fix webdav server

install nextcloud
fix firewall
2024-05-14 17:39:41 +02:00 · 2024-05-14 17:39:29 +02:00 · 2024-05-14 12:08:15 +02:00 · 2024-05-14 10:38:42 +02:00 · 2024-05-14 10:38:08 +02:00
5 changed files with 48 additions and 19 deletions
--- a/flake.nix
+++ b/flake.nix
@ -41,8 +41,9 @@
      ];
    };
-    nixosConfigurations.loutreos = nixpkgs-unstable.lib.nixosSystem {
+    nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      specialArgs = { inherit nixpkgs-unstable; };
      modules = [
        nixpkgs-unstable.nixosModules.notDetected
        simple-nixos-mailserver.nixosModule
--- a/systems/LoutreOS/configuration.nix
+++ b/systems/LoutreOS/configuration.nix
@ -107,15 +107,6 @@
        ];
      };
      extraCommands = ''
        ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true
        ip6tables -w -F loutreos-forward 2>/dev/null || true
        ip6tables -w -X loutreos-forward 2>/dev/null || true
        ip6tables -w -N loutreos-forward
        ip6tables -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT
        ip6tables -A loutreos-forward -j ACCEPT -i eno2
        ip6tables -A loutreos-forward -j nixos-fw-log-refuse
        ip6tables -w -A FORWARD -j loutreos-forward
        # Redirect local network request from server external IP to internal IP
        # Make the server available even without internet access
        iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true
@ -139,6 +130,7 @@
      };
      dhcpPrefixDelegationConfig.SubnetId = "0";
    };
    "40-eno1".linkConfig.RequiredForOnline = "no";
    "40-eno2" = {
      networkConfig = {
        IPv6SendRA = true;
@ -234,7 +226,7 @@
  # -R 127.0.0.1:2525:127.0.0.1:25  redirect SMTP port on VPS port 2525
  services.autossh.sessions = [
    {
-      extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 -R 127.0.0.1:2525:127.0.0.1:25 loutre@vps772619.ovh.net";
+      extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 loutre@vps772619.ovh.net";
      monitoringPort = 20000;
      name = "backup-ssh-reverse";
      user = "autossh";
--- a/systems/LoutreOS/hardware-configuration.nix
+++ b/systems/LoutreOS/hardware-configuration.nix
@ -158,6 +158,11 @@
      fsType = "zfs";
    };
  fileSystems."/var/lib/nextcloud" =
    { device = "loutrepool/var/nextcloud";
      fsType = "zfs";
    };
  fileSystems."/var/lib/private/photoprism" =
    { device = "loutrepool/var/photoprism";
      fsType = "zfs";
--- a/systems/LoutreOS/medias.nix
+++ b/systems/LoutreOS/medias.nix
@ -1,10 +1,10 @@
-{ config, lib, pkgs, inputs, ... }:
+{ config, lib, pkgs, nixpkgs-unstable, ... }:
 {
  services = {
    transmission = {
      enable = true;
-      package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.transmission_4;
+      package = nixpkgs-unstable.legacyPackages.x86_64-linux.transmission_4;
      home = "/var/lib/transmission";
      group = "medias";
      settings = {
@ -20,17 +20,17 @@
    radarr = {
      enable = true;
-      package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.radarr;
+      package = nixpkgs-unstable.legacyPackages.x86_64-linux.radarr;
    };
    sonarr = {
      enable = true;
-      package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.sonarr;
+      package = nixpkgs-unstable.legacyPackages.x86_64-linux.sonarr;
    };
    prowlarr.enable = true;
    jellyfin = {
      enable = true;
-      package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.jellyfin;
+      package = nixpkgs-unstable.legacyPackages.x86_64-linux.jellyfin;
    };
    navidrome = {
--- a/systems/LoutreOS/web.nix
+++ b/systems/LoutreOS/web.nix
@ -302,14 +302,17 @@ in
        # };
        "drive.nyanlout.re" = base {
          "/" = {
            index = "/index.php";
            extraConfig = ''
              fastcgi_split_path_info ^(.+\.php)(/.+)$;
              fastcgi_pass unix:${config.services.phpfpm.pools.drive.socket};
              include ${pkgs.nginx}/conf/fastcgi_params;
              include ${pkgs.nginx}/conf/fastcgi.conf;
-
+              fastcgi_param SCRIPT_FILENAME $document_root/index.php;
              fastcgi_intercept_errors on;
              fastcgi_buffers 64 4K;
              client_body_temp_path /mnt/webdav/tmp_upload;
              client_max_body_size 0;
              proxy_request_buffering off;
            '';
          };
        } // {
@ -345,6 +348,10 @@ in
        "challenge.amandoline-creations.fr" = base {
          "/".alias = "/var/www/amandoline-challenge/";
        };
        ${config.services.nextcloud.hostName} = {
          forceSSL = true;
          enableACME = true;
        };
      };
    };
@ -381,6 +388,20 @@ in
    #   enable = true;
    #   package = pkgs.mariadb;
    # };
    nextcloud = {
      enable = true;
      package = pkgs.nextcloud29;
      hostName = "cloud.nyanlout.re";
      database.createLocally = true;
      https = true;
      maxUploadSize = "16G";
      config = {
        dbtype = "pgsql";
        adminpassFile = "$CREDENTIALS_DIRECTORY/nextcloud_admin.pass";
      };
    };
  };
  systemd.services.nginx.serviceConfig = {
@ -397,6 +418,16 @@ in
    ];
  };
  systemd.services.phpfpm-drive.serviceConfig = {
    ReadWritePaths = [
      "/mnt/webdav"
    ];
  };
  systemd.services.nextcloud-setup.serviceConfig = {
    LoadCredential = "nextcloud_admin.pass:/mnt/secrets/nextcloud_admin.pass";
  };
  systemd.services.site-musique = let
    djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_3 pillow setuptools ]));
  in {
Author	SHA1	Message	Date
nyanloutre	1abd6bd06d	fix webdav server	2024-05-14 17:39:41 +02:00
nyanloutre	3725e30663	install nextcloud	2024-05-14 17:39:29 +02:00
nyanloutre	a6ce24d547	fix firewall	2024-05-14 12:08:15 +02:00
nyanloutre	ab8c752a76	remove open mail port	2024-05-14 10:38:42 +02:00
nyanloutre	f9871ae0e1	fix flake-util-plus migration	2024-05-14 10:38:08 +02:00