diff --git a/hosts/Alaska/containers/default.nix b/hosts/Alaska/containers/default.nix deleted file mode 100644 index e69de29..0000000 diff --git a/hosts/Alaska/default.nix b/hosts/Alaska/default.nix index 0449e51..5a73ef5 100644 --- a/hosts/Alaska/default.nix +++ b/hosts/Alaska/default.nix @@ -5,8 +5,8 @@ { imports = [ (import ./hardware-configuration.nix) - (import ./containers/nextcloud.nix) (import ./modules/nginx.nix) + (import ./modules/nextcloud.nix) ]; environment.systemPackages = [ diff --git a/hosts/Alaska/containers/nextcloud.nix b/hosts/Alaska/modules/nextcloud.nix similarity index 51% rename from hosts/Alaska/containers/nextcloud.nix rename to hosts/Alaska/modules/nextcloud.nix index 3c9fea4..437bd10 100644 --- a/hosts/Alaska/containers/nextcloud.nix +++ b/hosts/Alaska/modules/nextcloud.nix @@ -1,48 +1,17 @@ - { config, lib, pkgs, ... }: - { - containers.nextcloud = { - autoStart = true; - privateNetwork = true; - # The host address is the address of the parent machine from inside the container - hostAddress = "192.168.100.10"; - # The local address field is the "inside the container" address of this machine - # Or what it says when you run 'ip a' inside the container - localAddress = "192.168.100.11"; - # These are the same as above, but for ipv6 - hostAddress6 = "fc00::1"; - localAddress6 = "fc00::2"; - - # allowed filepaths and container-internal mount points - # I believe "hostPath" is the system-wide, non-conatainer path - bindMounts = { - "/Aurora/nextcloud" = { - hostPath = "/Aurora/nextcloud"; - isReadOnly = false; - }; - }; - - # If, when you nix-container root-login and systemctl status nextcloud-setup says the - # password files are unreadable, log in as root and `chown nextcloud:nextcloud` the password files - config = { config, pkgs, ... }: { - - # A lot of this nextcloud configuration was pulled from this post: - # https://jacobneplokh.com/how-to-setup-nextcloud-on-nixos/ services.nextcloud = { enable = true; package = pkgs.nextcloud25; enableBrokenCiphersForSSE = false; + nginx.recommendedHttpHeaders = true; https = true; - hostName = "192.168.100.10"; + hostName = "files.nickiel.net"; home = "/Aurora/nextcloud"; - autoUpdateApps = { - enable = true; - startAt = "05:00:00"; - }; + autoUpdateApps.enable = true; config = { overwriteProtocol = "https"; @@ -50,6 +19,9 @@ "10.0.0.183" "files.nickiel.net" ]; + trustedProxies = [ + "files.nickiel.net" + ]; dbtype = "pgsql"; dbuser = "nextcloud"; @@ -86,17 +58,4 @@ requires = ["postgresql.service"]; after = ["postgresql.service"]; }; - - - # Container nixos state configurations - system.stateVersion = "22.05"; - networking.firewall = { - enable = true; - allowedTCPPorts = [ 80 ]; - }; - # Manually configure nameserver. Using resolved inside the container seems to fail - # currently - environment.etc."resolv.conf".text = "nameserver 1.1.1.1"; - }; - }; } diff --git a/hosts/Alaska/modules/nginx.nix b/hosts/Alaska/modules/nginx.nix index 0c0567a..85ede78 100644 --- a/hosts/Alaska/modules/nginx.nix +++ b/hosts/Alaska/modules/nginx.nix @@ -1,6 +1,11 @@ { config, lib, pkgs, ... }: { + security.acme = { + acceptTerms = true; + defaults.email = "nicholasyoungsumner@gmail.com"; + }; + services.nginx = { enable = true; commonHttpConfig = '' @@ -19,8 +24,7 @@ "jellyfin.nickiel.net" = { forceSSL = true; - sslCertificate = "/Aurora/nickiel.net.pem"; - sslCertificateKey = "/Aurora/nickiel.net.key"; + enableACME = true; locations."/" = { proxyPass = "http://127.0.0.1:8096/"; proxyWebsockets = true; @@ -28,15 +32,10 @@ }; }; - #"files.nickiel.net" = { - # forceSSL = true; - # sslCertificate = "/Aurora/nickiel.net.pem"; - # sslCertificateKey = "/Aurora/nickiel.net.key"; - # locations."/" = { - # proxyPass = "http://192.168.100.11:80"; - # proxyWebsockets = true; - # }; - # }; + "files.nickiel.net" = { + forceSSL = true; + enableACME = true; + }; }; }; }