From 7c2798228be5292ab06a04d716cf7ec6a88e3fc6 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 2 Mar 2025 17:15:15 -0500 Subject: [PATCH 1/9] add collabora, add hydraJobs back in --- flake.nix | 2 +- systems/palatine-hill/docker/nextcloud.nix | 23 ++++++++++++++++++++-- systems/palatine-hill/secrets.yaml | 5 +++-- 3 files changed, 25 insertions(+), 5 deletions(-) diff --git a/flake.nix b/flake.nix index ee48c6e..d669454 100644 --- a/flake.nix +++ b/flake.nix @@ -140,7 +140,7 @@ rec { inherit lib; # for allowing use of custom functions in nix repl - #hydraJobs = import ./hydra/jobs.nix { inherit inputs outputs systems; }; + hydraJobs = import ./hydra/jobs.nix { inherit inputs outputs systems; }; formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style); nixosConfigurations = genSystems inputs outputs src (src + "/systems"); diff --git a/systems/palatine-hill/docker/nextcloud.nix b/systems/palatine-hill/docker/nextcloud.nix index 29ca7a5..7b57fbc 100644 --- a/systems/palatine-hill/docker/nextcloud.nix +++ b/systems/palatine-hill/docker/nextcloud.nix @@ -8,7 +8,7 @@ let # nextcloud-image = import ./nextcloud-image { inherit pkgs; }; nextcloud-base = { # image comes from running docker compose build in nextcloud-docker/.examples/full/apache - image = "nextcloud-nextcloud"; + image = "nextcloud:stable"; hostname = "nextcloud"; volumes = [ "${nextcloud_path}/nc_data:/var/www/html:z" @@ -46,7 +46,7 @@ in ]; }; go-vod = { - image = "radialapps/go-vod"; + image = "radialapps/go-vod:latest"; dependsOn = [ "nextcloud" ]; environment = { NEXTCLOUD_HOST = "https://nextcloud.alicehuston.xyz"; @@ -56,6 +56,21 @@ in "--device=/dev/dri:/dev/dri" ]; }; + collabora-code = { + image = "collabora/code:latest"; + dependsOn = [ "nextcloud" ]; + environment = { + aliasgroup1 = "https://collabora.nayenoie.com"; + extra_params = "--o:ssl.enable=true"; + }; + environmentFiles = [ + config.sops.secrets."docker/collabora".path + ]; + extraOptions = [ + "--network=haproxy-net" + ]; + ports = [ "9980:80" ]; + }; }; users.users.www-data = { @@ -80,6 +95,10 @@ in owner = "www-data"; restartUnits = [ "docker-nextcloud.service" ]; }; + "docker/collabora" = { + owner = "www-data"; + restartUnits = [ "docker-collabora.service" ]; + }; }; }; } diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml index 21fae25..811586c 100644 --- a/systems/palatine-hill/secrets.yaml +++ b/systems/palatine-hill/secrets.yaml @@ -21,6 +21,7 @@ docker: nextcloud: ENC[AES256_GCM,data:dm2Cha+CvFORgdcBvJAzzdOGcJ95vLJYTZcUJnjNp6HOQIIoJrDone1NOAYJh9rdWG/17/ntOmd+TysAj4AsD0dw/PatZmy3I+dcVghkt2XNTc7jD64QjctIHzR+om1joAbKemG1R3St7qDU68TWYxoxIfYZcJvg3ds/lJcYgFRh079UZ/IRlGVR6sWPEXyY+UUrwtk0Fr+y8UtwwWZiLp0akUbIV06huRGiAp/PeWETuPPuacl2++ayIgJFZkJjUl/a52RI1Q0nLG5iyK6QYpY1JSRJTOkiQQ4PB5GRdLCdoM5/ZXTQ6gGcoM5jXFllsTn+yRicNRucuBp7Z2achbk6eITCdjjdXVI7zM4YXpzVLu5fJckLAu07aEIGYCBT7ZXd7TRgfB68POwtwaJGBozg+nuhq8xEH04yi8jFODH6aFplIgJ+bbaP72zw+92lzZa33FEtOwKdtx+YUv0eLLDJs+8Z6Sn6RyN8prwIz1/9LuIMx39g4R7id9W2bV2MXqTU4nN8f0TXWqe+hnb5pDLBaZOBMkwbRka6Vptsi4dbL5Lnexa2DoIHZ2unyxZ+4SkRt9LH39j8fXf2w5JPFCSLstf7+Zu7xzRS0TTCug7k,iv:oOWcFdQJb/+KZKJmQChhJ5jOCcM3o+ojZSMyiRnO9n8=,tag:PWGQkwPe0juLgAdlKiWKpg==,type:str] redis: ENC[AES256_GCM,data:c+55cN6IpUNeKd+wC2zv3eunYjBsmZtXTczokqaxB2Q=,iv:M3pwNUlT9kUMv4JDE6bp/gub9CdBGxdApIvpOt3JpgE=,tag:3rPlV3U0AP9zAeF7xDouKw==,type:str] act-runner: ENC[AES256_GCM,data:gdrqXBBzdMW26MgNfP6P1c/m7pLANCXjcZLvVsxlWcgpAZd8IaO2FUqomL3xFI3UDPveQh0UvC3044ueoWhYJOq7ZmKJGvdf0ZrpP1MkXZKvjFjbTsuf/6/SYKhPqnP28HqznUWIVJYcRmP+A2oVeJY=,iv:/yOqJYDpxbqCm1whqcypp7Ba1Xlaebrv+h6lHr57Qa8=,tag:PzVqxP+QwQq69jqhmagj3w==,type:str] + collabora: ENC[AES256_GCM,data:r+BcGh3XNAEIB2VlSEf1wyVXNgO/QOV5KgqnYg5Sh4Uv4nyBmgkFBkZlM57WDkNnTQdwg7JUlFxHwBiGLw2v/MOL6czEEBdIVfD36hls0Z/34cerRxAesEQSp7ixTegItt8Z52mkUKsblSFlQW80JKbm2mTNVInY,iv:wS29mU/mPbgHuCIrGVwyh8om8UeBZG+vNHrfUPv2of0=,tag:/N8g7IuNVrGA7yiPuWxwbQ==,type:str] acme: bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str] dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str] @@ -41,8 +42,8 @@ sops: cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-27T05:04:04Z" - mac: ENC[AES256_GCM,data:9vPO2e4hsgxR+guksSb0yL9PHfpliaDX4NLEnMOFrLxbPqObwukmj8mFfIfC4nHFXMNhSY5PD5FRU0AJwWGwv9jEkBaiJKCtFlDl4eQ21vsWgiuhkC8FoG58w04XHCrlA2LoqQnv8N2stuM+gsmDulY5H/ugk11MyCSRp7To2uk=,iv:9PBi0Ah+Ay6m0oeGskWR+6xPK8/1uf88uv3oP/S8+YU=,tag:GbQDG6894ZmCEu7AMS6BhA==,type:str] + lastmodified: "2025-03-02T22:12:04Z" + mac: ENC[AES256_GCM,data:bRjvsFSSZFHCdy6PWKyIDbNiCvfF6QbIGnBGQC+6xGt3EQW3Tjm7zHOxYDlI61/l+tIb+pH6/dP/HC3o/2qC2S1s4DQj+1oap8z3qcWpfya/yrzp9cr0l0LxO9PxneSWV5BD8msoJ4I4jDLoWAHkmS5i7DWV2Ye7qBFfEUX1PrM=,iv:HQhxTkXZepIud38YaHFLOs5nemggiVDoZ1AN+b2eEZ8=,tag:ZQAPpDZiYBxmOc8GXheUvA==,type:str] pgp: - created_at: "2024-11-28T18:56:39Z" enc: |- -- 2.48.1 From fc68e0fb5974d06d41b97833009c7ce3da91b84c Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 2 Mar 2025 17:22:34 -0500 Subject: [PATCH 2/9] fix nextcloud image --- systems/palatine-hill/docker/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/palatine-hill/docker/nextcloud.nix b/systems/palatine-hill/docker/nextcloud.nix index 7b57fbc..9665c72 100644 --- a/systems/palatine-hill/docker/nextcloud.nix +++ b/systems/palatine-hill/docker/nextcloud.nix @@ -8,7 +8,7 @@ let # nextcloud-image = import ./nextcloud-image { inherit pkgs; }; nextcloud-base = { # image comes from running docker compose build in nextcloud-docker/.examples/full/apache - image = "nextcloud:stable"; + image = "nextcloud-nextcloud"; hostname = "nextcloud"; volumes = [ "${nextcloud_path}/nc_data:/var/www/html:z" -- 2.48.1 From 372cf629abaac427bb00febe68fb973afa5ab2ad Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 2 Mar 2025 17:33:07 -0500 Subject: [PATCH 3/9] add collabora firewall, gitea