From c60a79b3fbe05d94380ce0324036d91f23a8f4fb Mon Sep 17 00:00:00 2001 From: death916 Date: Thu, 17 Jul 2025 04:43:26 -0700 Subject: [PATCH] kopia docker --- modules/containers/kopia-docker.nix | 41 +++++++ modules/home-assistant.nix | 53 ---------- modules/home-assistant.nix.save | 11 -- modules/nextcloud-setup.nix.b4edit | 69 ------------ modules/nextcloud-setup.nix.old | 100 ------------------ .../nextcloud-setup.nix.updaterscommentedout | 93 ---------------- modules/opencloud.nix | 18 ---- 7 files changed, 41 insertions(+), 344 deletions(-) create mode 100644 modules/containers/kopia-docker.nix delete mode 100644 modules/home-assistant.nix delete mode 100644 modules/home-assistant.nix.save delete mode 100644 modules/nextcloud-setup.nix.b4edit delete mode 100644 modules/nextcloud-setup.nix.old delete mode 100644 modules/nextcloud-setup.nix.updaterscommentedout delete mode 100644 modules/opencloud.nix diff --git a/modules/containers/kopia-docker.nix b/modules/containers/kopia-docker.nix new file mode 100644 index 0000000..6af70bd --- /dev/null +++ b/modules/containers/kopia-docker.nix @@ -0,0 +1,41 @@ + +{ config, lib, ... }: + +with lib; + +let + Define a shorthand for the module's options + cfg = config.services.kopia-docker; + in + { + options.services.kopia-docker.enable = mkEnableOption (mdDoc "Kopia backup server (running in a container)"); + + config = mkIf cfg.enable { + virtualisation.oci-containers.containers.kopia = { + image = "kopia/kopia:latest"; + extraOptions = [ "--network=host" ]; + volumes = [ + "/etc:/etc:ro" + "/srv:/srv:ro" + "/var/log:/var/log:ro" + "/home:/home:ro" + "/var/lib:/var/lib:ro" + "/root:/root:ro" + "/storage:/storage:ro" + "/storage/services/kopia:/app/config" + "/storage/services/kopia/cache:/app/cache" + "/storage/services/kopia/logs:/app/logs" + "/etc/nixos/secrets/kopia_password:/run/secrets/kopia-control-password:ro" + ]; + entrypoint = [ + "kopia" + "server" + "start" + "--insecure" + "--address=0.0.0.0:51515" + "--server-control-username=homelab" + "--server-control-password-from-file=/run/secrets/kopia-control-password" + ]; + }; + }; + } diff --git a/modules/home-assistant.nix b/modules/home-assistant.nix deleted file mode 100644 index 9b77e6a..0000000 --- a/modules/home-assistant.nix +++ /dev/null @@ -1,53 +0,0 @@ -# /home/death916/nixconfig/modules/home-assistant.nix -{ config, pkgs, lib, unstablePkgsHA, ... }: # Added unstablePkgsHA - -{ - services.home-assistant = { - enable = true; - package = unstablePkgsHA.home-assistant; # Use HA package from unstable - - extraComponents = [ - "esphome" - "met" - "radio_browser" - "wled" - "tplink" - "onvif" - ]; - - extraPackages = python3Packages: with python3Packages; [ - aiogithubapi # Added dependency for HACS - python-kasa - pychromecast - pytapo - ]; - - config = { - default_config = {}; - homeassistant = { - name = "Homelab HA (Unstable)"; - - time_zone = "America/Los_Angeles"; - }; - # Add other integrations as needed - }; - }; - - # Firewall rule for Home Assistant - networking.firewall = { - allowedTCPPorts = [ 8123 ]; - allowedUDPPorts = [ - 5353 # mDNS/Bonjour discovery - 1900 # SSDP/UPnP discovery - 1901 # UPnP - 3702 # WS-Discovery (ONVIF specific) - ]; - }; - - # Ensure the `hass` user has access to necessary devices (e.g., Zigbee/Z-Wave dongles) - users.users.hass.extraGroups = lib.mkIf (config.services.home-assistant.enable) [ - "dialout" # Common group for serial devices - # Add other groups if needed - ]; - -} diff --git a/modules/home-assistant.nix.save b/modules/home-assistant.nix.save deleted file mode 100644 index cb50eca..0000000 --- a/modules/home-assistant.nix.save +++ /dev/null @@ -1,11 +0,0 @@ -{ - services.home-assistant = { - enable = true; - extraComponents = [ - # Components required to complete the onboarding - "esphome" - "met" - "radio_browser" - ]; - config = { - # Includes dependencies for a basic setup diff --git a/modules/nextcloud-setup.nix.b4edit b/modules/nextcloud-setup.nix.b4edit deleted file mode 100644 index 8e17a16..0000000 --- a/modules/nextcloud-setup.nix.b4edit +++ /dev/null @@ -1,69 +0,0 @@ -# ~/nixconfig/nextcloud-local-setup.nix -{ config, pkgs, lib, ... }: - -let - nextcloudInternalHostName = "homelab"; - # Define the paths to your externally managed password files - adminPassFilePath = "/etc/nixos/secrets/nextcloud_admin_password"; - dbPassFilePath = "/etc/nixos/secrets/nextcloud_db_password"; - nextcloudDataPath = "/storage/nextcloud-data"; -in -{ - # --- PostgreSQL Database for Nextcloud --- - services.postgresql = { - enable = true; - package = pkgs.postgresql_14; - ensureDatabases = [ "nextcloud" ]; - ensureUsers = [ { name = "nextcloud"; } ]; - }; - - # --- Redis for Nextcloud Caching and Locking --- - services.redis.servers.nextcloud = { - enable = true; - user = "nextcloud"; - unixSocket = "/run/redis-nextcloud/redis.sock"; - port = 0; - }; - systemd.tmpfiles.rules = [ - "d /run/redis-nextcloud 0750 nextcloud nextcloud - -" - ]; - - # --- Nextcloud Service Configuration --- - services.nextcloud = { - enable = true; - package = pkgs.nextcloud31; - hostName = nextcloudInternalHostName; - https = false; - # port = 8080; - datadir = nextcloudDataPath; - config = { - dbtype = "pgsql"; - dbuser = "nextcloud"; - dbhost = "/run/postgresql"; - dbname = "nextcloud"; - dbpassFile = dbPassFilePath; # Points to your external file - #dataDir = nextcloudDataPath; # Points to your external data directory - adminuser = "death916"; - adminpassFile = adminPassFilePath; # Points to your external file - trusted_domains = ["cloud.death916.xyz" "homelab"]; - # overwriteprotocol = "http"; - }; - - caching.redis = true; - settings = { - memcache.distributed = "\\OC\\Memcache\\Redis"; - memcache.locking = "\\OC\\Memcache\\Redis"; - filelocking.enabled = true; - redis = { host = "/run/redis-nextcloud/redis.sock"; port = 0; }; - }; - phpOptions = lib.mkForce { "memory_limit" = "2G"; }; - - - }; - - users.users.nextcloud = { isSystemUser = true; group = "nextcloud"; }; - users.groups.nextcloud = {}; - - networking.firewall.allowedTCPPorts = [ 8080 ]; -} - diff --git a/modules/nextcloud-setup.nix.old b/modules/nextcloud-setup.nix.old deleted file mode 100644 index 1f0fafe..0000000 --- a/modules/nextcloud-setup.nix.old +++ /dev/null @@ -1,100 +0,0 @@ -# ~/nixconfig/modules/nextcloud-setup.nix -{ config, pkgs, lib, ... }: - -let - nextcloudExternalDomain = "cloud.death916.xyz"; # Domain used by NPM - adminPassFilePath = "/etc/nixos/secrets/nextcloud_admin_password"; - dbPassFilePath = "/etc/nixos/secrets/nextcloud_db_password"; - nextcloudDataPath = "/storage/nextcloud-data"; - nginxProxyManagerTailscaleIP = "100.117.212.36"; # IP of your NPM - - # Port Nextcloud's internal webserver listens on (default 80 for HTTP). - # NPM forwards to : - # Direct Tailscale clients will connect to : - internalNextcloudHttpPort = 80; - - # --- For Direct Tailscale Access to homelab's Nextcloud --- - homelabTailscaleIP = "100.65.36.116"; # REPLACE with homelab's actual Tailscale IP - homelabMagicDNSName = "homelab"; # Or homelab.your-tailnet-name.ts.net if you use the full name -in -{ - # --- PostgreSQL & Redis setup ... (as before) --- - services.postgresql = { - enable = true; package = pkgs.postgresql_14; ensureDatabases = [ "nextcloud" ]; - ensureUsers = [ { name = "nextcloud"; } ]; - }; - services.redis.servers.nextcloud = { - enable = true; user = "nextcloud"; unixSocket = "/run/redis-nextcloud/redis.sock"; - port = 0; - }; - systemd.tmpfiles.rules = [ "d /run/redis-nextcloud 0750 nextcloud nextcloud - -" ]; - - # --- Nextcloud Service Configuration --- - services.nextcloud = { - enable = true; - package = pkgs.nextcloud31; # Verify this version - - # For the path through NPM, hostName should match the external domain. - # For direct Tailscale access, users will use the Tailscale IP/MagicDNS name. - hostName = nextcloudExternalDomain; - - https = false; # NPM handles HTTPS. Nextcloud serves HTTP internally. - datadir = nextcloudDataPath; - maxUploadSize = "2G"; - - config = { - dbtype = "pgsql"; dbuser = "nextcloud"; dbhost = "/run/postgresql"; - dbname = "nextcloud"; dbpassFile = dbPassFilePath; - adminuser = "death916"; adminpassFile = adminPassFilePath; - }; - - settings = { - # --- Trusted Domains: CRITICAL --- - # Add all ways Nextcloud will be accessed. - trusted_domains = [ - nextcloudExternalDomain # For access via NPM - homelabTailscaleIP # For direct access via Tailscale IP - homelabMagicDNSName # For direct access via Tailscale MagicDNS name - # "localhost" # If you run occ commands directly on homelab - ]; - - # --- Trusted Proxies: For NPM path --- - trusted_proxies = [ nginxProxyManagerTailscaleIP ]; - - # --- Overwrite Parameters: Primarily for the NPM path --- - # These tell Nextcloud how it looks when accessed via NPM (HTTPS, external domain). - # When accessed directly via Tailscale IP/MagicDNS name over HTTP, these *might* - # cause Nextcloud to generate HTTPS links, which could be an issue if you haven't - # set up HTTPS directly on the homelab Tailscale interface. - overwriteprotocol = "https"; - overwritehost = nextcloudExternalDomain; - "overwrite.cli.url" = "https://${nextcloudExternalDomain}"; # For occ commands - - # If direct HTTP access over Tailscale leads to mixed content or redirect loops - # due to the above overwrite settings, you might need `overwritecondaddr`. - overwritecondaddr = "^${nginxProxyManagerTailscaleIP}$"; - # This would apply the overwriteprotocol/host only if request comes from NPM. - # For simplicity, try without it first. - - # Redis and other settings - "memcache.local" = "\\OC\\Memcache\\APCu"; - "memcache.distributed" = "\\OC\\Memcache\\Redis"; - "memcache.locking" = "\\OC\\Memcache\\Redis"; - filelocking.enabled = true; - redis = { host = "/run/redis-nextcloud/redis.sock"; port = 0; }; - }; - - caching.redis = true; - phpOptions = lib.mkForce { "memory_limit" = "2G"; }; - }; - - users.users.nextcloud = { isSystemUser = true; group = "nextcloud"; }; - users.groups.nextcloud = {}; - - # Firewall on homelab: - # Allows NPM (and direct Tailscale clients) to connect to Nextcloud's internal HTTP port. - # If `networking.firewall.trustedInterfaces = [ "tailscale0" ];` is in homelab.nix, - # this is mainly for Tailscale access. - networking.firewall.allowedTCPPorts = [ internalNextcloudHttpPort ]; # Port 80 -} - diff --git a/modules/nextcloud-setup.nix.updaterscommentedout b/modules/nextcloud-setup.nix.updaterscommentedout deleted file mode 100644 index 24435a3..0000000 --- a/modules/nextcloud-setup.nix.updaterscommentedout +++ /dev/null @@ -1,93 +0,0 @@ -# ~/nixconfig/modules/nextcloud-setup.nix -{ config, pkgs, lib, ... }: - -let - nextcloudExternalDomain = "cloud.death916.xyz"; # Domain used by NPM - adminPassFilePath = "/etc/nixos/secrets/nextcloud_admin_password"; - dbPassFilePath = "/etc/nixos/secrets/nextcloud_db_password"; - nextcloudDataPath = "/storage/nextcloud-data"; - nginxProxyManagerTailscaleIP = "100.117.212.36"; # IP of your NPM - - # Port Nextcloud's internal