From 3d20632b0c6a60f3861e820e3cb6de3e61b0cd58 Mon Sep 17 00:00:00 2001 From: Aleksandr Lebedev Date: Sat, 27 Sep 2025 15:04:54 +0200 Subject: [PATCH] Server --- .../home/programs/nextcloud-client/default.nix | 7 ++++++- modules/nixos/programs/sops/secrets/secrets.yaml | 5 +++-- .../x86_64-linux/kylekrein-server/default.nix | 1 + systems/x86_64-linux/stargate/default.nix | 16 ++++++++++++++++ .../x86_64-linux/stargate/services/nextcloud.nix | 1 + systems/x86_64-linux/stargate/services/nginx.nix | 5 +++++ 6 files changed, 32 insertions(+), 3 deletions(-) diff --git a/modules/home/programs/nextcloud-client/default.nix b/modules/home/programs/nextcloud-client/default.nix index 2ee6550..bb71d95 100644 --- a/modules/home/programs/nextcloud-client/default.nix +++ b/modules/home/programs/nextcloud-client/default.nix @@ -21,9 +21,14 @@ in { }; config = mkIf cfg.enable { - home.packages = with pkgs; [nextcloud-client]; + home.packages = with pkgs; [ + nextcloud-client + nextcloud-talk-desktop + ]; home.persistence = mkIf impermanence.enable { "${impermanence.persistentStorage}".directories = [ + ".config/Nextcloud" + ".config/Nextcloud Talk" ]; }; }; diff --git a/modules/nixos/programs/sops/secrets/secrets.yaml b/modules/nixos/programs/sops/secrets/secrets.yaml index 5a129a8..fe8a98b 100644 --- a/modules/nixos/programs/sops/secrets/secrets.yaml +++ b/modules/nixos/programs/sops/secrets/secrets.yaml @@ -2,6 +2,7 @@ users: kylekrein: ENC[AES256_GCM,data:DNLVQ4IPFhUG9MR9hk2BuElvfNZIky3nMGWgilutRwvT3wl25vOLEETrBFoWUO+2ZgLSnhtwWtIJhNlRlTK/rsrUNVTOdwq9AA==,iv:Z+dhr33Wotm064IcwtNfFpvQeL03T29Dn3Bl9VqPL1g=,tag:Qe3sOY0DegSKDptBjnbFrQ==,type:str] tania: ENC[AES256_GCM,data:veo/dKQpztSGLfCxpWqoTOlPqSaNeNW2pYrTU9z125hjBVt2LC8X+mDp8vA0r8QFKpkGr1BiwviUTuXsSO1IXn3nHfDGsHQqFQ==,iv:q3pCcil1wiKe5xC6QEn3Q4wV1icW+3CCUQw6QZIINWU=,tag:XvBfIEORfdTcUihtcJQZVg==,type:str] andrej: ENC[AES256_GCM,data:x/cWcswSDMFxXSLXe1JWGnQAuPYWM5AU4X3WxVAqUIifcYWxxynMfL9LXEgo3sP1IvRyp4FW+voWQrJM/KGdbYkkrAJNhbD7/Q==,iv:C51H9Zz4nxB+K1cohRq+1oPQ/ckDgVCMW4vB4+3wEt8=,tag:8ENLfMIoHbJGxceCKZulxg==,type:str] +duckdns: ENC[AES256_GCM,data:QslHkm7T0PIx3WbYDi1wILL1ap1R/vRdjTu448DxQxdHdxOX,iv:eB0PspBBReCjuC17mAwSMJoSZ4G3lErTml0ifp3vCGw=,tag:4vaCLCc+V6ePenvTo7VsGA==,type:str] services: conduwuit: ENC[AES256_GCM,data:1shEq67QJTkeqrfYSr/eYG7gYWH//5ey6XQ=,iv:hy5wQmue8qU4ALfn9BrNQLnsTk8BsVVXY/8bDj18mXk=,tag:h6+hL0HjgSzd15Kc7Zg4ng==,type:str] nextcloud: ENC[AES256_GCM,data:YLRMhChTu/UQI+HIcUjNFFK+CfSCl2+0kfSkSfauAftRO2A1VHhyCjP5,iv:DLfhSvNRWXVU5XE3SwV4vZmAQI2ZVa+ak/g5Nu+Fgcg=,tag:K3nWfJRNxodeMkxGG3ljmg==,type:str] @@ -53,7 +54,7 @@ sops: MU43ZWEwMXEwdGx5d0hUNlhiaGdjWU0K9UoNQOnMxTy0KdfiYOgm0TxH5qFUV3gi f7z2RzR44ndf0nHwIzr8e1bmF9q5mc685Wq9qyM7aLCE+yUU/vUO7Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-09-18T10:36:22Z" - mac: