kopia docker

modules/containers/kopia-docker.nix

@@ -0,0 +1,41 @@
+
+{ config, lib, ... }:
+
+with lib;
+
+let
+   Define a shorthand for the module's options
+     cfg = config.services.kopia-docker;
+   in
+   {
+     options.services.kopia-docker.enable = mkEnableOption (mdDoc "Kopia backup server (running in a container)");
+  
+     config = mkIf cfg.enable {
+       virtualisation.oci-containers.containers.kopia = {
+         image = "kopia/kopia:latest";
+         extraOptions = [ "--network=host" ];
+         volumes = [
+           "/etc:/etc:ro"
+           "/srv:/srv:ro"
+           "/var/log:/var/log:ro"
+           "/home:/home:ro"
+           "/var/lib:/var/lib:ro"
+           "/root:/root:ro"
+           "/storage:/storage:ro"
+           "/storage/services/kopia:/app/config"
+           "/storage/services/kopia/cache:/app/cache"
+           "/storage/services/kopia/logs:/app/logs"
+           "/etc/nixos/secrets/kopia_password:/run/secrets/kopia-control-password:ro"
+         ];
+         entrypoint = [
+           "kopia"
+           "server"
+           "start"
+           "--insecure"
+           "--address=0.0.0.0:51515"
+           "--server-control-username=homelab"
+           "--server-control-password-from-file=/run/secrets/kopia-control-password"
+         ];
+       };
+     };
+   }

modules/home-assistant.nix

@@ -1,53 +0,0 @@
-# /home/death916/nixconfig/modules/home-assistant.nix
-{ config, pkgs, lib, unstablePkgsHA, ... }: # Added unstablePkgsHA
-
-{
-  services.home-assistant = {
-    enable = true;
-    package = unstablePkgsHA.home-assistant; # Use HA package from unstable
-
-    extraComponents = [
-      "esphome"
-      "met"
-      "radio_browser"
-      "wled"
-      "tplink"
-      "onvif"
-    ];
-
-    extraPackages = python3Packages: with python3Packages; [
-      aiogithubapi # Added dependency for HACS
-      python-kasa
-      pychromecast
-      pytapo      
-    ];
-
-    config = {
-      default_config = {};
-      homeassistant = {
-        name = "Homelab HA (Unstable)";
-        
-        time_zone = "America/Los_Angeles";
-      };
-      # Add other integrations as needed
-    };
-  };
-
-  # Firewall rule for Home Assistant
-  networking.firewall = {
-    allowedTCPPorts = [ 8123 ];
-    allowedUDPPorts = [ 
-      5353  # mDNS/Bonjour discovery
-      1900  # SSDP/UPnP discovery
-      1901  # UPnP
-      3702  # WS-Discovery (ONVIF specific)
-    ];
-  };
-
-  # Ensure the `hass` user has access to necessary devices (e.g., Zigbee/Z-Wave dongles)
-  users.users.hass.extraGroups = lib.mkIf (config.services.home-assistant.enable) [
-    "dialout" # Common group for serial devices
-    # Add other groups if needed
-  ];
-
-}

modules/home-assistant.nix.save

@@ -1,11 +0,0 @@
-{
-  services.home-assistant = {
-    enable = true;
-    extraComponents = [
-      # Components required to complete the onboarding
-      "esphome"
-      "met"
-      "radio_browser"
-    ];
-    config = {
-      # Includes dependencies for a basic setup

