hosting/selfhostblocks
1
0
Fork 0
Code Issues Activity
selfhostblocks/demo/nextcloud/flake.nix

289 lines
8.7 KiB
Nix
Raw Normal View History

add nextcloud demo fixes #62
2023-12-24 07:49:50 +01:00
{
description = "Home Assistant example for Self Host Blocks";
inputs = {
selfhostblocks.url = "github:ibizaman/selfhostblocks";
};
test demos closes #128 and closes #53
2024-01-25 07:50:45 +01:00
outputs = inputs@{ self, selfhostblocks, ... }:
let
add nextcloud integration with ldap to the manual and nextcloud demo. refs #17
2024-01-06 18:43:30 +01:00
basic = { config, ... }: {
add nextcloud demo fixes #62
2023-12-24 07:49:50 +01:00
imports = [
./configuration.nix
make demos use selfhostblock provided inputs refs #61
2023-12-26 08:31:59 +01:00
selfhostblocks.inputs.sops-nix.nixosModules.default
add nextcloud demo fixes #62
2023-12-24 07:49:50 +01:00
selfhostblocks.nixosModules.x86_64-linux.default
];
shb.nextcloud = {
enable = true;
domain = "example.com";
subdomain = "n";
dataDir = "/var/lib/nextcloud";
tracing = null;
bump demo flake inputs
2024-02-07 05:52:25 +01:00
defaultPhoneRegion = "US";
add nextcloud demo fixes #62
2023-12-24 07:49:50 +01:00
# This option is only needed because we do not access Nextcloud at the default port in the VM.
update nextcloud demo to have sso too fixes #17
2024-01-23 01:49:07 +01:00
port = 8080;
add nextcloud demo fixes #62
2023-12-24 07:49:50 +01:00
adminPassFile = config.sops.secrets."nextcloud/adminpass".path;
add nextcloud integration with ldap to the manual and nextcloud demo. refs #17
2024-01-06 18:43:30 +01:00
apps = {
previewgenerator.enable = true;
};
};
# Secret needed for services.nextcloud.config.adminpassFile.
sops.secrets."nextcloud/adminpass" = {
sopsFile = ./secrets.yaml;
mode = "0440";
owner = "nextcloud";
group = "nextcloud";
restartUnits = [ "phpfpm-nextcloud.service" ];
};
# Set to true for more debug info with `journalctl -f -u nginx`.
shb.nginx.accessLog = true;
shb.nginx.debugLog = false;
};
ldap = { config, ... }: {
shb.ldap = {
enable = true;
domain = "example.com";
subdomain = "ldap";
ldapPort = 3890;
webUIListenPort = 17170;
dcdomain = "dc=example,dc=com";
ldapUserPasswordFile = config.sops.secrets."lldap/user_password".path;
jwtSecretFile = config.sops.secrets."lldap/jwt_secret".path;
};
sops.secrets."lldap/user_password" = {
sopsFile = ./secrets.yaml;
mode = "0440";
owner = "lldap";
group = "lldap";
restartUnits = [ "lldap.service" ];
};
sops.secrets."lldap/jwt_secret" = {
sopsFile = ./secrets.yaml;
mode = "0440";
owner = "lldap";
group = "lldap";
restartUnits = [ "lldap.service" ];
};
test demos closes #128 and closes #53
2024-01-25 07:50:45 +01:00
shb.nextcloud.apps.ldap = {
add nextcloud integration with ldap to the manual and nextcloud demo. refs #17
2024-01-06 18:43:30 +01:00
enable = true;
test demos closes #128 and closes #53
2024-01-25 07:50:45 +01:00
host = "127.0.0.1";
port = config.shb.ldap.ldapPort;
dcdomain = config.shb.ldap.dcdomain;
adminName = "admin";
adminPasswordFile = config.sops.secrets."nextcloud/ldap_admin_password".path;
userGroup = "nextcloud_user";
add nextcloud demo fixes #62
2023-12-24 07:49:50 +01:00
};
