diff --git a/SwarselSystems.org b/SwarselSystems.org index 8ac4dc2..c80b206 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -2058,6 +2058,8 @@ My work machine. Built for more security, this is the gold standard of my config mpd = false; matrix = true; nextcloud = true; + immich = true; + paperless = true; }; }; @@ -4742,7 +4744,9 @@ I usually use =mutableUsers = false= in my NixOS configuration. However, on a ne options.swarselsystems.server.spotifyd = lib.mkEnableOption "enable spotifyd on server"; options.swarselsystems.server.mpd = lib.mkEnableOption "enable mpd on server"; options.swarselsystems.server.matrix = lib.mkEnableOption "enable matrix on server"; - options.swarselsystems.server.nextcloud = lib.mkEnableOption "enable nextcloid on server"; + options.swarselsystems.server.nextcloud = lib.mkEnableOption "enable nextcloud on server"; + options.swarselsystems.server.immich = lib.mkEnableOption "enable immich on server"; + options.swarselsystems.server.paperless = lib.mkEnableOption "enable paperless on server"; } #+end_src @@ -6634,6 +6638,7 @@ Also, the system state version is set here. No need to touch it. ./mpd.nix ./matrix.nix ./nextcloud.nix + ./immich.nix ]; nix = @@ -6725,7 +6730,7 @@ Also, the system state version is set here. No need to touch it. enable = true; openFirewall = true; - shares.Eternor = { + settingssys.Eternor = { browseable = "yes"; "read only" = "no"; "guest ok" = "no"; @@ -7336,7 +7341,7 @@ Also, the system state version is set here. No need to touch it. }; caption_in_message = true; permissions = { - "*" = "relaybot"; + "*" = "relay"; "@swarsel:${matrixDomain}" = "admin"; }; }; @@ -7419,14 +7424,15 @@ Also, the system state version is set here. No need to touch it. services.nextcloud = { enable = true; + packages = pkgs.nextcloud30; hostName = "stash.swarsel.win"; home = "/Vault/apps/nextcloud"; datadir = "/Vault/data/nextcloud"; - https: true; + https = true; configureRedis = true; maxUploadSize = "4G"; extraApps = { - inherit (pkgs.nextcloud30Packages.apps) mail calendar contact cospend phonetrack polls tasks; + inherit (pkgs.nextcloud30Packages.apps) mail calendar contacts cospend phonetrack polls tasks; }; config = { adminuser = "admin"; @@ -7438,25 +7444,54 @@ Also, the system state version is set here. No need to touch it. services.nginx = { virtualHosts = { "stash.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + # config is automatically added by nixos nextcloud config. + # hence, only provide certificate + }; + }; + }; + }; + + } +#+end_src + +**** immich + +#+begin_src nix :tangle profiles/server/common/immich.nix + { pkgs, lib, config, ... }: + { + config = lib.mkIf config.swarselsystems.server.immich { + + users.users.immich = { + extraGroups = [ "users" ]; + }; + + # sops.secrets.nextcloudadminpass = { owner = "nextcloud"; }; + + services.immich = { + enable = true; + port = 3001 + openFirewall = true; + mediaLocation = "/Vault/Eternor/Bilder"; + home = "/Vault/apps/nextcloud"; + }; + + + services.nginx = { + virtualHosts = { + "shots.swarsel.win" = { enableACME = true; forceSSL = true; acmeRoot = null; locations = { "/" = { - proxyPass = "https://192.168.1.5"; + proxyPass = "http://192.168.1.2:3001"; extraConfig = '' - client_max_body_size 0; + client_max_body_size 0; ''; }; - # "/push/" = { - # proxyPass = "http://192.168.2.5:7867"; - # }; - "/.well-known/carddav" = { - return = "301 $scheme://$host/remote.php/dav"; - }; - "/.well-known/caldav" = { - return = "301 $scheme://$host/remote.php/dav"; - }; }; }; }; diff --git a/modules/nixos/setup.nix b/modules/nixos/setup.nix index 6c97141..ec2029b 100644 --- a/modules/nixos/setup.nix +++ b/modules/nixos/setup.nix @@ -16,5 +16,7 @@ in options.swarselsystems.server.spotifyd = lib.mkEnableOption "enable spotifyd on server"; options.swarselsystems.server.mpd = lib.mkEnableOption "enable mpd on server"; options.swarselsystems.server.matrix = lib.mkEnableOption "enable matrix on server"; - options.swarselsystems.server.nextcloud = lib.mkEnableOption "enable nextcloid on server"; + options.swarselsystems.server.nextcloud = lib.mkEnableOption "enable nextcloud on server"; + options.swarselsystems.server.immich = lib.mkEnableOption "enable immich on server"; + options.swarselsystems.server.paperless = lib.mkEnableOption "enable paperless on server"; } diff --git a/profiles/server/common/default.nix b/profiles/server/common/default.nix index a617d9d..06dc684 100644 --- a/profiles/server/common/default.nix +++ b/profiles/server/common/default.nix @@ -20,6 +20,7 @@ ./mpd.nix ./matrix.nix ./nextcloud.nix + ./immich.nix ]; nix = diff --git a/profiles/server/common/immich.nix b/profiles/server/common/immich.nix new file mode 100644 index 0000000..7b79a67 --- /dev/null +++ b/profiles/server/common/immich.nix @@ -0,0 +1,39 @@ +{ pkgs, lib, config, ... }: +{ + config = lib.mkIf config.swarselsystems.server.immich { + + users.users.immich = { + extraGroups = [ "users" ]; + }; + + # sops.secrets.nextcloudadminpass = { owner = "nextcloud"; }; + + services.immich = { + enable = true; + port = 3001 + openFirewall = true; + mediaLocation = "/Vault/Eternor/Bilder"; + home = "/Vault/apps/nextcloud"; + }; + + + services.nginx = { + virtualHosts = { + "shots.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "http://192.168.1.2:3001"; + extraConfig = '' + client_max_body_size 0; + ''; + }; + }; + }; + }; + }; + }; + +} diff --git a/profiles/server/common/matrix.nix b/profiles/server/common/matrix.nix index 96240f1..8995418 100644 --- a/profiles/server/common/matrix.nix +++ b/profiles/server/common/matrix.nix @@ -229,7 +229,7 @@ in }; caption_in_message = true; permissions = { - "*" = "relaybot"; + "*" = "relay"; "@swarsel:${matrixDomain}" = "admin"; }; }; diff --git a/profiles/server/common/nextcloud.nix b/profiles/server/common/nextcloud.nix index 4a76b10..b3bfe4f 100644 --- a/profiles/server/common/nextcloud.nix +++ b/profiles/server/common/nextcloud.nix @@ -6,14 +6,15 @@ services.nextcloud = { enable = true; + packages = pkgs.nextcloud30; hostName = "stash.swarsel.win"; home = "/Vault/apps/nextcloud"; datadir = "/Vault/data/nextcloud"; - https: true; + https = true; configureRedis = true; maxUploadSize = "4G"; extraApps = { - inherit (pkgs.nextcloud30Packages.apps) mail calendar contact cospend phonetrack polls tasks; + inherit (pkgs.nextcloud30Packages.apps) mail calendar contacts cospend phonetrack polls tasks; }; config = { adminuser = "admin"; @@ -28,23 +29,8 @@ enableACME = true; forceSSL = true; acmeRoot = null; - locations = { - "/" = { - proxyPass = "https://192.168.1.5"; - extraConfig = '' - client_max_body_size 0; - ''; - }; - # "/push/" = { - # proxyPass = "http://192.168.2.5:7867"; - # }; - "/.well-known/carddav" = { - return = "301 $scheme://$host/remote.php/dav"; - }; - "/.well-known/caldav" = { - return = "301 $scheme://$host/remote.php/dav"; - }; - }; + # config is automatically added by nixos nextcloud config. + # hence, only provide certificate }; }; }; diff --git a/profiles/server/common/nfs.nix b/profiles/server/common/nfs.nix index 360cecc..a4e732c 100644 --- a/profiles/server/common/nfs.nix +++ b/profiles/server/common/nfs.nix @@ -20,7 +20,7 @@ enable = true; openFirewall = true; - shares.Eternor = { + settingssys.Eternor = { browseable = "yes"; "read only" = "no"; "guest ok" = "no"; diff --git a/profiles/server/winters/default.nix b/profiles/server/winters/default.nix index 46dc784..1b9e797 100644 --- a/profiles/server/winters/default.nix +++ b/profiles/server/winters/default.nix @@ -48,6 +48,8 @@ mpd = false; matrix = true; nextcloud = true; + immich = true; + paperless = true; }; }; diff --git a/wallpaper/serverwp.png b/wallpaper/serverwp.png index f5a4fe3..aeab812 100644 Binary files a/wallpaper/serverwp.png and b/wallpaper/serverwp.png differ