Server

2025-09-27 15:04:54 +02:00 · 2025-09-27 15:04:54 +02:00 · 3d20632b0c
commit 3d20632b0c
parent 750689b0f6
6 changed files with 32 additions and 3 deletions
--- a/modules/home/programs/nextcloud-client/default.nix
+++ b/modules/home/programs/nextcloud-client/default.nix
@ -21,9 +21,14 @@ in {
  };

  config = mkIf cfg.enable {
-    home.packages = with pkgs; [nextcloud-client];
+    home.packages = with pkgs; [
+      nextcloud-client
+      nextcloud-talk-desktop
+    ];
    home.persistence = mkIf impermanence.enable {
      "${impermanence.persistentStorage}".directories = [
+        ".config/Nextcloud"
+        ".config/Nextcloud Talk"
      ];
    };
  };
--- a/modules/nixos/programs/sops/secrets/secrets.yaml
+++ b/modules/nixos/programs/sops/secrets/secrets.yaml
@ -2,6 +2,7 @@ users:
    kylekrein: ENC[AES256_GCM,data:DNLVQ4IPFhUG9MR9hk2BuElvfNZIky3nMGWgilutRwvT3wl25vOLEETrBFoWUO+2ZgLSnhtwWtIJhNlRlTK/rsrUNVTOdwq9AA==,iv:Z+dhr33Wotm064IcwtNfFpvQeL03T29Dn3Bl9VqPL1g=,tag:Qe3sOY0DegSKDptBjnbFrQ==,type:str]
    tania: ENC[AES256_GCM,data:veo/dKQpztSGLfCxpWqoTOlPqSaNeNW2pYrTU9z125hjBVt2LC8X+mDp8vA0r8QFKpkGr1BiwviUTuXsSO1IXn3nHfDGsHQqFQ==,iv:q3pCcil1wiKe5xC6QEn3Q4wV1icW+3CCUQw6QZIINWU=,tag:XvBfIEORfdTcUihtcJQZVg==,type:str]
    andrej: ENC[AES256_GCM,data:x/cWcswSDMFxXSLXe1JWGnQAuPYWM5AU4X3WxVAqUIifcYWxxynMfL9LXEgo3sP1IvRyp4FW+voWQrJM/KGdbYkkrAJNhbD7/Q==,iv:C51H9Zz4nxB+K1cohRq+1oPQ/ckDgVCMW4vB4+3wEt8=,tag:8ENLfMIoHbJGxceCKZulxg==,type:str]
+duckdns: ENC[AES256_GCM,data:QslHkm7T0PIx3WbYDi1wILL1ap1R/vRdjTu448DxQxdHdxOX,iv:eB0PspBBReCjuC17mAwSMJoSZ4G3lErTml0ifp3vCGw=,tag:4vaCLCc+V6ePenvTo7VsGA==,type:str]
 services:
    conduwuit: ENC[AES256_GCM,data:1shEq67QJTkeqrfYSr/eYG7gYWH//5ey6XQ=,iv:hy5wQmue8qU4ALfn9BrNQLnsTk8BsVVXY/8bDj18mXk=,tag:h6+hL0HjgSzd15Kc7Zg4ng==,type:str]
    nextcloud: ENC[AES256_GCM,data:YLRMhChTu/UQI+HIcUjNFFK+CfSCl2+0kfSkSfauAftRO2A1VHhyCjP5,iv:DLfhSvNRWXVU5XE3SwV4vZmAQI2ZVa+ak/g5Nu+Fgcg=,tag:K3nWfJRNxodeMkxGG3ljmg==,type:str]
@ -53,7 +54,7 @@ sops:
            MU43ZWEwMXEwdGx5d0hUNlhiaGdjWU0K9UoNQOnMxTy0KdfiYOgm0TxH5qFUV3gi
            f7z2RzR44ndf0nHwIzr8e1bmF9q5mc685Wq9qyM7aLCE+yUU/vUO7Q==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-09-18T10:36:22Z"
-    mac: ENC[AES256_GCM,data:5PQZXtuWcWn/PDSM6uA1ycFKOPeJIzxEcTDZBbUeemr4lXzM6pB1ZPREfiAWP+d49m4aotgv6GW2qz5n7JY/GUJCjAWnAlnzlWdh91BNAwhZ6TPQ0+hN/AfF+EHEpvwrAklXl0fGjc3O7J2FwPEdAUCIyYG11zswXmIOovOcivw=,iv:bByp/c1xlgrgQZYrxo1XnXFdacKIDIeVinR46yFy2k8=,tag:aMU5V9EtWoUtQS7/VulKEw==,type:str]
