From 0a5d07077370dd8f4e8329f7661a693921065153 Mon Sep 17 00:00:00 2001 From: fi Date: Thu, 3 Aug 2023 15:51:21 +0200 Subject: [PATCH] Add nextcloud host --- hosts.nix | 4 ++ hosts/nextcloud/configuration.nix | 17 +++++++++ hosts/nextcloud/default.nix | 7 ++++ hosts/nextcloud/nextcloud.nix | 38 +++++++++++++++++++ hosts/nextcloud/secrets.nix | 11 ++++++ hosts/web-public-2/nginx.nix | 2 +- .../virtualHosts/nextcloud.grzb.de.nix | 2 +- 7 files changed, 79 insertions(+), 2 deletions(-) create mode 100644 hosts/nextcloud/configuration.nix create mode 100644 hosts/nextcloud/default.nix create mode 100644 hosts/nextcloud/nextcloud.nix create mode 100644 hosts/nextcloud/secrets.nix diff --git a/hosts.nix b/hosts.nix index 6118252..1116370 100644 --- a/hosts.nix +++ b/hosts.nix @@ -38,6 +38,10 @@ in hostNixpkgs = nixpkgs-unstable; site = "vs"; }; + nextcloud = { + hostNixpkgs = nixpkgs-unstable; + site = "vs"; + }; nitter = { site = "vs"; }; diff --git a/hosts/nextcloud/configuration.nix b/hosts/nextcloud/configuration.nix new file mode 100644 index 0000000..da63943 --- /dev/null +++ b/hosts/nextcloud/configuration.nix @@ -0,0 +1,17 @@ +{ ... }: +{ + boot.loader.grub = { + enable = true; + device = "/dev/vda"; + }; + + networking = { + hostName = "nextcloud"; + firewall = { + enable = true; + allowedTCPPorts = [ 80 443 8443 ]; + }; + }; + + system.stateVersion = "23.05"; +} diff --git a/hosts/nextcloud/default.nix b/hosts/nextcloud/default.nix new file mode 100644 index 0000000..81ddd9a --- /dev/null +++ b/hosts/nextcloud/default.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + imports = [ + ./configuration.nix + ./nextcloud.nix + ]; +} diff --git a/hosts/nextcloud/nextcloud.nix b/hosts/nextcloud/nextcloud.nix new file mode 100644 index 0000000..88aa605 --- /dev/null +++ b/hosts/nextcloud/nextcloud.nix @@ -0,0 +1,38 @@ +{ pkgs, config, ... }: +{ + services.nextcloud = { + enable = true; + package = pkgs.nextcloud27; + hostName = "cloud.nekover.se"; + https = true; + config = { + dbtype = "pgsql"; + adminpassFile = "/secrets/nextcloud-adminpass.secret"; + defaultPhoneRegion = "DE"; + }; + database.createLocally = true; + configureRedis = true; + extraAppsEnable = true; + extraApps = with config.services.nextcloud.package.packages.apps; { + inherit bookmarks contacts calendar tasks twofactor_webauthn; + }; + maxUploadSize = "16G"; + }; + + services.nginx.virtualHosts.${config.services.nextcloud.hostName} = { + forceSSL = true; + enableACME = true; + listen = [ + { + addr = "localhost"; + port = 1234; + } # workaround for enableACME check + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + ]; + }; +} diff --git a/hosts/nextcloud/secrets.nix b/hosts/nextcloud/secrets.nix new file mode 100644 index 0000000..785e179 --- /dev/null +++ b/hosts/nextcloud/secrets.nix @@ -0,0 +1,11 @@ +{ ... }: +{ + deployment.keys."nextcloud-adminpass.secret" = { + keyCommand = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" "pass" "nextcloud/adminpass" ]; + destDir = "/secrets"; + user = "nextcloud"; + group = "nextcloud"; + permissions = "0640"; + uploadAt = "pre-activation"; + }; +} diff --git a/hosts/web-public-2/nginx.nix b/hosts/web-public-2/nginx.nix index 77d48ac..a72db45 100644 --- a/hosts/web-public-2/nginx.nix +++ b/hosts/web-public-2/nginx.nix @@ -11,6 +11,7 @@ map $ssl_preread_server_name $address { anisync.grzb.de 127.0.0.1:8443; birdsite.nekover.se 127.0.0.1:8443; + cloud.nekover.se 10.202.41.122:8443; element.nekover.se 127.0.0.1:8443; gameserver.grzb.de 127.0.0.1:8443; git.grzb.de 127.0.0.1:8443; @@ -21,7 +22,6 @@ nextcloud.grzb.de 127.0.0.1:8443; nix-cache.nekover.se 10.202.41.121:8443; social.nekover.se 127.0.0.1:8443; - test.grzb.de 127.0.0.1:8443; } server { diff --git a/hosts/web-public-2/virtualHosts/nextcloud.grzb.de.nix b/hosts/web-public-2/virtualHosts/nextcloud.grzb.de.nix index 87fcc68..8cbdcc9 100644 --- a/hosts/web-public-2/virtualHosts/nextcloud.grzb.de.nix +++ b/hosts/web-public-2/virtualHosts/nextcloud.grzb.de.nix @@ -15,7 +15,7 @@ proxyProtocol = true; }]; locations."/" = { - proxyPass = "http://nextcloud.vs.grzb.de:80"; + proxyPass = "http://nextcloud-grzb.vs.grzb.de:80"; }; locations."= /.well-known/carddav" = { return = "301 $scheme://$host/remote.php/dav";