diff options
| -rw-r--r-- | hosts/by-name/server2/configuration.nix | 5 | ||||
| -rw-r--r-- | hosts/by-name/server2/secrets/nextcloud/adminpassFile.age | 14 | ||||
| -rw-r--r-- | modules/by-name/co/constants/module.nix | 4 | ||||
| -rw-r--r-- | modules/by-name/ne/nextcloud/module.nix | 78 |
4 files changed, 101 insertions, 0 deletions
diff --git a/hosts/by-name/server2/configuration.nix b/hosts/by-name/server2/configuration.nix index ffd212f..a11085e 100644 --- a/hosts/by-name/server2/configuration.nix +++ b/hosts/by-name/server2/configuration.nix @@ -61,6 +61,11 @@ enable = true; fqdn = "mail.foss-syndicate.org"; }; + nextcloud = { + enable = true; + hostname = "nextcloud.vhack.eu"; + adminpassFile = ./secrets/nextcloud/adminpassFile.age; + }; nginx = { enable = true; redirects = { diff --git a/hosts/by-name/server2/secrets/nextcloud/adminpassFile.age b/hosts/by-name/server2/secrets/nextcloud/adminpassFile.age new file mode 100644 index 0000000..2b831f3 --- /dev/null +++ b/hosts/by-name/server2/secrets/nextcloud/adminpassFile.age @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxanRqM3pOT29DWitxUERF +RjRURVZUWGpOSzFoZVpCSzJIN0RGZDAzWEZzCkczaExmOGgxQUQwV2NleUdHMXBB +eTZLZXpGZE1hcXBhWWhVcEQ5OFBQWUkKLT4gWDI1NTE5IG5DVmlEaDhTWk9xaWs2 +TnF1K1ZtK2UyeDgvOEFlbVUzc0V1VnZoSmFobEkKczNrSGdwZEVxVFNES3dzcVgy +SmRYNS9WR29mNGNCQW84bHZsZzNTRGZCQQotPiBzc2gtZWQyNTUxOSBYUG94RFEg +Y2ZQd25odWRRbUdqM3gxMzBrQ1Y3UjRwQ0JsRldtblRaYnVKWHZud2p5awpZdkNm +bk82RVVId2tsOXlKb2psa25pNFpManN4bjQwblBWUWdGaWxxQ1B3Ci0+ICNqaTBs +KE8tZ3JlYXNlIE1KZGEgNzAKSGNMSlRGTzN5d3ZXcFZNTkxlZHprVlVQTzJ4K2Vp +MG1YMTFHRmV6L2tMMGUKLS0tIE44WHBBZk1qcmRnK2lPczdiQ294SW50UFdrUHUw +d0EreHNod29LL2pjd2cKw1rpd83gONZaOiV5lQ+QOtIZzoIkaOvRD/8avsbeFsP7 +AB/jiOfOwYJ0DVbNMjopwnzpcAFsLWs6Gg0wQhjNsl349TIcTAS0xLTJYTm8DwQy +FmzftPMHAuJ/IPGzb3hQOFqpuFAPkunfiOgZ/N7N/+LLNMC5NxkkSH8m8gDBCCk= +-----END AGE ENCRYPTED FILE----- diff --git a/modules/by-name/co/constants/module.nix b/modules/by-name/co/constants/module.nix index d601e70..7eaa8b4 100644 --- a/modules/by-name/co/constants/module.nix +++ b/modules/by-name/co/constants/module.nix @@ -44,6 +44,8 @@ sshd = 331; systemd-oom = 332; nix-sync = 334; + nextcloud = 335; + redis-nextcloud = 336; # As per the NixOS file, the uids should not be greater or equal to 400; }; @@ -59,11 +61,13 @@ mastodon matrix-synapse mautrix-whatsapp + nextcloud nix-sync nscd opendkim peertube redis-mastodon + redis-nextcloud redis-peertube redis-rspamd redis-stalwart-mail diff --git a/modules/by-name/ne/nextcloud/module.nix b/modules/by-name/ne/nextcloud/module.nix new file mode 100644 index 0000000..2e40970 --- /dev/null +++ b/modules/by-name/ne/nextcloud/module.nix @@ -0,0 +1,78 @@ +{ + config, + pkgs, + lib, + ... +}: let + cfg = config.vhack.nextcloud; +in { + options.vhack.nextcloud = { + enable = lib.mkEnableOption "a sophisticated nextcloud setup"; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.nextcloud31; + description = "The nextcloud package to use"; + }; + hostname = lib.mkOption { + type = lib.types.str; + description = "The nextcloud hostname (fqdn)"; + }; + adminpassFile = lib.mkOption { + type = lib.types.path; + description = "The age encrypted admin password file"; + }; + }; + config = lib.mkIf cfg.enable { + vhack = { + nginx.enable = true; + postgresql.enable = true; + persist.directories = [ + "/var/lib/nextcloud" + ]; + }; + age.secrets = { + adminpassFile = { + file = cfg.adminpassFile; + mode = "0700"; + owner = "nextcloud"; + group = "nextcloud"; + }; + }; + + services = { + nextcloud = { + enable = true; + configureRedis = true; + config = { + adminuser = "admin"; + adminpassFile = config.age.secrets.adminpassFile.path; + dbname = "nextcloud"; + dbuser = "nextcloud"; + dbtype = "pgsql"; + }; + database.createLocally = true; + hostName = cfg.hostname; + https = true; + maxUploadSize = "5G"; + package = cfg.package; + settings = { + default_phone_region = "DE"; + }; + }; + nginx.virtualHosts.${cfg.hostname} = { + forceSSL = true; + enableACME = true; + }; + }; + users = { + users = { + "nextcloud".uid = config.vhack.constants.ids.uids.nextcloud; + "redis-nextcloud".uid = config.vhack.constants.ids.uids.redis-nextcloud; + }; + groups = { + "nextcloud".gid = config.vhack.constants.ids.gids.nextcloud; + "redis-nextcloud".gid = config.vhack.constants.ids.gids.redis-nextcloud; + }; + }; + }; +} |