+    lastmodified: "2025-09-27T10:21:51Z"
+    mac: ENC[AES256_GCM,data:v6ILZvhNZQpUK/thuVUQpqFnIjt5ysydQf290Y4yoZU2auQUzXdYQYHl/aREqR08bGOBSNzD+dcVvgYcKJ84MjTDuRjs60NeSSoz3/x6345TSk7EhhNr/cNlnL/AxnSkWnuq17AZxC4HfDQZW85m1o4QpFoyK0ZLoraVbIuikdg=,iv:a4F0KyATjqP9zeVPusRho6IWP4qOgLkmIQsaRTBIqKw=,tag:rRJmdtgCCa41G5E2JdlHGw==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.10.2
--- a/systems/x86_64-linux/kylekrein-server/default.nix
+++ b/systems/x86_64-linux/kylekrein-server/default.nix
@ -115,6 +115,7 @@ with lib.custom; {
  services.gitlab = {
    enable = true;
    host = "gitlab.kylekrein.com";
+    https = true;
    port = 443;
    #statePath = "/persist/gitlab/state";
    backup.startAt = "3:00";
--- a/systems/x86_64-linux/stargate/default.nix
+++ b/systems/x86_64-linux/stargate/default.nix
@ -78,6 +78,22 @@ in {
      extraArgs = ["--sshoption=StrictHostKeyChecking=off"];
    };
  };
+  sops.secrets."duckdns" = {mode = "777";};
+  services.cron = {
+    enable = true;
+    systemCronJobs = [
+      "*/5 * * * * ${lib.getExe (pkgs.writeShellScriptBin "duckdns" ''
+        TOKEN=$(cat ${config.sops.secrets."duckdns".path})
+        REALV6=$(ip -6 addr show dev enp3s0 scope global \
+         | awk '/inet6 2/{print $2}' \
+         | cut -d/ -f1 \
+         | grep -E 'f9c4$' \
+         | head -n1)
+        REALV4=$(curl -s https://ifconfig.me --ipv4)
+        echo url="https://www.duckdns.org/update?domains=kylekrein&token=$TOKEN&ipv6=$REALV6&ip=$REALV4" | curl -k -K -
+      '')} >/dev/null 2>&1"
+    ];
+  };

  custom.presets.disko.impermanenceBtrfsLuks = {
    enable = true;
--- a/systems/x86_64-linux/stargate/services/nextcloud.nix
+++ b/systems/x86_64-linux/stargate/services/nextcloud.nix
@ -22,5 +22,6 @@ with lib.custom; {
      adminpassFile = config.sops.secrets."services/nextcloud".path;
    };
    hostName = "nextcloud.kylekrein.com";
+    https = true;
  };
 }
--- a/systems/x86_64-linux/stargate/services/nginx.nix
+++ b/systems/x86_64-linux/stargate/services/nginx.nix
@ -64,6 +64,11 @@ in {
        };
      };

+      "${config.services.nextcloud.hostName}" = {
+        enableACME = true;
+        forceSSL = true;
+      };
+
      "ntfy.kylekrein.com" = {
        enableACME = true;
        forceSSL = true;