Nix configurations for my homelab
Use rclone for nextcloud instead of nextcloud client
The nextcloud client requires user interaction with the secret service
and since im in the process of setting up autostarting for frequently
used applications, I'd rather not have this.
Additionally, this means I won't have every single file in a sync on
my machine at once which will help with space savings.
+91
-25
+21
-21
flake.lock
+21
-21
flake.lock
···
111
111
]
112
112
},
113
113
"locked": {
114
-
"lastModified": 1763416652,
115
-
"narHash": "sha256-8EBEEvtzQ11LCxpQHMNEBQAGtQiCu/pqP9zSovDSbNM=",
114
+
"lastModified": 1764788330,
115
+
"narHash": "sha256-hE/gXK+Z0j654T0tsW+KcndRqsgZXe8HyWchjBJgQpw=",
116
116
"owner": "nix-community",
117
117
"repo": "home-manager",
118
-
"rev": "ea164b7c9ccdc2321379c2ff78fd4317b4c41312",
118
+
"rev": "fca4cba863e76c26cfe48e5903c2ff4bac2b2d5d",
119
119
"type": "github"
120
120
},
121
121
"original": {
···
220
220
},
221
221
"nixpkgs": {
222
222
"locked": {
223
-
"lastModified": 1763553727,
224
-
"narHash": "sha256-4aRqRkYHplWk0mrtoF5i3Uo73E3niOWiUZU8kmPm9hQ=",
223
+
"lastModified": 1764811743,
224
+
"narHash": "sha256-Ypfd8oBuG3HWtzcY7VtYiI6Pawznag7YHWy8RoOfiBs=",
225
225
"owner": "NixOS",
226
226
"repo": "nixpkgs",
227
-
"rev": "094318ea16502a7a81ce90dd3638697020f030a2",
227
+
"rev": "4a6ebaabd716d6479b39fa234a8f895f0ec1cb88",
228
228
"type": "github"
229
229
},
230
230
"original": {
···
252
252
},
253
253
"nixpkgs-stable": {
254
254
"locked": {
255
-
"lastModified": 1763608124,
256
-
"narHash": "sha256-zlZnIcby+AdBREjjqOG7xLamvs2RljQ48dyUwYFD6oM=",
255
+
"lastModified": 1764769562,
256
+
"narHash": "sha256-Lx/5433PaXsAe58ng9teZ3LpHbVLTZ0Ue6WewpkAWcM=",
257
257
"owner": "NixOS",
258
258
"repo": "nixpkgs",
259
-
"rev": "f6af808f2d4b1d2feb64ec2d9901b322e980938a",
259
+
"rev": "6d76c70a214229ada04edc84b25be34f3dc34dd3",
260
260
"type": "github"
261
261
},
262
262
"original": {
···
268
268
},
269
269
"nixpkgs-unstable": {
270
270
"locked": {
271
-
"lastModified": 1763421233,
272
-
"narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=",
271
+
"lastModified": 1764667669,
272
+
"narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=",
273
273
"owner": "NixOS",
274
274
"repo": "nixpkgs",
275
-
"rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648",
275
+
"rev": "418468ac9527e799809c900eda37cbff999199b6",
276
276
"type": "github"
277
277
},
278
278
"original": {
···
300
300
},
301
301
"nixpkgs_3": {
302
302
"locked": {
303
-
"lastModified": 1763191728,
304
-
"narHash": "sha256-esRhOS0APE6k40Hs/jjReXg+rx+J5LkWw7cuWFKlwYA=",
303
+
"lastModified": 1764445028,
304
+
