fix webdav server

flake.nix

@@ -41,8 +41,9 @@
       ];
     };
 
-    nixosConfigurations.loutreos = nixpkgs-unstable.lib.nixosSystem {
+    nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem {
       system = "x86_64-linux";
+      specialArgs = { inherit nixpkgs-unstable; };
       modules = [
         nixpkgs-unstable.nixosModules.notDetected
         simple-nixos-mailserver.nixosModule

systems/LoutreOS/configuration.nix

@@ -107,15 +107,6 @@
         ];
       };
       extraCommands = ''
-        ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true
-        ip6tables -w -F loutreos-forward 2>/dev/null || true
-        ip6tables -w -X loutreos-forward 2>/dev/null || true
-        ip6tables -w -N loutreos-forward
-        ip6tables -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT
-        ip6tables -A loutreos-forward -j ACCEPT -i eno2
-        ip6tables -A loutreos-forward -j nixos-fw-log-refuse
-        ip6tables -w -A FORWARD -j loutreos-forward
-
         # Redirect local network request from server external IP to internal IP
         # Make the server available even without internet access
         iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true
@@ -139,6 +130,7 @@
       };
       dhcpPrefixDelegationConfig.SubnetId = "0";
     };
+    "40-eno1".linkConfig.RequiredForOnline = "no";
     "40-eno2" = {
       networkConfig = {
         IPv6SendRA = true;
@@ -234,7 +226,7 @@
   # -R 127.0.0.1:2525:127.0.0.1:25  redirect SMTP port on VPS port 2525
   services.autossh.sessions = [
     {
-      extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 -R 127.0.0.1:2525:127.0.0.1:25 loutre@vps772619.ovh.net";
+      extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 loutre@vps772619.ovh.net";
       monitoringPort = 20000;
       name = "backup-ssh-reverse";
       user = "autossh";

systems/LoutreOS/hardware-configuration.nix

@@ -158,6 +158,11 @@
       fsType = "zfs";
     };
 
+  fileSystems."/var/lib/nextcloud" =
+    { device = "loutrepool/var/nextcloud";
+      fsType = "zfs";
+    };
+
   fileSystems."/var/lib/private/photoprism" =
     { device = "loutrepool/var/photoprism";
       fsType = "zfs";

systems/LoutreOS/medias.nix

@@ -1,10 +1,10 @@
-{ config, lib, pkgs, inputs, ... }:
+{ config, lib, pkgs, nixpkgs-unstable, ... }:
 
 {
   services = {
     transmission = {
       enable = true;
-      package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.transmission_4;
+      package = nixpkgs-unstable.legacyPackages.x86_64-linux.transmission_4;
       home = "/var/lib/transmission";
       group = "medias";
       settings = {
@@ -20,17 +20,17 @@
 
     radarr = {
       enable = true;
-      package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.radarr;
+      package = nixpkgs-unstable.legacyPackages.x86_64-linux.radarr;
     };
     sonarr = {
       enable = true;
-      package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.sonarr;
+      package = nixpkgs-unstable.legacyPackages.x86_64-linux.sonarr;
     };
     prowlarr.enable = true;
 
     jellyfin = {
       enable = true;
-      package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.jellyfin;
+      package = nixpkgs-unstable.legacyPackages.x86_64-linux.jellyfin;
     };
 
     navidrome = {

systems/LoutreOS/web.nix

@@ -302,14 +302,17 @@ in
         # };
         "drive.nyanlout.re" = base {
           "/" = {
-            index = "/index.php";
             extraConfig = ''
               fastcgi_split_path_info ^(.+\.php)(/.+)$;
               fastcgi_pass unix:${config.services.phpfpm.pools.drive.socket};
               include ${pkgs.nginx}/conf/fastcgi_params;
               include ${pkgs.nginx}/conf/fastcgi.conf;
-
+              fastcgi_param SCRIPT_FILENAME $document_root/index.php;
+              fastcgi_intercept_errors on;
+              fastcgi_buffers 64 4K;
+              client_body_temp_path /mnt/webdav/tmp_upload;
               client_max_body_size 0;
+              proxy_request_buffering off;
             '';
           };
         } // {
@@ -345,6 +348,10 @@ in
         "challenge.amandoline-creations.fr" = base {
           "/".alias = "/var/www/amandoline-challenge/";
         };
+        ${config.services.nextcloud.hostName} = {
+          forceSSL = true;
+          enableACME = true;
+        };
       };
     };
 
@@ -381,6 +388,20 @@ in
     #   enable = true;
     #   package = pkgs.mariadb;
     # };
+
+    nextcloud = {
+      enable = true;
+      package = pkgs.nextcloud29;
+      hostName = "cloud.nyanlout.re";
+      database.createLocally = true;
+      https = true;
+      maxUploadSize = "16G";
+      config = {
+        dbtype = "pgsql";
+        adminpassFile = "$CREDENTIALS_DIRECTORY/nextcloud_admin.pass";
+      };
+    };
+
   };
 
   systemd.services.nginx.serviceConfig = {
@@ -397,6 +418,16 @@ in
     ];
   };
 
+  systemd.services.phpfpm-drive.serviceConfig = {
+    ReadWritePaths = [
+      "/mnt/webdav"
+    ];
+  };
+
+  systemd.services.nextcloud-setup.serviceConfig = {
+    LoadCredential = "nextcloud_admin.pass:/mnt/secrets/nextcloud_admin.pass";
+  };
+
   systemd.services.site-musique = let
     djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_3 pillow setuptools ]));
   in {