diff --git a/hosts/elisabeth/net.nix b/hosts/elisabeth/net.nix index 37d0ebe..a17ebce 100644 --- a/hosts/elisabeth/net.nix +++ b/hosts/elisabeth/net.nix @@ -7,11 +7,6 @@ inherit (config.secrets.secrets.local.networking) hostId; }; systemd.network.networks = { - "40-lan01" = { - matchConfig.Name = "lan01"; - dhcpV6Config.UseDNS = false; - dhcpV4Config.UseDNS = false; - }; "10-lan01" = { address = [(lib.net.cidr.hostCidr config.secrets.secrets.global.net.ips.${config.node.name} config.secrets.secrets.global.net.privateSubnetv4)]; gateway = [(lib.net.cidr.host 1 config.secrets.secrets.global.net.privateSubnetv4)]; @@ -19,6 +14,7 @@ matchConfig.Name = "lan"; dhcpV6Config.UseDNS = false; dhcpV4Config.UseDNS = false; + ipv6AcceptRAConfig.UseDNS = false; networkConfig = { IPv6PrivacyExtensions = "yes"; MulticastDNS = true; diff --git a/hosts/elisabeth/secrets/nextcloud/generated/maddyPasswd.age b/hosts/elisabeth/secrets/nextcloud/generated/maddyPasswd.age new file mode 100644 index 0000000..319375e --- /dev/null +++ b/hosts/elisabeth/secrets/nextcloud/generated/maddyPasswd.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> X25519 59/M7sZBQrBQPAcEOVz6Wx4JAa2KDr7uuvWujXw0UQ4 +F0xyN4XaRsUxWeWw8D/iMeG5Ae5q9O7E+aIAy4H6o1Y +-> piv-p256 XTQkUA A9Ebcz93AXKtJGec/q8lhai+HlW6wMcfvexN71l0G3Fh +AJMEfVRsd0FhYk4gRQxls5pNP8g2yNSQDTXz0ZFg1Zo +-> piv-p256 ZFgiIw AoEfBUMaCAqv250jrjBNSm/JKGvYOazanHBss6kHmAmt +N4Bu8uLMqwqbu7D6d57hlVYmt95NXSJjFY8biU6vs58 +-> piv-p256 5vmPtQ ApQ9mIcmf88Z22mBr1IMSJ1dgoDADRB+Jj48HpKFiAbD +rEcWLXh8oCPQRuKTQpTjqlDME2Rw2zkWk+1X4BTtgts +-> piv-p256 ZFgiIw Asa1oVWehCSqG0JVPtLrngOJiFMYyWcmCYnlyxGbH5DF +nIWn2OQkBAgwPlLExo5eG6GwEdB+zmSrSD88/XrTsiU +-> W5<$HY5Y-grease kIKLXr B( 8<}qd +jcKYwwiWM/CGNodKYwOT +--- 41dZQpbgiDIVRmiBMyO9u76SNI350z+LPHjYNW5LyOc +0̿ 3k`EEߵep~n?gV9U#t5;εО;-a9jrK".%y@뀦 \ No newline at end of file diff --git a/hosts/testienix/default.nix b/hosts/testienix/default.nix index bcc5e80..2e7c263 100644 --- a/hosts/testienix/default.nix +++ b/hosts/testienix/default.nix @@ -19,8 +19,6 @@ ./fs.nix ] ++ lib.lists.optionals (!minimal) [ - ../../modules/services/samba.nix - ../../modules/services/nextcloud.nix ]; services.xserver = { layout = "de"; diff --git a/hosts/testienix/secrets/generated/maddyPasswd.age b/hosts/testienix/secrets/generated/maddyPasswd.age new file mode 100644 index 0000000..4e72537 --- /dev/null +++ b/hosts/testienix/secrets/generated/maddyPasswd.age @@ -0,0 +1,16 @@ +age-encryption.org/v1 +-> X25519 EiiaTspuYICo7sZE7Gs8ZheQk8eL5MtxpQjwtfwO+hE +XIhhJjY/U5xGl5H7PSI+yHwDZNx7avpvxcIaMZNc/c0 +-> piv-p256 XTQkUA AvaKD53FQhtuc22ZV+Ie7AfFzACDCtObyNqbbr0N4Tx8 +OJ3SntPlIU4AD628ecxRwcQ/hA/zI4mX9EDwdQjncZk +-> piv-p256 ZFgiIw AyZFt8rIp8Tlc/oSSiuB7RnlwqegOOUFUd8QzpW85ZRa +X426rvg1JlYcUgOWDOHccN7sh4QpgXCzaOTWaW2C880 +-> piv-p256 5vmPtQ At2On21r9ZP/hBd+J1XdOYk7+mwKjXn5Qf7E0mBsX5fV +ebY+uWnfgTcs1GQXf24Sc2vpYZ+Ns1VYMWNV/kF5JUg +-> piv-p256 ZFgiIw Ax/HbDAorQF3etat7Z9OPMEXtqsl5+Z4OqQ06q4G7NIM +INZJZSfyJtr/ixZ8hrY+3337HXrDu+zku0RLJRI7grI +-> C-grease np6r#%p 3 2}hiMzg SC$uG +W0QvKa5oteDmCEZOhRc2vwij6kfSXUljy8qOqsO36y76D7D87hmFNK+/8FFlFHF5 +hieGKJW9wR4/yXYsjZtG +--- 3Uh7zG2QD1KbYAZlzkl0VEThhzcuczwydlRQ+c9rcVk +@ >J. Tlk_rǟJ;g fd|6h!A]D&@fPp2!:7j \ No newline at end of file diff --git a/modules/services/maddy.nix b/modules/services/maddy.nix index 5a615fa..37b8525 100644 --- a/modules/services/maddy.nix +++ b/modules/services/maddy.nix @@ -284,7 +284,6 @@ in { services.nginx = { enable = true; virtualHosts."mta-sts.${priv_domain}".extraConfig = '' - encode gzip file_server root * ${ pkgs.runCommand "priv_domain" {} '' diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix index d0be2df..94aabcf 100644 --- a/modules/services/nextcloud.nix +++ b/modules/services/nextcloud.nix @@ -2,11 +2,27 @@ lib, pkgs, config, + nodes, ... }: let hostName = "nc.${config.secrets.secrets.global.domains.web}"; in { - # TODO mailer + age.secrets.maddyPasswd = { + generator.script = "alnum"; + mode = "440"; + owner = "nextcloud"; + }; + + nodes.maddy = { + age.secrets.nextcloudPasswd = { + inherit (config.age.secrets.maddyPasswd) rekeyFile; + inherit (nodes.maddy.config.services.maddy) group; + mode = "640"; + }; + services.maddy.ensureCredentials = { + "nextcloud@${config.secrets.secrets.global.domains.mail_public}".passwordFile = nodes.maddy.config.age.secrets.nextcloudPasswd.path; + }; + }; environment.persistence."/persist".directories = [ { directory = "/var/lib/postgresql/"; @@ -44,10 +60,11 @@ in { extraAppsEnable = true; database.createLocally = true; phpOptions."opcache.interned_strings_buffer" = "32"; - extraOptions = { + settings = { default_phone_region = "DE"; trusted_proxies = [(lib.net.cidr.host config.secrets.secrets.global.net.ips.elisabeth config.secrets.secrets.global.net.privateSubnetv4)]; overwriteprotocol = "https"; + maintenance_window_start = 2; enabledPreviewProviders = [ "OC\\Preview\\BMP" "OC\\Preview\\GIF" @@ -61,11 +78,31 @@ in { "OC\\Preview\\XBitmap" "OC\\Preview\\HEIC" ]; + + mail_smtpmode = "smtp"; + mail_smtphost = "smtp.${config.secrets.secrets.global.domains.mail_public}"; + mail_smtpport = 465; + mail_from_address = "nextcloud"; + mail_smtpsecure = "ssl"; + mail_domain = config.secrets.secrets.global.domains.mail_public; + mail_smtpauth = true; + mail_smtpname = "nextcloud@${config.secrets.secrets.global.domains.mail_public}"; + loglevel = 2; }; config = { dbtype = "pgsql"; }; }; + systemd.tmpfiles.rules = let + mailer-passwd-conf = pkgs.writeText "nextcloud-config.php" '' + trim(file_get_contents('${config.age.secrets.maddyPasswd.path}')), + ]; + ''; + in [ + "L+ ${config.services.nextcloud.datadir}/config/mailer.config.php - - - - ${mailer-passwd-conf}" + ]; networking = { firewall.allowedTCPPorts = [80];