dependencies --- systems/palatine-hill/firewall.nix | 3 +++ systems/palatine-hill/gitea.nix | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/systems/palatine-hill/firewall.nix b/systems/palatine-hill/firewall.nix index c772c7f..f43e9c9 100644 --- a/systems/palatine-hill/firewall.nix +++ b/systems/palatine-hill/firewall.nix @@ -21,6 +21,9 @@ # attic 8183 + + # collabora + 9980 ]; } diff --git a/systems/palatine-hill/gitea.nix b/systems/palatine-hill/gitea.nix index 25b8b85..a0728bb 100644 --- a/systems/palatine-hill/gitea.nix +++ b/systems/palatine-hill/gitea.nix @@ -51,6 +51,11 @@ in recommendedDefaults = true; }; + systemd.services.gitea = { + requires = [ "docker.service" ]; + after = [ "docker.service" ]; + }; + networking.firewall.allowedTCPPorts = [ 6443 ]; sops.secrets = { -- 2.48.1 From 2501ca380c1dbfe9b9035d572b98bc7169811c09 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 2 Mar 2025 17:49:00 -0500 Subject: [PATCH 4/9] switch collabora to ssl termination --- systems/palatine-hill/docker/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/palatine-hill/docker/nextcloud.nix b/systems/palatine-hill/docker/nextcloud.nix index 9665c72..ddd34c6 100644 --- a/systems/palatine-hill/docker/nextcloud.nix +++ b/systems/palatine-hill/docker/nextcloud.nix @@ -61,7 +61,7 @@ in dependsOn = [ "nextcloud" ]; environment = { aliasgroup1 = "https://collabora.nayenoie.com"; - extra_params = "--o:ssl.enable=true"; + extra_params = "--o:ssl.enable=false --o:ssl.termination=true"; }; environmentFiles = [ config.sops.secrets."docker/collabora".path -- 2.48.1 From 37a5856d4044fb6de56639d65b7fb6aff85ace90 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 2 Mar 2025 17:57:13 -0500 Subject: [PATCH 5/9] aliasgroup expansion --- systems/palatine-hill/docker/nextcloud.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/systems/palatine-hill/docker/nextcloud.nix b/systems/palatine-hill/docker/nextcloud.nix index ddd34c6..3a3f753 100644 --- a/systems/palatine-hill/docker/nextcloud.nix +++ b/systems/palatine-hill/docker/nextcloud.nix @@ -60,7 +60,9 @@ in image = "collabora/code:latest"; dependsOn = [ "nextcloud" ]; environment = { - aliasgroup1 = "https://collabora.nayenoie.com"; + aliasgroup1 = "https://collabora.nayenoie.com:443"; + aliasgroup2 = "https://nextcloud.alicehuston.xyz:443"; + aliasgroup3 = "https://.*:443"; extra_params = "--o:ssl.enable=false --o:ssl.termination=true"; }; environmentFiles = [ -- 2.48.1 From 8afdc53a88849d6258cbf43173c22a838766a4ec Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 2 Mar 2025 18:01:29 -0500 Subject: [PATCH 6/9] priv --- systems/palatine-hill/docker/nextcloud.