dachxy/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: nextcloud whiteboard server

Browse source 
features:
nextcloud whiteboard server
nextcloud memories with recognize patch
This commit is contained in:
danny 2025-10-15 23:10:28 +08:00
parent 6a71b601f5
commit dfda745829
13 changed files with 165 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.sops.yaml
View file

@ -8,6 +8,7 @@ creation_rules:
- path_regex: system/dev/dn-server/sops/secret.yaml - path_regex: system/dev/dn-server/sops/secret.yaml
key_groups: key_groups:
- age: - age:
- *dn_lap
- *dn_server - *dn_server
- *dn_pre7780 - *dn_pre7780
- path_regex: system/dev/dn-pre7780/sops/secret.yaml - path_regex: system/dev/dn-pre7780/sops/secret.yaml

2
home/user/hypr/bind.nix
View file

@ -13,7 +13,7 @@ let
notransTag = "notrans"; notransTag = "notrans";
browser-bin = "zen"; browser-bin = "$BROWSER";
prefix = if nvidia-offload-enabled then "nvidia-offload " else ""; prefix = if nvidia-offload-enabled then "nvidia-offload " else "";
browser = "${prefix}${browser-bin}"; browser = "${prefix}${browser-bin}";
terminal = "${prefix}ghostty"; terminal = "${prefix}ghostty";

1
home/user/waybar.nix
View file

@ -439,6 +439,7 @@ in
on-click-middle = "close"; on-click-middle = "close";
ignore-list = [ ignore-list = [
"rofi" "rofi"
"chromium"
"firefox" "firefox"
"firefox-nightly" "firefox-nightly"
"zen" "zen"

35
pkgs/patches/nextcloud_recognize_models_path.patch Normal file
View file

@ -0,0 +1,35 @@
diff --git a/lib/Service/DownloadModelsService.php b/lib/Service/DownloadModelsService.php
index 64e4223..ac939a3 100755
--- a/lib/Service/DownloadModelsService.php
+++ b/lib/Service/DownloadModelsService.php
@@ -27,7 +27,7 @@ final class DownloadModelsService {
* @throws \Exception
*/
public function download() : void {
- $targetPath = __DIR__ . '/../../models';
+ $targetPath = "/var/lib/nextcloud/models";
if (file_exists($targetPath)) {
// remove models directory
$it = new RecursiveDirectoryIterator($targetPath, FilesystemIterator::SKIP_DOTS);
@@ -44,7 +44,7 @@ final class DownloadModelsService {
}
$archiveUrl = $this->getArchiveUrl($this->getNeededArchiveRef());
- $archivePath = __DIR__ . '/../../models.tar.gz';
+ $archivePath = "/var/lib/nextcloud/models.tar.gz";
$timeout = $this->isCLI ? 0 : 480;
$this->clientService->newClient()->get($archiveUrl, ['sink' => $archivePath, 'timeout' => $timeout]);
$tarManager = new TAR($archivePath);
diff --git a/lib/Settings/AdminSettings.php b/lib/Settings/AdminSettings.php
index 83f8a76..ac73d29 100755
--- a/lib/Settings/AdminSettings.php
+++ b/lib/Settings/AdminSettings.php
@@ -28,7 +28,7 @@ final class AdminSettings implements ISettings {
$settings = $this->settingsService->getAll();
$this->initialState->provideInitialState('settings', $settings);
- $modelsPath = __DIR__ . '/../../models';
+ $modelsPath = "/var/lib/nextcloud/models";
$modelsDownloaded = file_exists($modelsPath);
$this->initialState->provideInitialState('modelsDownloaded', $modelsDownloaded);

