From 06ff0f83a1e6825c75bbe57571663ac7b56f2c64 Mon Sep 17 00:00:00 2001
From: Aleksandr Lebedev <alex.lebedev2003@icloud.com>
Date: Wed, 15 Oct 2025 09:10:26 +0200
Subject: [PATCH] Nextcloud whiteboard collab server

---
 modules/nixos/programs/sops/secrets/secrets.yaml     |  8 +++++---
 systems/x86_64-linux/stargate/services/nextcloud.nix | 10 +++++++---
 systems/x86_64-linux/stargate/services/nginx.nix     |  4 ++++
 3 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/modules/nixos/programs/sops/secrets/secrets.yaml b/modules/nixos/programs/sops/secrets/secrets.yaml
index 23ed70a..b2ef843 100644
--- a/modules/nixos/programs/sops/secrets/secrets.yaml
+++ b/modules/nixos/programs/sops/secrets/secrets.yaml
@@ -6,7 +6,9 @@ duckdns: ENC[AES256_GCM,data:QslHkm7T0PIx3WbYDi1wILL1ap1R/vRdjTu448DxQxdHdxOX,iv
 services:
     turn: ENC[AES256_GCM,data:uk3Skyorpy4ECvufTtcjQUXqVEhC5ngSZhogqkm7j/boGZ+6AiHJG/nggNXMIA1691TyFZwtSDLOhfS37RfI+w==,iv:cDePrmHp0RDIOcJlCbow53003/Gq1OnC6wnfGnLjpDA=,tag:mY9U9MFu9+gA/c4cg5pP0A==,type:str]
     conduwuit: ENC[AES256_GCM,data:1shEq67QJTkeqrfYSr/eYG7gYWH//5ey6XQ=,iv:hy5wQmue8qU4ALfn9BrNQLnsTk8BsVVXY/8bDj18mXk=,tag:h6+hL0HjgSzd15Kc7Zg4ng==,type:str]
-    nextcloud: ENC[AES256_GCM,data:YLRMhChTu/UQI+HIcUjNFFK+CfSCl2+0kfSkSfauAftRO2A1VHhyCjP5,iv:DLfhSvNRWXVU5XE3SwV4vZmAQI2ZVa+ak/g5Nu+Fgcg=,tag:K3nWfJRNxodeMkxGG3ljmg==,type:str]
+    nextcloud:
+        dbPassword: ENC[AES256_GCM,data:0LQ/8xZSh8dIQFeA4GJsFqPOS3y/CwUDazen+PCywjlPiBelT7L1Hb4W,iv:YoSGnqui8vmd+FSvkuHtyY/F+75+GpHa9SIQoPqma9Y=,tag:SVzjbkyOeklaQL9BlV+/sg==,type:str]
+        whiteboard: ENC[AES256_GCM,data:HKE1jW++QWdCOX2+MhqFMpXmjk2flslWpvI5wc6TbLVZcatt+6E9XVY+HtIXD+L/22T8YwajVgQTZhh4Za1arjY7grUtVpAxjN+MCA==,iv:QPwUIwgYNNcv/061SDIkPJClgaXgHzxSMRbTYWlNV4w=,tag:gG+oS1Mv6I7oMFXjIX6ARg==,type:str]
     paperless: ENC[AES256_GCM,data:VjbEtwfY4T0Bpb+iutN7kDMqgcRy4ThQJiVyCHHT,iv:rlWB0ZfFYuKkpAfIzxryySH+Zl8hLf6c9UTjv1hVDVI=,tag:gHFoJZoKFOVupmE2VSJOoA==,type:str]
     jellyfin: ENC[AES256_GCM,data:/a+Q7io2kDjXrchXJlAt2hmgTMRx+fwPyrHH4d9PW1qQcEfCMBf0Erbzkq9m3iikASwfWr/ROfFY28yNN55zGPxZVcS2RzCv3Y6RH3ECEMf0N6Kl9H8h1vOGK/GoNDFyb66jN9qCPSHzU91Lm7trMebOLauDgKSigx3U9E91cVpNF2H7J2Q/kQzBqjUk2+9d3gUAokGJwIn2hvqPuSGsUEareaBB9KNFLsOhY7EJmPmVIbEPpAPxr9eikjCpd+f1uY4=,iv:4MsYjE7RnI2Y/4okcnmeunNJh3Qz/hMWW0/1UBjXENg=,tag:y4n3v+L3163GJYVWolLKFA==,type:str]
     forgejo:
@@ -60,7 +62,7 @@ sops:
             MU43ZWEwMXEwdGx5d0hUNlhiaGdjWU0K9UoNQOnMxTy0KdfiYOgm0TxH5qFUV3gi
             f7z2RzR44ndf0nHwIzr8e1bmF9q5mc685Wq9qyM7aLCE+yUU/vUO7Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-10-12T12:34:53Z"