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/palatine-hill/docker/nextcloud.nix b/systems/palatine-hill/docker/nextcloud.nix index 3a3f753..6b1dddf 100644 --- a/systems/palatine-hill/docker/nextcloud.nix +++ b/systems/palatine-hill/docker/nextcloud.nix @@ -70,6 +70,7 @@ in ]; extraOptions = [ "--network=haproxy-net" + "--privileged" ]; ports = [ "9980:80" ]; }; -- 2.48.1 From 47d09c399ee2edcd1d0a6d5cd9bbe63e2a68937a Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 2 Mar 2025 18:19:46 -0500 Subject: [PATCH 7/9] add server_name --- systems/palatine-hill/docker/nextcloud.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/systems/palatine-hill/docker/nextcloud.nix b/systems/palatine-hill/docker/nextcloud.nix index 6b1dddf..8f85f81 100644 --- a/systems/palatine-hill/docker/nextcloud.nix +++ b/systems/palatine-hill/docker/nextcloud.nix @@ -64,13 +64,16 @@ in aliasgroup2 = "https://nextcloud.alicehuston.xyz:443"; aliasgroup3 = "https://.*:443"; extra_params = "--o:ssl.enable=false --o:ssl.termination=true"; + server_name = "collabora.nayeonie.com"; + domain = "nextcloud\.alicehuston\.xyz|nextcloud\.nayeonie\.com"; + DONT_GEN_SSL_CERT = 1; }; environmentFiles = [ config.sops.secrets."docker/collabora".path ]; extraOptions = [ "--network=haproxy-net" - "--privileged" + "--cap-add=MKNOD" ]; ports = [ "9980:80" ]; }; -- 2.48.1 From 1f09a69856d830b88067798a7f5bdd8e4fc238eb Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 2 Mar 2025 18:20:48 -0500 Subject: [PATCH 8/9] fix string --- systems/palatine-hill/docker/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/palatine-hill/docker/nextcloud.nix b/systems/palatine-hill/docker/nextcloud.nix index 8f85f81..11229ef 100644 --- a/systems/palatine-hill/docker/nextcloud.nix +++ b/systems/palatine-hill/docker/nextcloud.nix @@ -66,7 +66,7 @@ in extra_params = "--o:ssl.enable=false --o:ssl.termination=true"; server_name = "collabora.nayeonie.com"; domain = "nextcloud\.alicehuston\.xyz|nextcloud\.nayeonie\.com"; - DONT_GEN_SSL_CERT = 1; + DONT_GEN_SSL_CERT = "1"; }; environmentFiles = [ config.sops.secrets."docker/collabora".path -- 2.48.1 From 73406a8be3306c3888f80bc2283eee934091a305 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 2 Mar 2025 19:53:42 -0500 Subject: [PATCH 9/9] final fix for collabora --- systems/palatine-hill/docker/nextcloud.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/systems/palatine-hill/docker/nextcloud.nix b/systems/palatine-hill/docker/nextcloud.nix index 11229ef..daa97c5 100644 --- a/systems/palatine-hill/docker/nextcloud.nix +++ b/systems/palatine-hill/docker/nextcloud.nix @@ -64,18 +64,15 @@ in aliasgroup2 = "https://nextcloud.alicehuston.xyz:443"; aliasgroup3 = "https://.*:443"; extra_params = "--o:ssl.enable=false --o:ssl.termination=true"; - server_name = "collabora.nayeonie.com"; - domain = "nextcloud\.alicehuston\.xyz|nextcloud\.nayeonie\.com"; - DONT_GEN_SSL_CERT = "1"; }; environmentFiles = [ config.sops.secrets."docker/collabora".path ]; extraOptions = [ "--network=haproxy-net" - "--cap-add=MKNOD" + "--privileged" ]; - ports = [ "9980:80" ]; + ports = [ "9980:9980" ]; }; }; -- 2.48.1