oqyude/nixos
1
0
Fork 0
mirror of https://github.com/oqyude/nixos.git synced 2026-06-10 20:20:41 +03:00
Code Issues Packages Projects Releases Wiki Activity

sops and onlyoffice evolution

Browse Source
This commit is contained in:
Jor Oqyude
2026-03-30 13:38:59 +03:00
parent 7d731bd1c4
commit 5909a72654
5 changed files with 77 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/server/nextcloud.nix
+41 -5
View File
@@ -20,7 +20,7 @@ in
settings = { settings = {
NEXTCLOUD_URL = "http://nextcloud-private.local"; NEXTCLOUD_URL = "http://nextcloud-private.local";
}; };
secrets = [ "${inputs.zeroq-credentials}/services/nextcloud/jwt-secret.txt" ]; secrets = [ config.sops.secrets.nextcloud-whiteboard-jwt.path ];
}; };
nextcloud = { nextcloud = {
enable = true; enable = true;
@@ -39,7 +39,7 @@ in
dbuser = "nextcloud"; dbuser = "nextcloud";
dbname = "nextcloud"; dbname = "nextcloud";
adminuser = "oqyude"; adminuser = "oqyude";
adminpassFile = "${inputs.zeroq-credentials}/services/nextcloud/admin-pass.txt"; adminpassFile = config.sops.secrets.nextcloud-adminpass.path;
}; };
settings = { settings = {
log_type = "file"; log_type = "file";
@@ -89,7 +89,7 @@ in
music music
tasks tasks
# news # news
# notes notes
# notify_push # notify_push
polls polls
previewgenerator previewgenerator
@@ -133,9 +133,10 @@ in
}; };
}; };
onlyoffice = { onlyoffice = {
enable = false; enable = true;
hostname = "0.0.0.0"; hostname = "0.0.0.0";
jwtSecretFile = "${inputs.zeroq-credentials}/services/onlyoffice/jwt.txt"; jwtSecretFile = config.sops.secrets.onlyoffice-jwt.path;
securityNonceFile = config.sops.secrets.onlyoffice-nonce.path;
}; };
}; };
@@ -187,4 +188,39 @@ in
environment.systemPackages = [ environment.systemPackages = [
pkgs.nc4nix # Packaging helper for Nextcloud apps pkgs.nc4nix # Packaging helper for Nextcloud apps
]; ];
sops.secrets = {
nextcloud-adminpass = {
format = "yaml";
key = "adminpass";
sopsFile = ./secrets/nextcloud.yaml;
owner = "nextcloud";
group = "nextcloud";
mode = "0650";
};
nextcloud-whiteboard-jwt = {
format = "yaml";
key = "whiteboard-jwt";
sopsFile = ./secrets/nextcloud.yaml;
owner = "nextcloud";
group = "nextcloud";
mode = "0650";
};
onlyoffice-nonce = {
format = "yaml";
key = "nonce";
sopsFile = ./secrets/onlyoffice.yaml;
owner = "onlyoffice";
group = "onlyoffice";
mode = "0650";
};
onlyoffice-jwt = {
format = "yaml";
key = "jwt";
sopsFile = ./secrets/onlyoffice.yaml;
owner = "onlyoffice";
group = "onlyoffice";
mode = "0650";
};
};
} }
modules/server/nginx.nix
+1 -1
View File
@@ -96,7 +96,7 @@ in
forceSSL = false; forceSSL = false;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://${server}:9980"; proxyPass = "http://${server}:8000"; # 9980