-    mac: ENC[AES256_GCM,data:9M9Wu84bcwEn4QpnUwPfj3O36+ck6KeDqfoy58RSMi7iZNBc8QmMqQ0f/KsQ1+pLkwW0Mr/JM9ORv8LjedHPPUGVS6m4s1x720B5UZVpDYsjNmT4dH6wXbeUWAuHGQeRQb8EGhoCuo8ZxkeFF+xAoW34u/utImfEyoru62MhQpI=,iv:9oPzYdhnw7o4Pq+IpkWzAcoFhpKeJYG2kF8keAbiG7M=,tag:iwx/qNUUV4HBmWGodyCfRA==,type:str]
+    lastmodified: "2025-10-15T06:05:46Z"
+    mac: ENC[AES256_GCM,data:l/GfsNNHk1P8wDC4gtZ5sW+WrAsTKt1iapekAgege4kHvbZRp8WQVFxuw0xql1/Tap9pl2GhGnbsD5QgUS0CIO0GWb6hC0S70O/eFI4IHKT7ZfA9f962QOwKuHXIc0m8iOaKdCDs/DietohCMA7KXan72O8fAhim0pxACvvqS8c=,iv:LrB+gexUMtNyqtoTm3LKcZGbRO9pPgtZhCB98netXlE=,tag:k2i0TsRyUFEG3Uc7Qje3dA==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.11.0
diff --git a/systems/x86_64-linux/stargate/services/nextcloud.nix b/systems/x86_64-linux/stargate/services/nextcloud.nix
index ba0d265..ca7d0a0 100644
--- a/systems/x86_64-linux/stargate/services/nextcloud.nix
+++ b/systems/x86_64-linux/stargate/services/nextcloud.nix
@@ -13,14 +13,15 @@
 }:
 with lib;
 with lib.custom; {
-  sops.secrets."services/nextcloud" = {owner = "nextcloud";};
+  sops.secrets."services/nextcloud/dbPassword" = {owner = "nextcloud";};
+  sops.secrets."services/nextcloud/whiteboard" = {owner = "nextcloud";};
   services.nextcloud = {
     enable = true;
     package = pkgs.nextcloud31;
     database.createLocally = true;
     config = {
       dbtype = "pgsql";
-      adminpassFile = config.sops.secrets."services/nextcloud".path;
+      adminpassFile = config.sops.secrets."services/nextcloud/dbPassword".path;
     };
     hostName = "nextcloud.kylekrein.com";
     https = true;
@@ -44,9 +45,12 @@ with lib.custom; {
     configureRedis = true;
   };
   services.nextcloud-whiteboard-server = {
-    enable = false; #true;
+    enable = true;
     settings = {
       NEXTCLOUD_URL = "https://nextcloud.kylekrein.com";
     };
+    secrets = [
+      config.sops.secrets."services/nextcloud/whiteboard".path
+    ];
   };
 }
diff --git a/systems/x86_64-linux/stargate/services/nginx.nix b/systems/x86_64-linux/stargate/services/nginx.nix
index 84dbec0..6e1622b 100644
--- a/systems/x86_64-linux/stargate/services/nginx.nix
+++ b/systems/x86_64-linux/stargate/services/nginx.nix
@@ -89,6 +89,10 @@ in {
       "${config.services.nextcloud.hostName}" = {
         enableACME = true;
         forceSSL = true;
+        locations."/whiteboard/" = {
+          proxyPass = "http://localhost:3002/";
+          proxyWebsockets = true;
+        };
       };
 
       "ntfy.kylekrein.com" = {