"narHash": "sha256-ik6H/0Zl+qHYDKTXFPpzuVHSZE+uvVz2XQuQd1IVXzo=",
305
305
"owner": "NixOS",
306
306
"repo": "nixpkgs",
307
-
"rev": "1d4c88323ac36805d09657d13a5273aea1b34f0c",
307
+
"rev": "a09378c0108815dbf3961a0e085936f4146ec415",
308
308
"type": "github"
309
309
},
310
310
"original": {
···
338
338
"rust-overlay": "rust-overlay"
339
339
},
340
340
"locked": {
341
-
"lastModified": 1763583727,
342
-
"narHash": "sha256-nhEg5l2h9fjqjFyBd+85laV6A3coUIN2UFhGoHJJxSI=",
341
+
"lastModified": 1764805253,
342
+
"narHash": "sha256-uGyOlk8bB0Eno/qQl6bk3gF1FerlYFAAJFwYsD7mmJc=",
343
343
"owner": "roc-lang",
344
344
"repo": "roc",
345
-
"rev": "2fc3b7afb622fcc66d899975ba6a208e1c1d199e",
345
+
"rev": "bb17e26f7bd1aa51ce8e18a2a795eab9d07369a9",
346
346
"type": "github"
347
347
},
348
348
"original": {
···
392
392
"nixpkgs": "nixpkgs_3"
393
393
},
394
394
"locked": {
395
-
"lastModified": 1763607916,
396
-
"narHash": "sha256-VefBA1JWRXM929mBAFohFUtQJLUnEwZ2vmYUNkFnSjE=",
395
+
"lastModified": 1764483358,
396
+
"narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=",
397
397
"owner": "Mic92",
398
398
"repo": "sops-nix",
399
-
"rev": "877bb495a6f8faf0d89fc10bd142c4b7ed2bcc0b",
399
+
"rev": "5aca6ff67264321d47856a2ed183729271107c9c",
400
400
"type": "github"
401
401
},
402
402
"original": {
+64
-2
modules/cloud-storage.nix
+64
-2
modules/cloud-storage.nix
···
1
-
{ pkgs, ... }:
1
+
{
2
+
config,
3
+
lib,
4
+
pkgs,
5
+
...
6
+
}:
2
7
{
3
-
users.users.mou.packages = with pkgs; [ nextcloud-client ];
8
+
sops = {
9
+
secrets = {
10
+
"rclone-nextcloud/url" = { };
11
+
"rclone-nextcloud/user" = { };
12
+
"rclone-nextcloud/password" = { };
13
+
};
14
+
templates.rclone-nextcloud-config.content = lib.generators.toINI { } {
15
+
nextcloud = {
16
+
type = "webdav";
17
+
url = config.sops.placeholder."rclone-nextcloud/url";
18
+
vendor = "nextcloud";
19
+
user = config.sops.placeholder."rclone-nextcloud/user";
20
+
pass = config.sops.placeholder."rclone-nextcloud/password";
21
+
};
22
+
};
23
+
};
24
+
25
+
environment.persistence."/data/persistent".directories = [
26
+
{
27
+
directory = "/var/cache/rclone";
28
+
mode = "0700";
29
+
}
30
+
];
31
+
32
+
systemd.services.rclone-nextcloud = {
33
+
enable = true;
34
+
description = "NextCloud VFS (rclone)";
35
+
after = [ "network-online.target" ];
36
+
wants = [ "network-online.target" ];
37
+
wantedBy = [ "multi-user.target" ];
38
+
serviceConfig = {
39
+
Type = "notify";
40
+
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /media/nextcloud";
41
+
ExecStart =
42
+
let
43
+
args = [
44
+
"--config ${config.sops.templates.rclone-nextcloud-config.path}"
45
+
"--cache-dir /var/cache/rclone/nextcloud"
46
+
# "--dir-cache-time 5m" # This is the default
47
+
# "--poll-interval 1m" # This is the default
48
+
"--vfs-cache-mode writes"
49
+
"--webdav-nextcloud-chunk-size 2Gi"
50
+
"--checksum"
51
+
"--track-renames"
52
+
"--allow-other"
53
+
"--uid 1000"
54
+
"--gid 1000"
55
+
"--dir-perms 0770"
56
+
"--file-perms 0660"
57
+
"--umask 007"
58
+
];
59
+
in
60
+
"${pkgs.rclone}/bin/rclone mount nextcloud:/ /media/nextcloud ${lib.strings.join " " args}";
61
+
ExecStop = "${pkgs.fuse3}/bin/fusermount3 -z /media/nextcloud";
62
+
Restart = "on-failure";
63
+
};
64
+
restartTriggers = [ config.sops.secrets."rclone-nextcloud/password".sopsFileHash ];
65
+
};
4
66
}
+6
-2
secrets/lutea.yaml
+6
-2
secrets/lutea.yaml
···
5
5
protonvpn-torrent:
6
6
private-key: ENC[AES256_GCM,data:RrXsojuB1y2cFD8yHWvK6NxoANfwPrRA0m+AL/5tmwcLtSWWgxoirucx7M8=,iv:GKUz7QIWeTZmN5G7nFHsn68rJNpG+hqPDL+JNUqLJGA=,tag:lJACT6FYjQEXQylsTd3OTA==,type:str]
7
7
public-key: ENC[AES256_GCM,data:nXscOyxUTkXQN/fuHn6FxmAiNDXANBv2UPBOhiknGYN3xH9HK68psdS/yNA=,iv:5OEd8qo1ITTgyOGL1zCjk7ard2mO9k5BXuabZ8GDyfI=,tag:2oUui7PS2R5tFfhmRoazvQ==,type:str]
8
+
rclone-nextcloud:
9
+
url: ENC[AES256_GCM,data:rKYE/vwUHXCDXvYBP2DLPS7Ua83FOY3Pajas7/ue2Gzag9ALvT4+Bl/WUeBl0K+kbiWy,iv:JupnQYmT0mWuJ5DP5HH77CCfJ7JGB7vzs84ZyM4OAFE=,tag:x6bRgrN8e1LHVEMI40hveg==,type:str]
10
+
user: ENC[AES256_GCM,data:hGfcQ14=,iv:GA9zY8QmNYuj/DRPEWl4OWxY8IQ9bw+OzZg/j9JcnXc=,tag:0grJZ75HbsRpeOTlPjzFbg==,type:str]
11
+
password: ENC[AES256_GCM,data:AP6JhAreTu7hORjZR5qFcO+3GQAZMIj+OZposHX8CYbFqFGHpQiC5GvVsQBmWffx8vYg3x+3qsyia6me,iv:TVei1Xpn52fq+rBr5hKpHCFstJowqabLrlOw/jiRUd0=,tag:Imm+2C2gmlMjZJXqnxropg==,type:str]
8
12
sops:
9
13
age:
10
14
- recipient: age1p55em5e3uk3fprj2mpum7ulrslcqgly63pjsyw2yv6hx99trdsnsvvv9ex
···
16
20
ZWI2RWEwZllOUDRYV2tCNXZnZFpBS1kKYktM+w+tQbJMcmZBUpuKpeiioChqrWzd
17
21
FU4qWfJw3tEZKdTWECGYaQuCUQm7s+PJBc1HQlxd+eFm8YZMPwoa/Q==
18
22
-----END AGE ENCRYPTED FILE-----
19
-
lastmodified: "2025-11-06T18:18:05Z"
20
-
mac: ENC[AES256_GCM,data:UVTm4DIK+qN+VpmoDYMOPAEunSu7r7i/qP42lbxS7157Tjt1g5+jziS5s5Jmyvu4XZ+zIKcOorfm5/18XbIYLSQJdSKKNbCh6vahSqOSludzXv89evTJx8gyw9W2uDLEpRYWWSl+llqsf6PkTaIfut4+6XqDWHUl6+cJAAvMNRM=,iv:JKD2RW0i1hLgekPXPAT8YlFxkietNN6DilKLCo6ilUI=,tag:7Oma9whDvpV+wwucAwqydw==,type:str]
23
+
lastmodified: "2025-12-02T07:06:57Z"
24
+
mac: ENC[AES256_GCM,data:7pymCS0iXDcCgkYNd15K7n0bfgX+DgGO81bAAHNciIAsuk2mxzBc4+pBbeBjoo5X8Pgrinhj26Od3xRJ+RpCqM20dYOkHqnBZ8KbX3Q3ZxnRJ2yACeMuTQHbnHNrWrHL0ZwqB7Rq6CYDrrpVyy/LdGZORu+vFaLQPK1GQKmozPM=,iv:YNtrhULRWU3SiNhndci04R7u13ZomTIl4MXQuu+8LXo=,tag:okZ7bSWlZYPaHl03Ynlfjg==,type:str]
21
25
unencrypted_suffix: _unencrypted
22
26
version: 3.11.0