diff --git a/configuration.nix b/configuration.nix index 94d599a..0f75873 100644 --- a/configuration.nix +++ b/configuration.nix @@ -76,10 +76,10 @@ in }; # Define a user account. Don't forget to set a password with ‘passwd’. -# users.users.nextcloud = { -# extraGroups = [ "nfsShare" ]; -# isSystemUser = true; -# }; + users.users.nextcloud = { + extraGroups = [ "nfsShare" ]; + isSystemUser = true; + }; # OpenGL and drivers hardware.opengl = { @@ -137,21 +137,22 @@ in }; }; -# # Nextcloud Proxy -# "cloud.${secrets.cornDomain}" = { -# enableACME = true; -# addSSL = true; -# locations."/" = { -# proxyWebsockets = true; -# extraConfig = '' -# location /.well-known/carddav { -# return 301 $scheme://$host/remote.php/dav; -# } -# location /.well-known/caldav { -# return 301 $scheme://$host/remote.php/dav; -# ''; -# }; -# }; + # Nextcloud Proxy + "cloud.${secrets.cornDomain}" = { + enableACME = true; + addSSL = true; + locations."/" = { + proxyWebsockets = true; + extraConfig = '' + location /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + location /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + ''; + }; + }; }; appendConfig = '' rtmp { @@ -169,23 +170,23 @@ in ''; }; -# # Nextcloud server -# services.nextcloud = { -# enable = true; -# package = pkgs.nextcloud29; -# hostName = "cloud.${secrets.cornDomain}"; -# datadir = "/nextcloud"; -# https = true; -# config = { -# adminuser = "freecorn"; -# adminpassFile = "/nextcloud/password.txt"; -# }; -# settings = { -# trusted_proxies = [ "127.0.0.1" ]; -# trusted_domains = [ "cloud.${secrets.cornDomain}" ]; -# overwriteprotocol = "https"; -# }; -# }; + # Nextcloud server + services.nextcloud = { + enable = true; + package = pkgs.nextcloud29; + hostName = "cloud.${secrets.cornDomain}"; + datadir = "/mnt/nextcloud"; + https = true; + config = { + adminuser = "freecorn"; + adminpassFile = "/mnt/nextcloud/password.txt"; + }; + settings = { + trusted_proxies = [ "127.0.0.1" ]; + trusted_domains = [ "cloud.${secrets.cornDomain}" ]; + overwriteprotocol = "https"; + }; + }; # Get certificates for Coturn security.acme = { @@ -226,11 +227,16 @@ in PrintLastLog = "no"; PasswordAuthentication = false; }; - ports = [ 69 ]; + openFirewall = true; }; # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ 1935 4455 80 443 1234 69 ]; + networking.firewall.allowedTCPPorts = [ + 1935 # RTMP + 4455 # VR + 80 443 # Nginx + 1234 # Something + ]; networking.firewall.allowedUDPPorts = [ 4455 ]; # Copy and link the NixOS configuration file to (/run/current-system/configuration.nix). diff --git a/freecorn.nix b/freecorn.nix index fc53adc..b04a817 100644 --- a/freecorn.nix +++ b/freecorn.nix @@ -3,6 +3,9 @@ users.users.freecorn = { description = "FreeCorn"; isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINoElXZvPDrpHQuTP9MtIgYXq1DA1F4IL2MIVdse48Nr techx18@freecornpc" + ]; extraGroups = [ "networkmanager" "wheel" diff --git a/jimbo.nix b/jimbo.nix index 8a657ce..9403602 100644 --- a/jimbo.nix +++ b/jimbo.nix @@ -1,25 +1,19 @@ -{ +{pkgs, ...}: let + secrets = import ./secrets.nix; +in { # Define a user account. Don't forget to set a password with ‘passwd’. users.users.jimbo = { description = "Jimbo"; isNormalUser = true; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPjBdQrL23pDbcsNCLMvJhcNF7+u95ZV7o1QemOmegf jimbo@JimDesktop" - ]; + openssh.authorizedKeys.keys = secrets.jimKeys; extraGroups = [ "networkmanager" "wheel" "nginx" ]; + shell = pkgs.zsh; }; - # Define home manager programs and configs - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - users.jimbo = { config, pkgs, ... }: { - # Don't change this - home.stateVersion = "24.05"; - }; - }; + # Enable ZSH + programs.zsh.enable = true; }