From 74b0efc9eea7c4d0f73be882a20a30c0a52cd0bb Mon Sep 17 00:00:00 2001
From: xeovalyte <me+gitea@xeovalyte.dev>
Date: Wed, 23 Oct 2024 10:12:13 +0200
Subject: [PATCH] Added nextcloud and immich

---
 homelab/authelia/config/configuration.yml |  9 +++
 homelab/caddy/caddyfiles/routes/immich    |  4 ++
 homelab/caddy/caddyfiles/routes/nextcloud | 12 ++++
 homelab/caddy/docker-compose.yml          |  2 +
 homelab/forgejo/config/app.ini            |  8 +--
 homelab/forgejo/docker-compose.yml        |  2 +-
 homelab/homepage/config/services.yaml     |  1 +
 homelab/immich/docker-compose.yml         | 78 +++++++++++++++++++++++
 homelab/nextcloud/docker-compose.yml      | 54 ++++++++++++++++
 hosts/pm01vm01/hardware-configuration.nix |  6 +-
 10 files changed, 168 insertions(+), 8 deletions(-)
 create mode 100644 homelab/caddy/caddyfiles/routes/immich
 create mode 100644 homelab/caddy/caddyfiles/routes/nextcloud
 create mode 100644 homelab/immich/docker-compose.yml
 create mode 100644 homelab/nextcloud/docker-compose.yml

diff --git a/homelab/authelia/config/configuration.yml b/homelab/authelia/config/configuration.yml
index efaea8c..c519e55 100644
--- a/homelab/authelia/config/configuration.yml
+++ b/homelab/authelia/config/configuration.yml
@@ -642,12 +642,21 @@ access_control:
     - domain: 'bitwarden.timo.bmrs.nl'
       policy: 'two_factor'
 
+    - domain: 'cloud.timo.bmrs.nl'
+      policy: 'bypass'
+
+    - domain: 'office.timo.bmrs.nl'
+      policy: 'bypass'
+
     - domain: 'git.timo.bmrs.nl'
       policy: 'bypass'
 
     - domain: 'home.timo.bmrs.nl'
       policy: 'one_factor'
 
+    - domain: 'immich.timo.bmrs.nl'
+      policy: 'bypass'
+
     - domain: 'ldap.timo.bmrs.nl'
       policy: 'two_factor'
       subject: 'group:admin'
diff --git a/homelab/caddy/caddyfiles/routes/immich b/homelab/caddy/caddyfiles/routes/immich
new file mode 100644
index 0000000..1917d19
--- /dev/null
+++ b/homelab/caddy/caddyfiles/routes/immich
@@ -0,0 +1,4 @@
+@immich host immich.timo.bmrs.nl
+handle @immich {
+	reverse_proxy immich:2283
+}
diff --git a/homelab/caddy/caddyfiles/routes/nextcloud b/homelab/caddy/caddyfiles/routes/nextcloud
new file mode 100644
index 0000000..54e6317
--- /dev/null
+++ b/homelab/caddy/caddyfiles/routes/nextcloud
@@ -0,0 +1,12 @@
+@nextcloud host cloud.timo.bmrs.nl
+handle @nextcloud {
+	redir /.well-known/carddav /remote.php/dav/ 301
+    redir /.well-known/caldav /remote.php/dav/ 301
+
+	reverse_proxy nextcloud:80
+}
+
+@office host office.timo.bmrs.nl
+handle @office {
+	reverse_proxy nextcloud-office:9980
+}
diff --git a/homelab/caddy/docker-compose.yml b/homelab/caddy/docker-compose.yml
index 75521f0..43a8ca9 100644
--- a/homelab/caddy/docker-compose.yml
+++ b/homelab/caddy/docker-compose.yml
@@ -20,6 +20,8 @@ services:
       proxy:
         aliases:
           - auth.timo.bmrs.nl
+          - cloud.timo.bmrs.nl
+          - office.timo.bmrs.nl
 
 volumes:
   data:
diff --git a/homelab/forgejo/config/app.ini b/homelab/forgejo/config/app.ini
index ef88d13..1622aa2 100644
--- a/homelab/forgejo/config/app.ini
+++ b/homelab/forgejo/config/app.ini
@@ -355,10 +355,10 @@ RUN_USER = ; git
 ;;
 ;; MySQL Configuration
 ;;
-DB_TYPE = mysql
-HOST = 127.0.0.1:3306 ; can use socket e.g. /var/run/mysqld/mysqld.sock
-NAME = gitea
-USER = root
+;DB_TYPE = mysql
+;HOST = 127.0.0.1:3306 ; can use socket e.g. /var/run/mysqld/mysqld.sock
+;NAME = gitea
+;USER = root
 ;PASSWD = ;Use PASSWD = `your password` for quoting if you use special characters in the password.
 ;SSL_MODE = false ; either "false" (default), "true", or "skip-verify"
 ;CHARSET_COLLATION = ; Empty as default, Gitea will try to find a case-sensitive collation. Don't change it unless you clearly know what you need.
diff --git a/homelab/forgejo/docker-compose.yml b/homelab/forgejo/docker-compose.yml
index 4d94bec..1838b55 100644
--- a/homelab/forgejo/docker-compose.yml
+++ b/homelab/forgejo/docker-compose.yml
@@ -14,7 +14,7 @@ services:
       - /etc/localtime:/etc/localtime:ro 
     environment:
       FORGEJO__database__DB_TYPE: postgres
-      FORGEJO__database__HOST: "db:5432"
+      FORGEJO__database__HOST: "forgejo-db"
       FORGEJO__database__NAME: forgejo
       FORGEJO__database__USER: forgejo
       FORGEJO__database__PASSWD: ${DB_PASSWORD}
diff --git a/homelab/homepage/config/services.yaml b/homelab/homepage/config/services.yaml
index 0f5bf15..36bd6a2 100644
--- a/homelab/homepage/config/services.yaml
+++ b/homelab/homepage/config/services.yaml
@@ -51,5 +51,6 @@
 