35
system/dev/dn-lap/home/default.nix
View file

@ -1,14 +1,45 @@
{ config, ... }: {
config,
lib,
...
}:
let let
inherit (lib) mkForce;
inherit (config.systemConf) username; inherit (config.systemConf) username;
in in
{ {
home-manager = { home-manager = {
users."${username}" = { users."${username}" = {
home.sessionVariables = {
BROWSER = mkForce "chromium";
};
programs.chromium = {
enable = true;
extensions = [
# Bitwarden
{
id = "nngceckbapebfimnlniiiahkandclblb";
}
# Vimium
{
id = "dbepggeogbaibhgnhhndojpepiihcmeb";
}
# Dark Reader
{
id = "eimadpbcbfnmbkopoojfekhnkhdbieeh";
}
# Vertical Tabs
{
id = "efobhjmgoddhfdhaflheioeagkcknoji";
}
];
};
imports = [ imports = [
../../../../home/presets/basic.nix ../../../../home/presets/basic.nix
(import ../../../../home/user/bitwarden.nix { (import ../../../../home/user/bitwarden.nix {
email = "danny@dn-server.net.dn"; email = "danny@net.dn";
baseUrl = "https://bitwarden.net.dn"; baseUrl = "https://bitwarden.net.dn";
}) })

8
system/dev/dn-lap/sops/secret.yaml
View file

@ -1,5 +1,5 @@
wireguard: wireguard:
conf: ENC[AES256_GCM,data:GKUlc2K+pJCZHrasZtC/ql8ojYOyIqquOa6gTD3BycvCIU62OO0X0Zi1XW858AzQokHNd3vE+m18XPk1/am5I9FBc0+vGlVctNZgcPLKYObsxF40aZU+NU+Ip1wjNP/V6t0zyt6ur7R7Si9HePhZZqDEpdyBzR2Jjl8DrfC9NiRTVQaHw1D72yjwOGZCkeY7n8PRW9wW9UkzuJNmFHDxF4nUaeP3k3fpfLFEOVyyjvy8Ba995tVWOfJgkMng57VgIr36jzMXWlkpSTB06wWEIfgVpbQpzkFyxWwA4sxhMJfp4JvO3IvzUvkGn3W14Z/SVcg5km7q5aXff9m1/Srn,iv:Oxa377J9Wufm036iFcm+RvitNiWWNPXmUrm9BwrUfBo=,tag:kM4PR/u+j1RkET2Z7FTIPA==,type:str] wg0.conf: ENC[AES256_GCM,data:drqs+CkZVZH4K87jWZLy33NuqPeqLkyTp6mDoxcOsEYGaIR38pommv4TSynAOvrUC3dCw9O+qLHEiSwlJGoZOQKFzHxUefKrCtkRMCE3ytDKFmJbLoKT/GPxnOOenIm8JxKX6nsLaqCk36ODXzTA8iU8ICN2zqoCiodjx72Ge2KckQzSak04v28B6viuzfl8zipD1Fetm72sOBTX0I0WwoziDBBL77x1hX/8POob3ISrTejhik18dxAPLB9H3iVl1aOHhszsrAYB26IfujY/FxRqIrn8v+H2aFen3oowRjd/wTPtc/rLZj/7n6/Sl3NDzOE+jIYYG7yym7lkUM9Z,iv:oS01iUSG0ufUzIsfPD/jF3/TPEDDBp+CnnLQnyze8dM=,tag:mtmY3OVz3k7eu5Lxe14KLg==,type:str]
sops: sops:
age: age:
- recipient: age1z6f643a6vqm7cqh6fna5dhmxfkgwxgqy8kg9s0vf9uxhaswtngtspmqsjw - recipient: age1z6f643a6vqm7cqh6fna5dhmxfkgwxgqy8kg9s0vf9uxhaswtngtspmqsjw
@ -20,7 +20,7 @@ sops:
eWFnVWcrUVpRVDQveTloWk9LVm4yd28KppalVePvXwPks+2TKHqG8a+uZjpgQo3I eWFnVWcrUVpRVDQveTloWk9LVm4yd28KppalVePvXwPks+2TKHqG8a+uZjpgQo3I
edhrdNan56Ly5mLFyXmGlww88nqQMTZq4DODtyfF4+rRlyv0i4AEEg== edhrdNan56Ly5mLFyXmGlww88nqQMTZq4DODtyfF4+rRlyv0i4AEEg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-22T05:44:47Z" lastmodified: "2025-10-15T08:06:35Z"
mac: ENC[AES256_GCM,data:DODaAnKe5ExNhXxfOq874bXGy44A3aw+KWnpeDr3OAbocVMvM0uE55r0x9JEbMakVWiDZq0SCP2K6XiTT74hX90tmwvl8jr9HYqAqscOZ75mRfc2NmZJRWuxJj6nA0U+4/A6dm2ftSXP09rH/WjKGpLObLbpOKQledM+U5Ggzjo=,iv:WEhgMOX+L471+ZrBicoBsJAlTxLl9Nc608SPJ3p6XpY=,tag:e/eKKmy4Z8+mC9Ixg0X6+A==,type:str] mac: ENC[AES256_GCM,data:sinK5N+aY4PwsqtHhyAI5a6YU7uhKkh5APrtQorgCYHJ1Q3p3Fit//UOnY86kK/CiXS/OQ6oZZi5XjJOKULThp8X2JSu1iAdBK2Sl11AD1kGyDb69vuYr3PlAFWDdp5mbjMAPACukUpeiIL9jfZWL06WqzGSz73hDHP3T90BZAE=,iv:bcT/JWtuy74/5B/S4vzEgv8Vcnw8aMGNr8f2ON7uJI0=,tag:iA/iW+TFxyW1PWZKtr+Kqw==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.11.0

