From b04d9e51a188b3f6feb527e4fc2a7534714bafd9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 23 Mar 2021 19:31:59 +0100 Subject: [PATCH] nextcloud: create service --- hosts/poseidon/default.nix | 4 ++ secrets/default.nix | 2 + secrets/nextcloud-admin-pass.secret | Bin 0 -> 87 bytes secrets/nextcloud-admin-user.secret | Bin 0 -> 28 bytes services/default.nix | 1 + services/nextcloud.nix | 73 ++++++++++++++++++++++++++++ 6 files changed, 80 insertions(+) create mode 100644 secrets/nextcloud-admin-pass.secret create mode 100644 secrets/nextcloud-admin-user.secret create mode 100644 services/nextcloud.nix diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 2655868..20a02ac 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -114,6 +114,10 @@ in domain = "monitoring.${config.networking.domain}"; }; + nextcloud = { + enable = true; + }; + postgresql-backup = { enable = true; }; diff --git a/secrets/default.nix b/secrets/default.nix index 7d0e393..2120a11 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -12,6 +12,8 @@ with lib; miniflux-admin-credentials = lib.fileContents ./miniflux-admin-credentials.secret; borg-backup-repo = lib.fileContents ./borg-backup-repo.secret; transmission-password = lib.fileContents ./transmission.secret; + nextcloud-admin-pass = lib.fileContents ./nextcloud-admin-pass.secret; + nextcloud-admin-user = lib.fileContents ./nextcloud-admin-user.secret; wireguard = pkgs.callPackage ./wireguard.nix { }; }; diff --git a/secrets/nextcloud-admin-pass.secret b/secrets/nextcloud-admin-pass.secret new file mode 100644 index 0000000000000000000000000000000000000000..49f51ea3444c20ee5acd455fc986386c9c10a598 GIT binary patch literal 87 zcmV-d0I2@}M@dveQdv+`0Oz>h`m_yf09yG|T$~YwjrNvI#vdu?2Dij|7m&+xc2{PV t7`N=gct*$YUc&F!12-^Fe^wZwUT3vM6}Q3WB9k0;GA+QIHLiie+BeejDBA!4 literal 0 HcmV?d00001 diff --git a/secrets/nextcloud-admin-user.secret b/secrets/nextcloud-admin-user.secret new file mode 100644 index 0000000000000000000000000000000000000000..e653faf45a54d46c7c98d8c641b30d9a42b4507a GIT binary patch literal 28 jcmZQ@_Y83kiVO&0$mq3WFFNr~|7$_K1&iDymi0;ig02aT literal 0 HcmV?d00001 diff --git a/services/default.nix b/services/default.nix index 3000594..a8891a8 100644 --- a/services/default.nix +++ b/services/default.nix @@ -11,6 +11,7 @@ ./media.nix ./miniflux.nix ./monitoring.nix + ./nextcloud.nix ./nginx.nix ./postgresql-backup.nix ./tgv.nix diff --git a/services/nextcloud.nix b/services/nextcloud.nix new file mode 100644 index 0000000..1ab9924 --- /dev/null +++ b/services/nextcloud.nix @@ -0,0 +1,73 @@ +{ lib, config, pkgs, ... }: + +# TODO: setup prometheus exporter + +let + cfg = config.my.services.nextcloud; + my = config.my; + domain = config.networking.domain; + dbName = "nextcloud"; +in +{ + options.my.services.nextcloud = { + enable = lib.mkEnableOption "NextCloud"; + }; + + config = lib.mkIf cfg.enable { + # FIXME: set postgresql package globally + services.postgresql = { + enable = true; + + ensureDatabases = [ dbName ]; + ensureUsers = [ + { + name = "nextcloud"; + ensurePermissions = { + "DATABASE ${dbName}" = "ALL PRIVILEGES"; + }; + } + ]; + }; + + services.postgresqlBackup = { + databases = [ dbName ]; + }; + + services.nextcloud = { + enable = true; + + hostName = "cloud.${domain}"; + https = true; + package = pkgs.nextcloud21; + + maxUploadSize = "1G"; + + config = { + overwriteProtocol = "https"; + + defaultPhoneRegion = "FR"; + + dbtype = "pgsql"; + dbuser = "nextcloud"; + dbname = dbName; + dbhost = "/run/postgresql"; + + adminuser = my.secrets.nextcloud-admin-user; + adminpass = my.secrets.nextcloud-admin-pass; + }; + }; + + services.nginx = { + virtualHosts = { + "cloud.${domain}" = { + forceSSL = true; + enableACME = true; + }; + }; + }; + + my.services.borg-backup = lib.mkIf cfg.enable { + paths = [ config.services.nextcloud.home ]; + }; + }; +}