diff --git a/hosts/desktopnix/default.nix b/hosts/desktopnix/default.nix index 27b6551..029a6dc 100644 --- a/hosts/desktopnix/default.nix +++ b/hosts/desktopnix/default.nix @@ -39,7 +39,7 @@ xkbVariant = "bone"; }; virtualisation.podman = { - enable = false; + enable = true; dockerCompat = true; }; diff --git a/hosts/desktopnix/net.nix b/hosts/desktopnix/net.nix index 9e96535..7a47fdb 100644 --- a/hosts/desktopnix/net.nix +++ b/hosts/desktopnix/net.nix @@ -14,4 +14,9 @@ }; }; }; + + networking.extraHosts = '' + 192.168.178.32 pgrossmann.org + 192.168.178.32 nc.pgrossmann.org + ''; } diff --git a/hosts/patricknix/net.nix b/hosts/patricknix/net.nix index 7a98916..a80670b 100644 --- a/hosts/patricknix/net.nix +++ b/hosts/patricknix/net.nix @@ -1,9 +1,4 @@ -{ - config, - lib, - pkgs, - ... -}: { +{config, ...}: { age.secrets.eduroam = { rekeyFile = ./secrets/iwd/eduroam.8021x.age; path = "/var/lib/iwd/eduroam.8021x"; @@ -31,50 +26,6 @@ SAE-PT-Group20 = config.age.secrets.devoloog-sae20.path; }; }; - "37C3".settings = { - Security = { - EAP-Method = lib.writeText "PEAP"; - EAP-Identity = lib.writeText "anonymous@37C3"; - EAP-PEAP-CACert = lib.writeText (pkgs.writeText "ISRG_Root_X1.pem" '' - -----BEGIN CERTIFICATE----- - MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw - TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh - cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 - WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu - ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY - MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc - h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ - 0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U - A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW - T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH - B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC - B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv - KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn - OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn - jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw - qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI - rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV - HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq - hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL - ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ - 3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK - NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 - ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur - TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC - jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc - oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq - 4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA - mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d - emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= - -----END CERTIFICATE----- - ''); - EAP-PEAP-ServerDomainMask = lib.writeText "radius.c3noc.net"; - EAP-PEAP-Phase2-Method = lib.writeText "MSCHAPV2"; - EAP-PEAP-Phase2-Identity = lib.writeText "37C3"; - EAP-PEAP-Phase2-Password = lib.writeText "37C3"; - }; - Settings.AutoConnnect = lib.writeText "true"; - }; }; }; # Add the VPN based route to my paperless instance to diff --git a/modules/config/users.nix b/modules/config/users.nix index 7ea81dc..52fe24c 100644 --- a/modules/config/users.nix +++ b/modules/config/users.nix @@ -25,5 +25,6 @@ systemd-coredump = uidGid 301; patrick = uidGid 1000; smb = uidGid 2000; + ggr = uidGid 2001; }; } diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix index 153ce4f..e1abc97 100644 --- a/modules/services/nextcloud.nix +++ b/modules/services/nextcloud.nix @@ -2,6 +2,7 @@ lib, stateVersion, config, + #deadnix: skip pkgs, # not unused needed for the usage of attrs later to contains pkgs ... } @ attrs: let @@ -17,13 +18,15 @@ in { extraConfig = '' zone nextcloud 64k ; keepalive 5 ; - client_max_body_size 4G ; ''; }; virtualHosts.${hostName} = { forceSSL = true; useACMEHost = "mail"; locations."/".proxyPass = "http://nextcloud"; + extraConfig = '' + client_max_body_size 4G ; + ''; }; }; containers.nextcloud = lib.containers.mkConfig "nextcloud" attrs { @@ -63,27 +66,35 @@ in { package = pkgs.nextcloud28; configureRedis = true; config.adminpassFile = "${pkgs.writeText "adminpass" "test123"}"; # DON'T DO THIS IN PRODUCTION - the password file will be world-readable in the Nix Store! + config.adminuser = "admin"; extraApps = with config.services.nextcloud.package.packages.apps; { inherit contacts calendar tasks notes maps; }; # TODO increase outer nginx upload size as well maxUploadSize = "2G"; extraAppsEnable = true; - extraOptions.enabledPreviewProviders = [ - "OC\\Preview\\BMP" - "OC\\Preview\\GIF" - "OC\\Preview\\JPEG" - "OC\\Preview\\Krita" - "OC\\Preview\\MarkDown" - "OC\\Preview\\MP3" - "OC\\Preview\\OpenDocument" - "OC\\Preview\\PNG" - "OC\\Preview\\TXT" - "OC\\Preview\\XBitmap" - "OC\\Preview\\HEIC" - ]; + database.createLocally = true; + phpOptions."opcache.interned_strings_buffer" = "32"; + extraOptions = { + trusted_proxies = ["192.168.178.32"]; + overwriteprotocol = "https"; + enabledPreviewProviders = [ + "OC\\Preview\\BMP" + "OC\\Preview\\GIF" + "OC\\Preview\\JPEG" + "OC\\Preview\\Krita" + "OC\\Preview\\MarkDown" + "OC\\Preview\\MP3" + "OC\\Preview\\OpenDocument" + "OC\\Preview\\PNG" + "OC\\Preview\\TXT" + "OC\\Preview\\XBitmap" + "OC\\Preview\\HEIC" + ]; + }; config = { defaultPhoneRegion = "DE"; + dbtype = "pgsql"; }; }; diff --git a/modules/services/samba.nix b/modules/services/samba.nix index e8e3525..e772997 100644 --- a/modules/services/samba.nix +++ b/modules/services/samba.nix @@ -69,7 +69,8 @@ "valid users" = "${user} @${group}"; "force create mode" = "0660"; "force directory mode" = "0770"; - "acl allow execute always" = "yes"; + # Might be necessary for windows user to be able to open thing in smb + "acl allow execute always" = "no"; } // cfg; }; diff --git a/users/patrick/default.nix b/users/patrick/default.nix index 8b7a810..0f4d48b 100644 --- a/users/patrick/default.nix +++ b/users/patrick/default.nix @@ -35,6 +35,7 @@ lib.optionalAttrs (!minimal) { } ]; }; + users.groups.patrick = {}; environment.systemPackages = with pkgs; [ # xournalpp needs this or else it will crash