modules/nextcloud-setup.nix.b4edit

@@ -1,69 +0,0 @@
-# ~/nixconfig/nextcloud-local-setup.nix
-{ config, pkgs, lib, ... }:
-
-let
-  nextcloudInternalHostName = "homelab";
-  # Define the paths to your externally managed password files
-  adminPassFilePath = "/etc/nixos/secrets/nextcloud_admin_password";
-  dbPassFilePath = "/etc/nixos/secrets/nextcloud_db_password";
-  nextcloudDataPath = "/storage/nextcloud-data";
-in
-{
-  # --- PostgreSQL Database for Nextcloud ---
-  services.postgresql = {
-    enable = true;
-    package = pkgs.postgresql_14;
-    ensureDatabases = [ "nextcloud" ];
-    ensureUsers = [ { name = "nextcloud"; } ];
-  };
-
-  # --- Redis for Nextcloud Caching and Locking ---
-  services.redis.servers.nextcloud = {
-    enable = true;
-    user = "nextcloud";
-    unixSocket = "/run/redis-nextcloud/redis.sock";
-    port = 0;
-  };
-  systemd.tmpfiles.rules = [
-    "d /run/redis-nextcloud 0750 nextcloud nextcloud - -" 
-  ];
-
-  # --- Nextcloud Service Configuration ---
-  services.nextcloud = {
-    enable = true;
-    package = pkgs.nextcloud31;
-    hostName = nextcloudInternalHostName;
-    https = false;
-   # port = 8080;
-    datadir = nextcloudDataPath;
-    config = {
-      dbtype = "pgsql";
-      dbuser = "nextcloud";
-      dbhost = "/run/postgresql";
-      dbname = "nextcloud";
-      dbpassFile = dbPassFilePath; # Points to your external file
-      #dataDir = nextcloudDataPath;  # Points to your external data directory
-      adminuser = "death916";
-      adminpassFile = adminPassFilePath; # Points to your external file
-      trusted_domains = ["cloud.death916.xyz" "homelab"];
-     # overwriteprotocol = "http";
-    };
-
-    caching.redis = true;
-    settings = {
-      memcache.distributed = "\\OC\\Memcache\\Redis";
-      memcache.locking = "\\OC\\Memcache\\Redis";
-      filelocking.enabled = true;
-      redis = { host = "/run/redis-nextcloud/redis.sock"; port = 0; };
-    };
-    phpOptions = lib.mkForce { "memory_limit" = "2G"; };
-    
-   
-  };
-
-  users.users.nextcloud = { isSystemUser = true; group = "nextcloud"; };
-  users.groups.nextcloud = {};
-
-  networking.firewall.allowedTCPPorts = [ 8080 ];
-}
-