webserver listens on (default 80 for HTTP). - # NPM forwards to : - # Direct Tailscale clients will connect to : - internalNextcloudHttpPort = 80; - - # --- For Direct Tailscale Access to homelab's Nextcloud --- - homelabTailscaleIP = "100.65.36.116"; # REPLACE with homelab's actual Tailscale IP - homelabMagicDNSName = "homelab"; # Or homelab.your-tailnet-name.ts.net if you use the full name -in -{ - # --- PostgreSQL & Redis setup ... (as before) --- - services.postgresql = { - enable = true; package = pkgs.postgresql_14; ensureDatabases = [ "nextcloud" ]; - ensureUsers = [ { name = "nextcloud"; } ]; - }; - services.redis.servers.nextcloud = { - enable = true; user = "nextcloud"; unixSocket = "/run/redis-nextcloud/redis.sock"; - port = 0; - }; - systemd.tmpfiles.rules = [ "d /run/redis-nextcloud 0750 nextcloud nextcloud - -" ]; - - # --- Nextcloud Service Configuration --- - services.nextcloud = { - enable = true; - package = pkgs.nextcloud31; # Verify this version - - hostName = nextcloudExternalDomain; - https = false; - datadir = nextcloudDataPath; - maxUploadSize = "2G"; - - config = { - dbtype = "pgsql"; dbuser = "nextcloud"; dbhost = "/run/postgresql"; - dbname = "nextcloud"; dbpassFile = dbPassFilePath; - adminuser = "death916"; adminpassFile = adminPassFilePath; - }; - - settings = { - trusted_domains = [ - nextcloudExternalDomain - homelabTailscaleIP - homelabMagicDNSName - ]; - trusted_proxies = [ nginxProxyManagerTailscaleIP ]; - overwriteprotocol = "https"; - overwritehost = nextcloudExternalDomain; - "overwrite.cli.url" = "https://${nextcloudExternalDomain}"; - overwritecondaddr = "^${nginxProxyManagerTailscaleIP}$"; - "memcache.local" = "\\OC\\Memcache\\APCu"; - "memcache.distributed" = "\\OC\\Memcache\\Redis"; - "memcache.locking" = "\\OC\\Memcache\\Redis"; - filelocking.enabled = true; - redis = { host = "/run/redis-nextcloud/redis.sock"; port = 0; }; - }; - - caching.redis = true; - phpOptions = lib.mkForce { "memory_limit" = "2G"; }; - }; - - # --- MODIFICATION: Attempt to "disable" setup/update services from auto-starting --- - # This removes their default "WantedBy" directives, which is how services are - # typically enabled to start at boot or with general system targets. - systemd.services."nextcloud-setup.service" = { - # This service unit is generated by the services.nextcloud module. - # We are overriding its 'wantedBy' to an empty list. - # This should prevent it from being linked into targets like multi-user.target. - wantedBy = lib.mkForce [ ]; - # We are NOT changing what command it runs (ExecStart). - }; - - systemd.services."nextcloud-update-db.service" = { - # Similar to above, for the database update service. - wantedBy = lib.mkForce [ ]; - # We are NOT changing what command it runs (ExecStart). - }; - # --- END MODIFICATION --- - - users.users.nextcloud = { isSystemUser = true; group = "nextcloud"; }; - users.groups.nextcloud = {}; - - networking.firewall.allowedTCPPorts = [ internalNextcloudHttpPort ]; -} - diff --git a/modules/opencloud.nix b/modules/opencloud.nix deleted file mode 100644 index 68b2013..0000000 --- a/modules/opencloud.nix +++ /dev/null @@ -1,18 +0,0 @@ -# opencloud.nix -{ config, pkgs, ... }: # This defines a NixOS module that takes config, pkgs, etc. as arguments [2] - -{ - services.opencloud = { - enable = true; - environment = { - OC_INSECURE = "true"; - OC_BASIC_AUTH_ENABLE = "true"; - OC_BASIC_AUTH_USERNAME = "death916"; # Replace with your desired username - OC_BASIC_AUTH_PASSWORD = "(builtins.readFile /etc/nixos/secrets/opencloud"; # Replace with your desired password - OC_LOG_LEVEL = "info"; - }; - listenAddress = "0.0.0.0"; - port = 9000; - }; -} -