add zammad to fw vm, add web-arm machine

2024-08-16 22:42:00 +02:00
parent d46990b7fb
commit f86996cd28
87 changed files with 4681 additions and 135 deletions
--- a/hosts/web-arm/modules/nextcloud/default.nix
+++ b/hosts/web-arm/modules/nextcloud/default.nix
@@ -0,0 +1,37 @@
+{ pkgs, config, ... }:
+{
+  sops.secrets.nextcloud-adminpass.owner = "nextcloud";
+
+  services.nextcloud = {                
+    enable = true;                   
+    hostName = "nextcloud.cloonar.com";
+    https = true;
+    package = pkgs.nextcloud27;
+    # Instead of using pkgs.nextcloud27Packages.apps,
+    # we'll reference the package version specified above
+    extraApps = with config.services.nextcloud.package.packages.apps; {
+      inherit contacts calendar tasks deck;
+      oidc_login = pkgs.fetchNextcloudApp rec {
+        url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v2.6.0/oidc_login.tar.gz";
+        sha256 = "sha256-MZ/Pgqrb8Y9aH1vd3BfuPhfLOmYyZQO2xVasdj+rCo4=";
+      };
+    };
+    extraAppsEnable = true;
+
+    database.createLocally = true;
+    enableBrokenCiphersForSSE = false;
+
+    config = {
+      adminpassFile = config.sops.secrets.nextcloud-adminpass.path;
+      dbtype = "mysql";
+    };
+  };
+
+  services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
+    forceSSL = true;
+    enableACME = true;
+    acmeRoot = null;
+  };
+
+  services.mysqlBackup.databases = [ "nextcloud" ];
+}
--- a/hosts/web-arm/modules/nextcloud/secrets.yaml
+++ b/hosts/web-arm/modules/nextcloud/secrets.yaml
@@ -0,0 +1,39 @@
+nextcloud-adminpass: ENC[AES256_GCM,data:WJA7+5XqLK2eYefCviHqvHwqYPy9yfN+/3j5RTF0edrw41oB/wC5JWYejK2FzMkjkXZM0BUQ6waE3PCal3Ebqvzt/ZyC8Pwm8Z+PuMuXFx/6fQLJDxHALXH03GWAzNhUZpcZUYoNtu+uwaROg/4ZVNRu3IXxw+b2DWN65EaMO48=,iv:arkUgibmZQuaiCwYg6NBrMHZXUCLY2y/XiuVjB450ag=,tag:RH6r8nJPU24qq/EUC3jQ/A==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0VmR4THNkUGpvVHB6WWtw
+            WkQ1dlc3R0FWaXpVZ29Sd2g1ZWJzYUFQWHdFCndkUWxqZEdIQlBnSDluN2NEWmZG
+            VndCbXlqV3p0ZnYwcFhjeGZVa09xcW8KLS0tIHVnc2RPWTF1b2NvWVp3OEFwVDZk
+            V0FWOXhSbXQyd0JmVEVpdG9IeXlsQ1UKFxGluq+uOgkA7UUa6/4ZErEPRgQQ5cXS
+            PdB5Et5f02RWBRAUtGEE0UrLiINlIFvFAIr3PKctNVc8/Ovf/jGojg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0RnRPK0Y4ekRiYS9xdGs0
+            ZE5oT1FIWmlySERMbDAyQXlHNDJnQ2Q2dkVvCjNQSGlyQXlzUXAzV0wrNHppUFY4
+            a3k4Y2VtQ1Z4UjVqcnQ4MXhjSzJoM0UKLS0tIHBORnVoSHlJVnpjcmdZVTA1NHhF
+            dHVTWnpXTnNNc0l1M3J6enFBdUwwNWcK80nKzyIrrKaEa0naFsnuie+732hMZQUg
+            IAU9V7/bZiDItTUVdATDjjNBiXnMgDB73SqHhuyIDD+VhDkVUBhjWw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1y6lvl5jkwc47p5ae9yz9j9kuwhy7rtttua5xhygrgmr7ehd49svsszyt42
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVdDduRUZOS2VEUldmRFRS
+            QUVxeUVWRERSQ2ZkdnV1ekw4SVVFSzZvUFN3CkQrRnBQQzlnL2xtcFpVd0xiQmda
+            NFZnQmhxcm1xUnVZY3l2eHp6Sjl4a0UKLS0tIG1maDNiRW44VmJDSlk2eWRQcHB2
+            ZHpwQURoNGhuOWJPUkFpc0RSaHFBM0UKW4lMlcxC5+Hpm6DO3wwco41kJsfuWP33
+            +2qhmnwt8mXWxAVxNreQQ0YQDliBnQR3uUny7hWyfrIkeQzOBLBrOw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-08-18T17:47:34Z"
+    mac: ENC[AES256_GCM,data:bm/lHsobqvZSzk9crPmf8vc2idN3h/HOpQab7n7N6vtEY0QpMTv+6K7YERBD7T9oIxSNtcLNOcw6Rr2w9Cd1cq+W0azPA2dxd6/crq6rbhAgld/MipemP+YfdENxRrdyastk7P3FWyHZzhKlhem/ft0lpeiJg5NWRjA8IkLSDZc=,iv:W4cYC/e1CO5nsLx5yOaH0vGJ7fAx5bAH9acJShciHcI=,tag:whYqwogQMPPklHqoyhuL8g==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3