modules/nextcloud-setup.nix.old

@@ -1,100 +0,0 @@
-# ~/nixconfig/modules/nextcloud-setup.nix
-{ config, pkgs, lib, ... }:
-
-let
-  nextcloudExternalDomain = "cloud.death916.xyz"; # Domain used by NPM
-  adminPassFilePath = "/etc/nixos/secrets/nextcloud_admin_password";
-  dbPassFilePath = "/etc/nixos/secrets/nextcloud_db_password";
-  nextcloudDataPath = "/storage/nextcloud-data";
-  nginxProxyManagerTailscaleIP = "100.117.212.36"; # IP of your NPM
-
-  # Port Nextcloud's internal webserver listens on (default 80 for HTTP).
-  # NPM forwards to <homelab_tailscale_ip>:<internalNextcloudHttpPort>
-  # Direct Tailscale clients will connect to <homelab_tailscale_ip_or_magicdns>:<internalNextcloudHttpPort>
-  internalNextcloudHttpPort = 80;
-
-  # --- For Direct Tailscale Access to homelab's Nextcloud ---
-  homelabTailscaleIP = "100.65.36.116"; # REPLACE with homelab's actual Tailscale IP
-  homelabMagicDNSName = "homelab"; # Or homelab.your-tailnet-name.ts.net if you use the full name
-in
-{
-  # --- PostgreSQL & Redis setup ... (as before) ---
-  services.postgresql = {
-    enable = true; package = pkgs.postgresql_14; ensureDatabases = [ "nextcloud" ];
-    ensureUsers = [ { name = "nextcloud"; } ];
-  };
-  services.redis.servers.nextcloud = {
-    enable = true; user = "nextcloud"; unixSocket = "/run/redis-nextcloud/redis.sock";
-    port = 0;
-  };
-  systemd.tmpfiles.rules = [ "d /run/redis-nextcloud 0750 nextcloud nextcloud - -" ];
-
-  # --- Nextcloud Service Configuration ---
-  services.nextcloud = {
-    enable = true;
-    package = pkgs.nextcloud31; # Verify this version
-    
-    # For the path through NPM, hostName should match the external domain.
-    # For direct Tailscale access, users will use the Tailscale IP/MagicDNS name.
-    hostName = nextcloudExternalDomain; 
-    
-    https = false; # NPM handles HTTPS. Nextcloud serves HTTP internally.
-    datadir = nextcloudDataPath;
-    maxUploadSize = "2G";
-
-    config = {
-      dbtype = "pgsql"; dbuser = "nextcloud"; dbhost = "/run/postgresql";
-      dbname = "nextcloud"; dbpassFile = dbPassFilePath;
-      adminuser = "death916"; adminpassFile = adminPassFilePath;
-    };
-
-    settings = {
-      # --- Trusted Domains: CRITICAL ---
-      # Add all ways Nextcloud will be accessed.
-      trusted_domains = [
-        nextcloudExternalDomain        # For access via NPM
-        homelabTailscaleIP             # For direct access via Tailscale IP
-        homelabMagicDNSName             # For direct access via Tailscale MagicDNS name
-        # "localhost"                   # If you run occ commands directly on homelab
-      ];
-      
-      # --- Trusted Proxies: For NPM path ---
-      trusted_proxies = [ nginxProxyManagerTailscaleIP ]; 
-
-      # --- Overwrite Parameters: Primarily for the NPM path ---
-      # These tell Nextcloud how it looks when accessed via NPM (HTTPS, external domain).
-      # When accessed directly via Tailscale IP/MagicDNS name over HTTP, these *might*
-      # cause Nextcloud to generate HTTPS links, which could be an issue if you haven't
-      # set up HTTPS directly on the homelab Tailscale interface.
-      overwriteprotocol = "https"; 
-      overwritehost = nextcloudExternalDomain;
-      "overwrite.cli.url" = "https://${nextcloudExternalDomain}"; # For occ commands
-
-      # If direct HTTP access over Tailscale leads to mixed content or redirect loops
-      # due to the above overwrite settings, you might need `overwritecondaddr`.
-      overwritecondaddr = "^${nginxProxyManagerTailscaleIP}$";
-      # This would apply the overwriteprotocol/host only if request comes from NPM.
-      # For simplicity, try without it first.
-
-      # Redis and other settings
-      "memcache.local" = "\\OC\\Memcache\\APCu";
-      "memcache.distributed" = "\\OC\\Memcache\\Redis";
-      "memcache.locking" = "\\OC\\Memcache\\Redis";
-      filelocking.enabled = true;
-      redis = { host = "/run/redis-nextcloud/redis.sock"; port = 0; };
-    };
-    
-    caching.redis = true; 
-    phpOptions = lib.mkForce { "memory_limit" = "2G"; };
-  };
-
-  users.users.nextcloud = { isSystemUser = true; group = "nextcloud"; };
-  users.groups.nextcloud = {}; 
-
-  # Firewall on homelab:
-  # Allows NPM (and direct Tailscale clients) to connect to Nextcloud's internal HTTP port.
-  # If `networking.firewall.trustedInterfaces = [ "tailscale0" ];` is in homelab.nix,
-  # this is mainly for Tailscale access.
-  networking.firewall.allowedTCPPorts = [ internalNextcloudHttpPort ]; # Port 80
-}
-