     - LLDAP:
         description: Active directory
+        href: https://ldap.timo.bmrs.nl/
         server: docker
         container: lldap
diff --git a/homelab/immich/docker-compose.yml b/homelab/immich/docker-compose.yml
new file mode 100644
index 0000000..41a0af1
--- /dev/null
+++ b/homelab/immich/docker-compose.yml
@@ -0,0 +1,78 @@
+services:
+  immich:
+    image: ghcr.io/immich-app/immich-server:release
+    container_name: immich
+    restart: unless-stopped
+    volumes:
+      - data:/usr/src/app/upload
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      DB_HOSTNAME: "immich-db"
+    env_file:
+      - .env
+    depends_on:
+      - redis
+      - db
+
+  immich-machine-learning:
+    image: ghcr.io/immich-app/immich-machine-learning:release
+    container_name: immich-machine-learning
+    restart: unless-stopped
+    volumes:
+      - cache:/cache
+    env_file:
+      - .env
+
+  redis:
+    image: docker.io/redis:6.2-alpine@sha256:2ba50e1ac3a0ea17b736ce9db2b0a9f6f8b85d4c27d5f5accc6a416d8f42c6d5
+    container_name: immich-redis
+    restart: unless-stopped
+    healthcheck:
+      test: redis-cli ping || exit 1
+    volumes:
+      - data_redis:/data
+
+  db:
+    image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
+    container_name: immich-db
+    restart: unless-stopped
+    volumes:
+      # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
+      - data_db:/var/lib/postgresql/data
+    healthcheck:
+      test: pg_isready --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
+      interval: 5m
+      start_interval: 30s
+      start_period: 5m
+    command:
+      [
+        'postgres',
+        '-c',
+        'shared_preload_libraries=vectors.so',
+        '-c',
+        'search_path="$$user", public, vectors',
+        '-c',
+        'logging_collector=on',
+        '-c',
+        'max_wal_size=2GB',
+        '-c',
+        'shared_buffers=512MB',
+        '-c',
+        'wal_compression=on',
+      ]
+    environment:
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+      POSTGRES_USER: ${DB_USERNAME}
+      POSTGRES_DB: ${DB_DATABASE_NAME}
+      POSTGRES_INITDB_ARGS: '--data-checksums'
+
+volumes:
+  data:
+  data_db:
+  data_redis:
+  cache:
+
+networks:
+  default:
+    name: proxy
+    external: true
diff --git a/homelab/nextcloud/docker-compose.yml b/homelab/nextcloud/docker-compose.yml
new file mode 100644
index 0000000..c770010
--- /dev/null
+++ b/homelab/nextcloud/docker-compose.yml
@@ -0,0 +1,54 @@
+services:
+  nextcloud:
+    image: nextcloud:apache
+    container_name: nextcloud
+    restart: unless-stopped
+    volumes:
+      - data:/var/www/html
+    environment:
+      POSTGRES_HOST: nextcloud-db
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      POSTGRES_DB: nextcloud
+      POSTGRES_USER: nextcloud
+      REDIS_HOST: nextcloud-redis
+      TRUSTED_PROXIES: "172.23.0.0/24"
+    depends_on:
+      - db
+      - redis
+
+  db:
+    image: postgres:16
+    container_name: nextcloud-db
+    restart: unless-stopped
+    volumes:
+      - data_db:/var/lib/postgresql/data
+    environment:
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      POSTGRES_DB: nextcloud
+      POSTGRES_USER: nextcloud
+
+  redis:
+    image: redis:alpine
+    container_name: nextcloud-redis
+    restart: unless-stopped
+    volumes:
+      - data_redis:/data
+
+  office:
+    image: collabora/code
+    container_name: nextcloud-office
+    restart: unless-stopped
+    environment:
+      DOMAIN: "cloud.timo.bmrs.nl"
+      extra_params: "--o:ssl.enable=false --o:ssl.termination=true"
+
+
+volumes:
+  data:
+  data_db:
+  data_redis:
+
+networks:
+  default:
+    name: proxy
+    external: true
diff --git a/hosts/pm01vm01/hardware-configuration.nix b/hosts/pm01vm01/hardware-configuration.nix
index 466f457..604b147 100644
--- a/hosts/pm01vm01/hardware-configuration.nix
+++ b/hosts/pm01vm01/hardware-configuration.nix
@@ -24,9 +24,9 @@
       options = [ "fmask=0077" "dmask=0077" ];
     };
 
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/f8c0a59c-7e1a-4eb7-960e-20ba65fec156"; }
-    ];
+  # swapDevices =
+  #   [ { device = "/dev/disk/by-uuid/f8c0a59c-7e1a-4eb7-960e-20ba65fec156"; }
+  #   ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's