1
system/dev/dn-lap/utility/default.nix
View file

@ -1,5 +1,6 @@
{ {
imports = [ imports = [
(import ../../../modules/airplay.nix { }) (import ../../../modules/airplay.nix { })
(import ../../../modules/localsend.nix { })
]; ];
} }

3
system/dev/dn-server/services/nextcloud.nix
View file

@ -6,6 +6,9 @@
adminpassFile = config.sops.secrets."nextcloud/adminPassword".path; adminpassFile = config.sops.secrets."nextcloud/adminPassword".path;
trusted-domains = [ "nextcloud.daccc.info" ]; trusted-domains = [ "nextcloud.daccc.info" ];
trusted-proxies = [ "10.0.0.0/24" ]; trusted-proxies = [ "10.0.0.0/24" ];
whiteboardSecrets = [
config.sops.secrets."nextcloud/whiteboard".path
];
}) })
]; ];
} }

10
system/dev/dn-server/services/paperless-ngx.nix
View file

@ -6,4 +6,14 @@
passwordFile = config.sops.secrets."paperless/adminPassword".path; passwordFile = config.sops.secrets."paperless/adminPassword".path;
}) })
]; ];
# OIDC
services.paperless = {
settings = {
PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect";
PAPERLESS_SOCIAL_AUTO_SIGNUP = true;
PAPERLESS_SOCIAL_ALLOW_SIGNUPS = true;
};
environmentFile = config.sops.secrets."paperless/envFile".path;
};
} }

35
system/dev/dn-server/sops/secret.yaml
View file

File diff suppressed because one or more lines are too long

6
system/dev/dn-server/sops/sops-conf.nix
View file

@ -6,6 +6,9 @@ in
sops.secrets = { sops.secrets = {
"wireguard/privateKey" = { }; "wireguard/privateKey" = { };
"nextcloud/adminPassword" = { }; "nextcloud/adminPassword" = { };
"nextcloud/whiteboard" = {
owner = "nextcloud";
};
"step_ca/password" = { }; "step_ca/password" = { };
vaultwarden = { }; vaultwarden = { };
"oauth/password" = { }; "oauth/password" = { };
@ -67,6 +70,9 @@ in
"paperless/adminPassword" = mkIf config.services.paperless.enable { "paperless/adminPassword" = mkIf config.services.paperless.enable {
owner = config.services.paperless.user; owner = config.services.paperless.user;
}; };
"paperless/envFile" = mkIf config.services.paperless.enable {
owner = config.services.paperless.user;
};
"atticd/secret" = mkIf config.services.atticd.enable { }; "atticd/secret" = mkIf config.services.atticd.enable { };
"docmost" = { }; "docmost" = { };
"crowdsec/lapi.yaml" = mkIf config.services.crowdsec.enable { "crowdsec/lapi.yaml" = mkIf config.services.crowdsec.enable {

