv.owner = "miniflux"; systemd.services = { miniflux = { @@ -48,6 +45,7 @@ _: { }; environment = { + BASE_URL = "https://flux.gerg-l.com"; LISTEN_ADDR = "/run/miniflux/miniflux.sock"; DATABASE_URL = "user=miniflux host=/run/postgresql dbname=miniflux"; RUN_MIGRATIONS = "1"; @@ -74,6 +72,7 @@ _: { users = { miniflux = { group = "miniflux"; + extraGroups = ["postgres"]; isSystemUser = true; uid = 377; }; diff --git a/hosts/gerg-desktop/services/nextcloud.nix b/hosts/gerg-desktop/services/nextcloud.nix index 8502e87..b082ec2 100644 --- a/hosts/gerg-desktop/services/nextcloud.nix +++ b/hosts/gerg-desktop/services/nextcloud.nix @@ -3,19 +3,10 @@ _: { config, ... }: { - sops.secrets = { - sql_nextcloud = { - owner = "nextcloud"; - group = "nextcloud"; - }; - nextcloud = { - owner = "nextcloud"; - group = "nextcloud"; - }; - }; - systemd.tmpfiles.rules = [ - "d /persist/services/nextcloud - nextcloud nextcloud - -" - ]; + sops.secrets.nextcloud.owner = "nextcloud"; + + users.users.nextcloud.extraGroups = ["postgres"]; + services.nextcloud = { enable = true; package = pkgs.nextcloud27; @@ -23,18 +14,13 @@ _: { hostName = "next.gerg-l.com"; autoUpdateApps.enable = false; enableBrokenCiphersForSSE = false; + database.createLocally = true; config = { dbtype = "pgsql"; - dbhost = "/run/postgresql"; - dbpassFile = config.sops.secrets.sql_nextcloud.path; - adminpassFile = config.sops.secrets.sql_nextcloud.path; + adminpassFile = config.sops.secrets.nextcloud.path; adminuser = "admin-root"; defaultPhoneRegion = "US"; }; }; - systemd.services."nextcloud-setup" = { - requires = ["postgresql.service"]; - after = ["postgresql.service"]; - }; _file = ./nextcloud.nix; } diff --git a/hosts/gerg-desktop/services/postgresql.nix b/hosts/gerg-desktop/services/postgresql.nix index 223db49..c667da8 100644 --- a/hosts/gerg-desktop/services/postgresql.nix +++ b/hosts/gerg-desktop/services/postgresql.nix @@ -7,9 +7,9 @@ _: { enable = true; package = pkgs.postgresql_13; dataDir = "/persist/services/postgresql"; + ensureDatabases = [ "miniflux" - config.services.nextcloud.config.dbname config.services.gitea.database.user ]; ensureUsers = [ @@ -17,15 +17,9 @@ _: { name = "miniflux"; ensurePermissions."DATABASE miniflux" = "ALL PRIVILEGES"; } - { - name = config.services.nextcloud.config.dbuser; - ensurePermissions."DATABASE ${config.services.nextcloud.config.dbname}" = "ALL PRIVILEGES"; - } - { - name = config.services.gitea.database.user; - ensurePermissions."DATABASE ${config.services.gitea.database.name}" = "ALL PRIVILEGES"; - } ]; + + settings.unix_socket_permissions = "0770"; }; _file = ./postgresql.nix; }