ENC[AES256_GCM,data:5PQZXtuWcWn/PDSM6uA1ycFKOPeJIzxEcTDZBbUeemr4lXzM6pB1ZPREfiAWP+d49m4aotgv6GW2qz5n7JY/GUJCjAWnAlnzlWdh91BNAwhZ6TPQ0+hN/AfF+EHEpvwrAklXl0fGjc3O7J2FwPEdAUCIyYG11zswXmIOovOcivw=,iv:bByp/c1xlgrgQZYrxo1XnXFdacKIDIeVinR46yFy2k8=,tag:aMU5V9EtWoUtQS7/VulKEw==,type:str] + lastmodified: "2025-09-27T10:21:51Z" + mac: ENC[AES256_GCM,data:v6ILZvhNZQpUK/thuVUQpqFnIjt5ysydQf290Y4yoZU2auQUzXdYQYHl/aREqR08bGOBSNzD+dcVvgYcKJ84MjTDuRjs60NeSSoz3/x6345TSk7EhhNr/cNlnL/AxnSkWnuq17AZxC4HfDQZW85m1o4QpFoyK0ZLoraVbIuikdg=,iv:a4F0KyATjqP9zeVPusRho6IWP4qOgLkmIQsaRTBIqKw=,tag:rRJmdtgCCa41G5E2JdlHGw==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 diff --git a/systems/x86_64-linux/kylekrein-server/default.nix b/systems/x86_64-linux/kylekrein-server/default.nix index 834b99d..92d0c97 100644 --- a/systems/x86_64-linux/kylekrein-server/default.nix +++ b/systems/x86_64-linux/kylekrein-server/default.nix @@ -115,6 +115,7 @@ with lib.custom; { services.gitlab = { enable = true; host = "gitlab.kylekrein.com"; + https = true; port = 443; #statePath = "/persist/gitlab/state"; backup.startAt = "3:00"; diff --git a/systems/x86_64-linux/stargate/default.nix b/systems/x86_64-linux/stargate/default.nix index e0a6417..9d05b25 100644 --- a/systems/x86_64-linux/stargate/default.nix +++ b/systems/x86_64-linux/stargate/default.nix @@ -78,6 +78,22 @@ in { extraArgs = ["--sshoption=StrictHostKeyChecking=off"]; }; }; + sops.secrets."duckdns" = {mode = "777";}; + services.cron = { + enable = true; + systemCronJobs = [ + "*/5 * * * * ${lib.getExe (pkgs.writeShellScriptBin "duckdns" '' + TOKEN=$(cat ${config.sops.secrets."duckdns".path}) + REALV6=$(ip -6 addr show dev enp3s0 scope global \ + | awk '/inet6 2/{print $2}' \ + | cut -d/ -f1 \ + | grep -E 'f9c4$' \ + | head -n1) + REALV4=$(curl -s https://ifconfig.me --ipv4) + echo url="https://www.duckdns.org/update?domains=kylekrein&token=$TOKEN&ipv6=$REALV6&ip=$REALV4" | curl -k -K - + '')} >/dev/null 2>&1" + ]; + }; custom.presets.disko.impermanenceBtrfsLuks = { enable = true; diff --git a/systems/x86_64-linux/stargate/services/nextcloud.nix b/systems/x86_64-linux/stargate/services/nextcloud.nix index 2e1e4d4..85529ff 100644 --- a/systems/x86_64-linux/stargate/services/nextcloud.nix +++ b/systems/x86_64-linux/stargate/services/nextcloud.nix @@ -22,5 +22,6 @@ with lib.custom; { adminpassFile = config.sops.secrets."services/nextcloud".path; }; hostName = "nextcloud.kylekrein.com"; + https = true; }; } diff --git a/systems/x86_64-linux/stargate/services/nginx.nix b/systems/x86_64-linux/stargate/services/nginx.nix index 347859e..d9e2c30 100644 --- a/systems/x86_64-linux/stargate/services/nginx.nix +++ b/systems/x86_64-linux/stargate/services/nginx.nix @@ -64,6 +64,11 @@ in { }; }; + "${config.services.nextcloud.hostName}" = { + enableACME = true; + forceSSL = true; + }; + "ntfy.kylekrein.com" = { enableACME = true; forceSSL = true;