41
system/modules/nextcloud.nix
View file

@ -6,6 +6,7 @@
configureACME ? true, configureACME ? true,
trusted-domains ? [ ], trusted-domains ? [ ],
trusted-proxies ? [ ], trusted-proxies ? [ ],
whiteboardSecrets ? [ ],
}: }:
{ {
config, config,
@ -14,7 +15,7 @@
... ...
}: }:
let let
inherit (lib) mkIf; inherit (lib) mkIf optionalString;
nextcloudPkg = pkgs.nextcloud32.overrideAttrs (oldAttr: rec { nextcloudPkg = pkgs.nextcloud32.overrideAttrs (oldAttr: rec {
caBundle = config.security.pki.caBundle; caBundle = config.security.pki.caBundle;
@ -22,6 +23,28 @@ let
cp ${caBundle} resources/config/ca-bundle.crt cp ${caBundle} resources/config/ca-bundle.crt
''; '';
}); });
# Patch for downloading models. Hardcoded to `/var/lib/nextcloud/models`
recognize = pkgs.stdenvNoCC.mkDerivation (finalAttrs: {
pname = "recognize-patched";
version = "10.0.4";
src = pkgs.fetchNextcloudApp {
url = "https://github.com/nextcloud/recognize/releases/download/v10.0.4/recognize-10.0.4.tar.gz";
sha256 = "sha256-/RHnnvGJMcxe4EuceYc20xh3qkYy1ZzGsyvp0h03eLk=";
license = "agpl3Plus";
};
patches = [
../../pkgs/patches/nextcloud_recognize_models_path.patch
];
installPhase = ''
mkdir -p $out
cp -r . $out/
'';
});
in in
{ {
imports = [ imports = [
@ -64,8 +87,11 @@ in
calendar calendar
whiteboard whiteboard
user_oidc user_oidc
memories
; ;
inherit recognize;
camerarawpreviews = pkgs.fetchNextcloudApp { camerarawpreviews = pkgs.fetchNextcloudApp {
url = "https://github.com/ariselseng/camerarawpreviews/releases/download/v0.8.8/camerarawpreviews_nextcloud.tar.gz"; url = "https://github.com/ariselseng/camerarawpreviews/releases/download/v0.8.8/camerarawpreviews_nextcloud.tar.gz";
sha256 = "sha256-Pnjm38hn90oV3l4cPAnQ+oeO6x57iyqkm80jZGqDo1I="; sha256 = "sha256-Pnjm38hn90oV3l4cPAnQ+oeO6x57iyqkm80jZGqDo1I=";
@ -103,9 +129,22 @@ in
}; };
}; };
services.nextcloud-whiteboard-server = {
enable = true;
settings = {
NEXTCLOUD_URL = "http${optionalString configureACME "s"}://${hostname}";
PORT = "3002";
};
secrets = whiteboardSecrets;
};
services.nginx.virtualHosts.${hostname} = mkIf configureACME { services.nginx.virtualHosts.${hostname} = mkIf configureACME {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/whiteboard/" = {
proxyWebsockets = true;
proxyPass = "http://127.0.0.1:${config.services.nextcloud-whiteboard-server.settings.PORT}/";
};
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

10
system/modules/paperless-ngx.nix
View file

@ -1,8 +1,12 @@
{ {
domain ? "localhost", domain ? "localhost",
configureNginx ? true,
passwordFile, passwordFile,
}: }:
{ config, ... }: { config, lib, ... }:
let
inherit (lib) mkIf optionalString;
in
{ {
services.paperless = { services.paperless = {
enable = true; enable = true;
@ -18,13 +22,13 @@
optimize = 1; optimize = 1;
pdfa_image_compression = "lossless"; pdfa_image_compression = "lossless";
}; };
PAPERLESS_URL = "https://${domain}"; PAPERLESS_URL = "http${optionalString configureNginx "s"}://${domain}";
}; };
configureTika = true; configureTika = true;
database.createLocally = true; database.createLocally = true;
}; };
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = mkIf configureNginx {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/".proxyPass = "http://localhost:${toString config.services.paperless.port}"; locations."/".proxyPass = "http://localhost:${toString config.services.paperless.port}";