modules/nextcloud-setup.nix.updaterscommentedout

@@ -1,93 +0,0 @@
-# ~/nixconfig/modules/nextcloud-setup.nix
-{ config, pkgs, lib, ... }:
-
-let
-  nextcloudExternalDomain = "cloud.death916.xyz"; # Domain used by NPM
-  adminPassFilePath = "/etc/nixos/secrets/nextcloud_admin_password";
-  dbPassFilePath = "/etc/nixos/secrets/nextcloud_db_password";
-  nextcloudDataPath = "/storage/nextcloud-data";
-  nginxProxyManagerTailscaleIP = "100.117.212.36"; # IP of your NPM
-
-  # Port Nextcloud's internal webserver listens on (default 80 for HTTP).
-  # NPM forwards to <homelab_tailscale_ip>:<internalNextcloudHttpPort>
-  # Direct Tailscale clients will connect to <homelab_tailscale_ip_or_magicdns>:<internalNextcloudHttpPort>
-  internalNextcloudHttpPort = 80;
-
-  # --- For Direct Tailscale Access to homelab's Nextcloud ---
-  homelabTailscaleIP = "100.65.36.116"; # REPLACE with homelab's actual Tailscale IP
-  homelabMagicDNSName = "homelab"; # Or homelab.your-tailnet-name.ts.net if you use the full name
-in
-{
-  # --- PostgreSQL & Redis setup ... (as before) ---
-  services.postgresql = {
-    enable = true; package = pkgs.postgresql_14; ensureDatabases = [ "nextcloud" ];
-    ensureUsers = [ { name = "nextcloud"; } ];
-  };
-  services.redis.servers.nextcloud = {
-    enable = true; user = "nextcloud"; unixSocket = "/run/redis-nextcloud/redis.sock";
-    port = 0;
-  };
-  systemd.tmpfiles.rules = [ "d /run/redis-nextcloud 0750 nextcloud nextcloud - -" ];
-
-  # --- Nextcloud Service Configuration ---
-  services.nextcloud = {
-    enable = true;
-    package = pkgs.nextcloud31; # Verify this version
-    
-    hostName = nextcloudExternalDomain; 
-    https = false; 
-    datadir = nextcloudDataPath;
-    maxUploadSize = "2G";
-
-    config = {
-      dbtype = "pgsql"; dbuser = "nextcloud"; dbhost = "/run/postgresql";
-      dbname = "nextcloud"; dbpassFile = dbPassFilePath;
-      adminuser = "death916"; adminpassFile = adminPassFilePath;
-    };
-
-    settings = {
-      trusted_domains = [
-        nextcloudExternalDomain
-        homelabTailscaleIP
-        homelabMagicDNSName
-      ];
-      trusted_proxies = [ nginxProxyManagerTailscaleIP ]; 
-      overwriteprotocol = "https"; 
-      overwritehost = nextcloudExternalDomain;
-      "overwrite.cli.url" = "https://${nextcloudExternalDomain}";
-      overwritecondaddr = "^${nginxProxyManagerTailscaleIP}$";
-      "memcache.local" = "\\OC\\Memcache\\APCu";
-      "memcache.distributed" = "\\OC\\Memcache\\Redis";
-      "memcache.locking" = "\\OC\\Memcache\\Redis";
-      filelocking.enabled = true;
-      redis = { host = "/run/redis-nextcloud/redis.sock"; port = 0; };
-    };
-    
-    caching.redis = true; 
-    phpOptions = lib.mkForce { "memory_limit" = "2G"; };
-  };
-
-  # --- MODIFICATION: Attempt to "disable" setup/update services from auto-starting ---
-  # This removes their default "WantedBy" directives, which is how services are
-  # typically enabled to start at boot or with general system targets.
-  systemd.services."nextcloud-setup.service" = {
-    # This service unit is generated by the services.nextcloud module.
-    # We are overriding its 'wantedBy' to an empty list.
-    # This should prevent it from being linked into targets like multi-user.target.
-    wantedBy = lib.mkForce [ ];
-    # We are NOT changing what command it runs (ExecStart).
-  };
-
-  systemd.services."nextcloud-update-db.service" = {
-    # Similar to above, for the database update service.
-    wantedBy = lib.mkForce [ ];
-    # We are NOT changing what command it runs (ExecStart).
-  };
-  # --- END MODIFICATION ---
-
-  users.users.nextcloud = { isSystemUser = true; group = "nextcloud"; };
-  users.groups.nextcloud = {}; 
-
-  networking.firewall.allowedTCPPorts = [ internalNextcloudHttpPort ];
-}
-

modules/opencloud.nix

@@ -1,18 +0,0 @@
-# opencloud.nix
-{ config, pkgs, ... }: # This defines a NixOS module that takes config, pkgs, etc. as arguments [2]
-
-{
-  services.opencloud = {
-    enable = true;
-    environment = {
-      OC_INSECURE = "true";
-      OC_BASIC_AUTH_ENABLE = "true";
-      OC_BASIC_AUTH_USERNAME = "death916"; # Replace with your desired username
-      OC_BASIC_AUTH_PASSWORD = "(builtins.readFile /etc/nixos/secrets/opencloud"; # Replace with your desired password
-      OC_LOG_LEVEL = "info";
-    };
-    listenAddress = "0.0.0.0";
-    port = 9000;
-  };
-}
-