zuckerberg/nix-config
zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

Compare commits

base: zuckerberg:82b67ed566b4444521ba5c615bf9b8a863a5054c
Branches Tags
zuckerberg:master
zuckerberg:stage
zuckerberg:rpi-hotspot
zuckerberg:attic
zuckerberg:kexec_luks2
zuckerberg:pia-client
..
compare: zuckerberg:f00df4f17cf3987bc23469926892de962e22c8cb
Branches Tags
zuckerberg:master
zuckerberg:stage
zuckerberg:rpi-hotspot
zuckerberg:attic
zuckerberg:kexec_luks2
zuckerberg:pia-client

1 Commits
82b67ed566 ... f00df4f17c

Author SHA1 Message Date
Zuckerberg
f00df4f17c Add collabora online and move nextcloud domain
All checks were successful
Check Flake / check-flake (push) Successful in 2m16s
Details
2025-07-13 18:45:47 -07:00
6 changed files with 20 additions and 69 deletions
Show Stats Expand all files Collapse all files

63
common/server/nextcloud.nix
View File

@ -5,12 +5,7 @@ let
cfg = config.services.nextcloud;
nextcloudHostname = "runyan.org";
collaboraOnlineHostname = "collabora.runyan.org";
whiteboardHostname = "whiteboard.runyan.org";
whiteboardPort = 3002; # Seems impossible to change
# Hardcoded public ip of ponyo... I wish I didn't need this...
public_ip_address = "147.135.114.130";
collaboraOnlineHostname = "docs.runyan.org";
in
{
config = lib.mkIf cfg.enable {
@ -29,14 +24,14 @@ in
# Want
inherit end_to_end_encryption mail spreed;
# For file and document editing (collabora online and excalidraw)
inherit richdocuments whiteboard;
# For collabora-online
inherit richdocuments;
# Might use
inherit calendar qownnotesapi;
inherit bookmarks calendar cookbook deck memories qownnotesapi;
# Try out
# inherit bookmarks cookbook deck memories maps music news notes phonetrack polls forms;
# inherit maps music news notes phonetrack polls forms;
};
# Allows installing Apps from the UI (might remove later)
@ -57,7 +52,6 @@ in
forceSSL = true;
};
# collabora-online
# https://diogotc.com/blog/collabora-nextcloud-nixos/
services.collabora-online = {
enable = true;
@ -94,61 +88,26 @@ in
};
systemd.services.nextcloud-config-collabora =
let
inherit (config.services.nextcloud) occ;
wopi_url = "http://localhost:${toString config.services.collabora-online.port}";
public_wopi_url = "https://${collaboraOnlineHostname}";
wopi_allowlist = lib.concatStringsSep "," [
"127.0.0.1"
"::1"
public_ip_address
];
in
{
wantedBy = [ "multi-user.target" ];
after = [ "nextcloud-setup.service" "coolwsd.service" ];
requires = [ "coolwsd.service" ];
path = [
config.services.nextcloud.occ
];
script = ''
nextcloud-occ -- config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
nextcloud-occ -- config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
nextcloud-occ -- config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
nextcloud-occ -- richdocuments:setup
'';
serviceConfig = {
Type = "oneshot";
};
};
# Whiteboard
services.nextcloud-whiteboard-server = {
enable = true;
settings.NEXTCLOUD_URL = "https://${nextcloudHostname}";
secrets = [ "/run/agenix/whiteboard-server-jwt-secret" ];
};
systemd.services.nextcloud-config-whiteboard = {
wantedBy = [ "multi-user.target" ];
after = [ "nextcloud-setup.service" ];
requires = [ "coolwsd.service" ];
path = [
config.services.nextcloud.occ
];
script = ''
nextcloud-occ -- config:app:set whiteboard collabBackendUrl --value="https://${whiteboardHostname}"
nextcloud-occ -- config:app:set whiteboard jwt_secret_key --value="$JWT_SECRET_KEY"
${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
${occ}/bin/nextcloud-occ richdocuments:setup
'';
serviceConfig = {
Type = "oneshot";
EnvironmentFile = [ "/run/agenix/whiteboard-server-jwt-secret" ];
};
};
age.secrets.whiteboard-server-jwt-secret.file = ../../secrets/whiteboard-server-jwt-secret.age;
services.nginx.virtualHosts.${whiteboardHostname} = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString whiteboardPort}";
proxyWebsockets = true;
};
};
};

7
common/shell.nix
View File

@ -34,6 +34,13 @@
io_rand_write = "${pkgs.fio}/bin/fio --name TEST --eta-newline=5s --filename=temp.file --rw=randrw --size=2g --io_size=10g --blocksize=4k --ioengine=libaio --fsync=1 --iodepth=1 --direct=1 --numjobs=1 --runtime=60 --group_reporting; rm temp.file";
llsblk = "lsblk -o +uuid,fsType";
sudo = "doas";
ls = "pls";
ls2 = "eza";
explorer = "broot";
};
nixpkgs.overlays = [

7
home/googlebot.nix
View File

@ -19,7 +19,6 @@ in
# Modern "ls" replacement
programs.pls.enable = true;
programs.pls.enableFishIntegration = true;
programs.eza.enable = true;
# Graphical terminal
@ -42,12 +41,6 @@ in
# tldr: Simplified, example based and community-driven man pages.
programs.tealdeer.enable = true;
home.shellAliases = {
sudo = "doas";
ls2 = "eza";
explorer = "broot";
};
programs.zed-editor = {
enable = thisMachineIsPersonal;
extensions = [

2
machines/ponyo/default.nix
View File

@ -78,7 +78,7 @@
services.postgresql.package = pkgs.postgresql_15;
# iodine DNS-based vpn
# services.iodine.server.enable = true;
services.iodine.server.enable = true;
# proxied web services
services.nginx.enable = true;

1
secrets/secrets.nix
View File

@ -31,7 +31,6 @@ with roles;
# cloud
"nextcloud-pw.age".publicKeys = nextcloud;
"whiteboard-server-jwt-secret.age".publicKeys = nextcloud;
"smb-secrets.age".publicKeys = personal ++ media-center;
"oauth2-proxy-env.age".publicKeys = server;

7
secrets/whiteboard-server-jwt-secret.age
View File

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 6AT2/g IKBONbSLcU2+HkuAsOv2Hehpx42Euw1arhM4BjNALUQ
lGKw2+U27LHEDGBrQV9wvcF/uACjyYukFA0Mjbgvfrs
-> ssh-ed25519 w3nu8g dYRX57rbE8OEZiK1cDJdBhUGyA/9OrhO8RMejU/nh3s
F0Y+adJD+L+OCVCJ78o1XiS0HkVLceOadqWcKEYxOlk
--- P3KkdM78M9DiqUOnkgnxd+JwOmFpMTYWDS3FuJZKG3M
˜§«]Læ=r)†ä#ó™ýšEŽ~_*¥m*Ñò‡RöD`âЄVI/—³™¬ÎÝ‚Àâû.] 3r<33>{^<5YZÈX¸²¬å¢,,}Úñá|ªzé¸Á