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
modules/server/secrets/nextcloud.yaml
+17
View File
@@ -0,0 +1,17 @@
adminpass: ENC[AES256_GCM,data:Fm+Q6YWXxouP5cX2WHU05Jr49FU=,iv:Exf/li6bL6xpR9HQ8XDDSprjx4ltHkJFl99Ga+gXwmQ=,tag:iB9d5O4982tr7lPu1nWccQ==,type:str]
whiteboard-jwt: ENC[AES256_GCM,data:5i+x8VODrBIhGEWS5Ua6lrk7tsfk6xTa/1qm1rXe4A==,iv:2gFEeudip7BxJh553QtZ1CZo9T8jro3Q/Afdo8ouHtw=,tag:HgBM9ta41rhXJlsQJ+asFg==,type:str]
sops:
age:
- recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxNWFiUlZXMEEvNll0aFFk
UldxNitqaDgyenBFeWRhLzUxSVVhQk55Q1FBCkdLU3p4S0NTOVhERkRoaWVwbWVB
cUxwdkJnQ1IyNzFTaVJvVXRwbElYbVkKLS0tIDQ5ejZvRks5U0tPU0w0WXdtM0ht
WGVQYjZtaHhaeC9pMzYxYmxTcVNtYk0KKxXXNA9h0fs+mA6U/Vsyg+q1CPl5hFrI
Ozjqh+dzwajQeqkCPUdCsoeIWsvBY2Cyabvs+f0zj8S00faXb8rVQQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-03-30T12:49:45Z"
mac: ENC[AES256_GCM,data:1EkbMGa6nK53GqGWYvXZP+sqy91AldGKy/32CVPshZwvTzJtk/VeK3W9A3fIGwvo7gl+QVWJmSiqrOTql4v+U4Yi3jVLEXsHXA5Bh28aJ7Ng9nkZmI10K7oaYF1xWNxzwss4gcDNIuomK+wG1WNLaiLbxwCBkN6xHugWQ4F+DLs=,iv:UmI6nC7dIHGeas54taf5kTIINvyd8YXyOVdIYghwHmE=,tag:VxdJLXRYin8D07r6CCA00A==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2
modules/server/secrets/onlyoffice.yaml
+17
View File
@@ -0,0 +1,17 @@
jwt: ENC[AES256_GCM,data:Mp+eAh0Nle0QDfo92isNLwvHn/E=,iv:0FLK/8QpmX5Mv7IXMy04AJAgUknp5DATpD0acyPqrUg=,tag:rP9x3G8WIDG6KWSjqPXulQ==,type:str]
nonce: ENC[AES256_GCM,data:8/xWIu/9rl4LrPIGBRvcIaPEwCslsRbkMqJDV9P8sqfeE2Le2SnmVLKt,iv:DHxrKOzJSekKY2TlN+iBwd2HbWV0pCid+qM2xufhbrw=,tag:o0OvJUxYSyXFtyPkfh0XLA==,type:str]
sops:
age:
- recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSzIwWlBrWFJWVHpIUVJk
eHh1MkYza28yeU54OWczY1ZjYmJHOFI3dXc4ClVKUVpoUWZTR0g5L2FTd0l4NzUr
R0xlYTJVQ1VLQXJuSGZJUE1Bd3Jsa00KLS0tIExPSi9Ob0ErSTRZQlhlTGN5WUV0
dm4xa25tSmN3VjlPaWpBWnhJdklqWEEK+sD+lvwQGjNkOic3ZCo2VGQ/+p2Nhmm+
g846YrGljYOib6hNryEhZWe0KmaDhn24vnEK5NS4WtqqwV+IhCZbmg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-03-30T12:49:52Z"
mac: ENC[AES256_GCM,data:OwORTRiRUImde7dlmsHuUNkln491biD8Z61nr8BPM5ATJqPug7sQzkpzGVVASmrpjtCi3lbn7XU8Fz6jLwODj9TRDOfazrlS1Oo6sE0d1yNXNbmIgK7+riNT7RtsGtAzgiNcYm+c8F9aa+UJ8Ctx20ejLBz/ZG/NjqTDVcgWgSk=,iv:DSDWrHyl9QBeyeC5r812IkBZjFwZ+VQdpBGIk/fFqiA=,tag:EvMW3Ef17IIEsg8zc8SykQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2
modules/vds/nginx.nix
+1 -1
View File
@@ -124,7 +124,7 @@ in
forceSSL = true; forceSSL = true;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://${server}:9980"; proxyPass = "http://${server}:8000"; # 9980
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };