about summary refs log tree commit diff stats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--hosts/by-name/server2/configuration.nix5
-rw-r--r--hosts/by-name/server2/secrets/nextcloud/adminpassFile.age14
-rw-r--r--modules/by-name/co/constants/module.nix4
-rw-r--r--modules/by-name/ne/nextcloud/module.nix78
4 files changed, 101 insertions, 0 deletions
diff --git a/hosts/by-name/server2/configuration.nix b/hosts/by-name/server2/configuration.nix
index ffd212f..a11085e 100644
--- a/hosts/by-name/server2/configuration.nix
+++ b/hosts/by-name/server2/configuration.nix
@@ -61,6 +61,11 @@
       enable = true;
       fqdn = "mail.foss-syndicate.org";
     };
+    nextcloud = {
+      enable = true;
+      hostname = "nextcloud.vhack.eu";
+      adminpassFile = ./secrets/nextcloud/adminpassFile.age;
+    };
     nginx = {
       enable = true;
       redirects = {
diff --git a/hosts/by-name/server2/secrets/nextcloud/adminpassFile.age b/hosts/by-name/server2/secrets/nextcloud/adminpassFile.age
new file mode 100644
index 0000000..2b831f3
--- /dev/null
+++ b/hosts/by-name/server2/secrets/nextcloud/adminpassFile.age
@@ -0,0 +1,14 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxanRqM3pOT29DWitxUERF
+RjRURVZUWGpOSzFoZVpCSzJIN0RGZDAzWEZzCkczaExmOGgxQUQwV2NleUdHMXBB
+eTZLZXpGZE1hcXBhWWhVcEQ5OFBQWUkKLT4gWDI1NTE5IG5DVmlEaDhTWk9xaWs2
+TnF1K1ZtK2UyeDgvOEFlbVUzc0V1VnZoSmFobEkKczNrSGdwZEVxVFNES3dzcVgy
+SmRYNS9WR29mNGNCQW84bHZsZzNTRGZCQQotPiBzc2gtZWQyNTUxOSBYUG94RFEg
+Y2ZQd25odWRRbUdqM3gxMzBrQ1Y3UjRwQ0JsRldtblRaYnVKWHZud2p5awpZdkNm
+bk82RVVId2tsOXlKb2psa25pNFpManN4bjQwblBWUWdGaWxxQ1B3Ci0+ICNqaTBs
+KE8tZ3JlYXNlIE1KZGEgNzAKSGNMSlRGTzN5d3ZXcFZNTkxlZHprVlVQTzJ4K2Vp
+MG1YMTFHRmV6L2tMMGUKLS0tIE44WHBBZk1qcmRnK2lPczdiQ294SW50UFdrUHUw
+d0EreHNod29LL2pjd2cKw1rpd83gONZaOiV5lQ+QOtIZzoIkaOvRD/8avsbeFsP7
+AB/jiOfOwYJ0DVbNMjopwnzpcAFsLWs6Gg0wQhjNsl349TIcTAS0xLTJYTm8DwQy
+FmzftPMHAuJ/IPGzb3hQOFqpuFAPkunfiOgZ/N7N/+LLNMC5NxkkSH8m8gDBCCk=
+-----END AGE ENCRYPTED FILE-----
diff --git a/modules/by-name/co/constants/module.nix b/modules/by-name/co/constants/module.nix
index d601e70..7eaa8b4 100644
--- a/modules/by-name/co/constants/module.nix
+++ b/modules/by-name/co/constants/module.nix
@@ -44,6 +44,8 @@
       sshd = 331;
       systemd-oom = 332;
       nix-sync = 334;
+      nextcloud = 335;
+      redis-nextcloud = 336;
 
       # As per the NixOS file, the uids should not be greater or equal to 400;
     };
@@ -59,11 +61,13 @@
         mastodon
         matrix-synapse
         mautrix-whatsapp
+        nextcloud
         nix-sync
         nscd
         opendkim
         peertube
         redis-mastodon
+        redis-nextcloud
         redis-peertube
         redis-rspamd
         redis-stalwart-mail
diff --git a/modules/by-name/ne/nextcloud/module.nix b/modules/by-name/ne/nextcloud/module.nix
new file mode 100644
index 0000000..2e40970
--- /dev/null
+++ b/modules/by-name/ne/nextcloud/module.nix
@@ -0,0 +1,78 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  cfg = config.vhack.nextcloud;
+in {
+  options.vhack.nextcloud = {
+    enable = lib.mkEnableOption "a sophisticated nextcloud setup";
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.nextcloud31;
+      description = "The nextcloud package to use";
+    };
+    hostname = lib.mkOption {
+      type = lib.types.str;
+      description = "The nextcloud hostname (fqdn)";
+    };
+    adminpassFile = lib.mkOption {
+      type = lib.types.path;
+      description = "The age encrypted admin password file";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    vhack = {
+      nginx.enable = true;
+      postgresql.enable = true;
+      persist.directories = [
+        "/var/lib/nextcloud"
+      ];
+    };
+    age.secrets = {
+      adminpassFile = {
+        file = cfg.adminpassFile;
+        mode = "0700";
+        owner = "nextcloud";
+        group = "nextcloud";
+      };
+    };
+
+    services = {
+      nextcloud = {
+        enable = true;
+        configureRedis = true;
+        config = {
+          adminuser = "admin";
+          adminpassFile = config.age.secrets.adminpassFile.path;
+          dbname = "nextcloud";
+          dbuser = "nextcloud";
+          dbtype = "pgsql";
+        };
+        database.createLocally = true;
+        hostName = cfg.hostname;
+        https = true;
+        maxUploadSize = "5G";
+        package = cfg.package;
+        settings = {
+          default_phone_region = "DE";
+        };
+      };
+      nginx.virtualHosts.${cfg.hostname} = {
+        forceSSL = true;
+        enableACME = true;
+      };
+    };
+    users = {
+      users = {
+        "nextcloud".uid = config.vhack.constants.ids.uids.nextcloud;
+        "redis-nextcloud".uid = config.vhack.constants.ids.uids.redis-nextcloud;
+      };
+      groups = {
+        "nextcloud".gid = config.vhack.constants.ids.gids.nextcloud;
+        "redis-nextcloud".gid = config.vhack.constants.ids.gids.redis-nextcloud;
+      };
+    };
+  };
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-04-16 15:21:01 +0000