add nextcloud integration with ldap to the manual and nextcloud demo. refs #17
2024-01-06 18:43:30 +01:00
# Secret needed for LDAP app.
sops.secrets."nextcloud/ldap_admin_password" = {
sopsFile = ./secrets.yaml;
key = "lldap/user_password";
mode = "0400";
owner = "nextcloud";
group = "nextcloud";
restartUnits = [ "nextcloud-setup.service" ];
};
add nextcloud demo fixes #62
2023-12-24 07:49:50 +01:00
};
update nextcloud demo to have sso too fixes #17
2024-01-23 01:49:07 +01:00
sso = { config, ... }: {
shb.certs = {
cas.selfsigned.myca = {
name = "My CA";
};
certs.selfsigned = {
n = {
ca = config.shb.certs.cas.selfsigned.myca;
domain = "*.example.com";
};
};
};
services.dnsmasq = {
enable = true;
settings = {
domain-needed = true;
# no-resolv = true;
bogus-priv = true;
address =
map (hostname: "/${hostname}/127.0.0.1") [
"example.com"
"n.example.com"
"ldap.example.com"
"auth.example.com"
];
};
};
shb.authelia = {
enable = true;
domain = "example.com";
subdomain = "auth";
ssl = config.shb.certs.certs.selfsigned.n;
ldapEndpoint = "ldap://127.0.0.1:${builtins.toString config.shb.ldap.ldapPort}";
dcdomain = config.shb.ldap.dcdomain;
secrets = {
jwtSecretFile = config.sops.secrets."authelia/jwt_secret".path;
ldapAdminPasswordFile = config.sops.secrets."authelia/ldap_admin_password".path;
sessionSecretFile = config.sops.secrets."authelia/session_secret".path;
storageEncryptionKeyFile = config.sops.secrets."authelia/storage_encryption_key".path;
identityProvidersOIDCHMACSecretFile = config.sops.secrets."authelia/hmac_secret".path;
identityProvidersOIDCIssuerPrivateKeyFile = config.sops.secrets."authelia/private_key".path;
};
};
sops.secrets."authelia/jwt_secret" = {
sopsFile = ./secrets.yaml;
mode = "0400";
owner = config.shb.authelia.autheliaUser;
restartUnits = [ "authelia.service" ];
};
# Here we use the password defined in the lldap/user_password field in the secrets.yaml file
# and sops-nix will write it to "/run/secrets/authelia/ldap_admin_password".
sops.secrets."authelia/ldap_admin_password" = {
sopsFile = ./secrets.yaml;
key = "lldap/user_password";
mode = "0400";
owner = config.shb.authelia.autheliaUser;
restartUnits = [ "authelia.service" ];
};
sops.secrets."authelia/session_secret" = {
sopsFile = ./secrets.yaml;
mode = "0400";
owner = config.shb.authelia.autheliaUser;
restartUnits = [ "authelia.service" ];
};
sops.secrets."authelia/storage_encryption_key" = {
sopsFile = ./secrets.yaml;
mode = "0400";
owner = config.shb.authelia.autheliaUser;
restartUnits = [ "authelia.service" ];
};
sops.secrets."authelia/hmac_secret" = {
sopsFile = ./secrets.yaml;
mode = "0400";
owner = config.shb.authelia.autheliaUser;
restartUnits = [ "authelia.service" ];
};
sops.secrets."authelia/private_key" = {
sopsFile = ./secrets.yaml;
mode = "0400";
owner = config.shb.authelia.autheliaUser;
restartUnits = [ "authelia.service" ];
};
test demos closes #128 and closes #53
2024-01-25 07:50:45 +01:00
shb.nextcloud.apps.sso = {
enable = true;
endpoint = "https://${config.shb.authelia.subdomain}.${config.shb.authelia.domain}";
clientID = "nextcloud";
fallbackDefaultAuth = true;
secretFile = config.sops.secrets."nextcloud/sso/secret".path;
secretFileForAuthelia = config.sops.secrets."authelia/nextcloud_sso_secret".path;
};
sops.secrets."nextcloud/sso/secret" = {
sopsFile = ./secrets.yaml;
mode = "0400";
owner = "nextcloud";
restartUnits = [ "nextcloud-setup.service" ];
};
sops.secrets."authelia/nextcloud_sso_secret" = {
sopsFile = ./secrets.yaml;
key = "nextcloud/sso/secret";
mode = "0400";
owner = config.shb.authelia.autheliaUser;
};
};
sopsConfig = {
sops.age.keyFile = "/etc/sops/my_key";
environment.etc."sops/my_key".source = ./keys.txt;
};
in
{
nixosConfigurations = {
basic = selfhostblocks.inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
sopsConfig
basic
];
};
ldap = selfhostblocks.inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
sopsConfig
basic
ldap
];
};
sso = selfhostblocks.inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
sopsConfig
basic
ldap
sso
];
};
};
colmena = {
meta = {
nixpkgs = import selfhostblocks.inputs.nixpkgs {
system = "x86_64-linux";
};
specialArgs = inputs;
};
basic = { config, ... }: {
imports = [
basic
];
deployment = {
targetHost = "example";
targetUser = "nixos";
targetPort = 2222;
};
};
ldap = { config, ... }: {
imports = [
basic
ldap
];
deployment = {
targetHost = "example";
targetUser = "nixos";
targetPort = 2222;
};
};
sso = { config, ... }: {
imports = [
basic
ldap
sso
];
deployment = {
targetHost = "example";
targetUser = "nixos";
targetPort = 2222;
};
};
};
update nextcloud demo to have sso too fixes #17
2024-01-23 01:49:07 +01:00
};
add nextcloud demo fixes #62
2023-12-24 07:49:50 +01:00
}
Copy permalink