diff --git a/nixos/configs/pepe/syncthing.nix b/nixos/configs/pepe/syncthing.nix index b25504e..4599731 100644 --- a/nixos/configs/pepe/syncthing.nix +++ b/nixos/configs/pepe/syncthing.nix @@ -111,4 +111,9 @@ after = [ "media.mount" ]; }; + + backup.dirs = [ + config.services.syncthing.folders.finance.path + ]; + } diff --git a/nixos/configs/robi/configuration.nix b/nixos/configs/robi/configuration.nix index 617ec88..18ab159 100644 --- a/nixos/configs/robi/configuration.nix +++ b/nixos/configs/robi/configuration.nix @@ -1,25 +1,28 @@ { lib, config, pkgs, ... }: { imports = [ - ../../system/all/defaults.nix - ../../system/all/tinc.nix ../../system/all/borg-jobs.nix + ../../system/all/defaults.nix + ../../system/all/sshd-known-hosts-bootup.nix + ../../system/all/sshd-known-hosts-private.nix + ../../system/all/sshd-known-hosts-public.nix + ../../system/all/syncthing.nix + ../../system/all/tinc.nix + ../../system/server/netdata.nix ./hetzner.nix + + ./codimd.nix + ./gitea.nix + ./grocy.nix + ./nextcloud.nix ./packages.nix - ./tinc.nix ./syncthing.nix ./taskserver.nix + ./tinc.nix ./transmission.nix - ./nextcloud.nix - ./codimd.nix - - - ./gitea.nix - #./gitlab.nix - # todo - #./bitwarden.nix + ./vaultwarden.nix #../../system/server @@ -78,7 +81,5 @@ fsType = "ext4"; }; - - } diff --git a/nixos/configs/robi/grocy.nix b/nixos/configs/robi/grocy.nix new file mode 100644 index 0000000..614a8b9 --- /dev/null +++ b/nixos/configs/robi/grocy.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: + +{ + services.grocy = { + enable = true; + settings = { + culture = "de"; + currency = "EUR"; + }; + hostName = "grocy.ingolf-wagner.de"; + nginx.enableSSL = true; + }; + + backup.dirs = [ config.services.grocy.dataDir ]; + +} diff --git a/nixos/configs/robi/nextcloud.nix b/nixos/configs/robi/nextcloud.nix index 6e41e9d..c2847d7 100644 --- a/nixos/configs/robi/nextcloud.nix +++ b/nixos/configs/robi/nextcloud.nix @@ -66,28 +66,28 @@ in priority = 210; extraConfig = "return 301 $scheme://$host/remote.php/dav;"; }; - "~ .(?:css|js|svg|gif)$" = { - proxyPass = "http://${containerAddress}$request_uri"; - extraConfig = '' - expires 6M; # Cache-Control policy borrowed from `.htaccess` - access_log off; # Optional: Don't log access to assets - sub_filter "http://nextcloud.ingolf-wagner.de" "https://nextcloud.ingolf-wagner.de"; - sub_filter "nextcloud.workhorse.private" "nextcloud.ingolf-wagner.de"; - # used for view/edit office file via Office Online Server - client_max_body_size 0; - ''; - }; - "~ .woff2?$" = { - proxyPass = "http://${containerAddress}$request_uri"; - extraConfig = '' - expires 7d; # Cache-Control policy borrowed from `.htaccess` - access_log off; # Optional: Don't log access to assets - sub_filter "http://nextcloud.ingolf-wagner.de" "https://nextcloud.ingolf-wagner.de"; - sub_filter "nextcloud.workhorse.private" "nextcloud.ingolf-wagner.de"; - # used for view/edit office file via Office Online Server - client_max_body_size 0; - ''; - }; + #"~ .(?:css|js|svg|gif)$" = { + # proxyPass = "http://${containerAddress}$request_uri"; + # extraConfig = '' + # expires 6M; # Cache-Control policy borrowed from `.htaccess` + # access_log off; # Optional: Don't log access to assets + # sub_filter "http://nextcloud.ingolf-wagner.de" "https://nextcloud.ingolf-wagner.de"; + # sub_filter "nextcloud.workhorse.private" "nextcloud.ingolf-wagner.de"; + # # used for view/edit office file via Office Online Server + # client_max_body_size 0; + # ''; + #}; + #"~ .woff2?$" = { + # proxyPass = "http://${containerAddress}$request_uri"; + # extraConfig = '' + # expires 7d; # Cache-Control policy borrowed from `.htaccess` + # access_log off; # Optional: Don't log access to assets + # sub_filter "http://nextcloud.ingolf-wagner.de" "https://nextcloud.ingolf-wagner.de"; + # sub_filter "nextcloud.workhorse.private" "nextcloud.ingolf-wagner.de"; + # # used for view/edit office file via Office Online Server + # client_max_body_size 0; + # ''; + #}; }; }; }; @@ -240,7 +240,7 @@ in # nextcloud setup services.nextcloud = { enable = true; - package = pkgs.nextcloud22; + package = pkgs.nextcloud23; autoUpdateApps.enable = true; #nginx.enable = true; hostName = "nextcloud.ingolf-wagner.de"; diff --git a/nixos/configs/robi/tinc.nix b/nixos/configs/robi/tinc.nix index e4e99cb..141df53 100644 --- a/nixos/configs/robi/tinc.nix +++ b/nixos/configs/robi/tinc.nix @@ -1,5 +1,7 @@ { config, lib, pkgs, ... }: { + imports = [ ../../system/all/tinc.nix ]; + module.cluster.services.tinc = { "private" = { enable = true; diff --git a/nixos/configs/robi/bitwarden.nix b/nixos/configs/robi/vaultwarden.nix similarity index 100% rename from nixos/configs/robi/bitwarden.nix rename to nixos/configs/robi/vaultwarden.nix diff --git a/nixos/configs/sterni/configuration.nix b/nixos/configs/sterni/configuration.nix index 50514b8..72a02fb 100644 --- a/nixos/configs/sterni/configuration.nix +++ b/nixos/configs/sterni/configuration.nix @@ -23,13 +23,15 @@ security.wrappers = { pmount = { source = "${pkgs.pmount}/bin/pmount"; - owner = config.users.users.mainUser.name; - group = "nogroup"; + setuid = true; + owner = "root"; + group = "root"; }; pumount = { source = "${pkgs.pmount}/bin/pumount"; - owner = config.users.users.mainUser.name; - group = "nogroup"; + setuid = true; + owner = "root"; + group = "root"; }; }; diff --git a/nixos/configs/sterni/packages.nix b/nixos/configs/sterni/packages.nix index cd871b7..3293923 100644 --- a/nixos/configs/sterni/packages.nix +++ b/nixos/configs/sterni/packages.nix @@ -1,12 +1,15 @@ { config, lib, pkgs, ... }: let nextcloudSync = folder: + let + password = "$( pass show home/nextcloud/palo/nextcloudcmd-token)"; + user = "palo"; + in pkgs.writers.writeBashBin "nextcloud-sync-${folder}" '' ${pkgs.nextcloud-client}/bin/nextcloudcmd \ - --user palo \ - --password `pass show home/nextcloud/palo/nextcloudcmd-token` \ + --path "${folder}" \ ~/Nextcloud/${folder} \ - https://nextcloud.ingolf-wagner.de/remote.php/webdav/${folder} + "https://${user}:${password}@nextcloud.ingolf-wagner.de" ''; in