Setup mail server and restructure some things

2023-09-14 14:43:49 +02:00 · 2023-09-14 14:43:49 +02:00 · 4a802ab44d
commit 4a802ab44d
parent fa3db3bad6
90 changed files with 512 additions and 66 deletions
--- a/config/hosts/nextcloud/configuration.nix
+++ b/config/hosts/nextcloud/configuration.nix
@ -0,0 +1,17 @@
+{ ... }:
+{
+  boot.loader.grub = {
+    enable = true;
+    device = "/dev/vda";
+  };
+
+  networking = {
+    hostName = "nextcloud";
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 8443 ];
+    };
+  };
+
+  system.stateVersion = "23.05";
+}
--- a/config/hosts/nextcloud/default.nix
+++ b/config/hosts/nextcloud/default.nix
@ -0,0 +1,8 @@
+{ ... }:
+{
+  imports = [
+    ./configuration.nix
+    ./hardware-configuration.nix
+    ./nextcloud.nix
+  ];
+}
--- a/config/hosts/nextcloud/hardware-configuration.nix
+++ b/config/hosts/nextcloud/hardware-configuration.nix
@ -0,0 +1,10 @@
+{ ... }:
+{
+  fileSystems."/var/lib/nextcloud/data" = {
+    device = "/dev/vdb";
+    fsType = "ext4";
+    autoFormat = true;
+    autoResize = true;
+    options = [ "X-mount.owner=nextcloud" "X-mount.group=nextcloud" ];
+  };
+}
--- a/config/hosts/nextcloud/nextcloud.nix
+++ b/config/hosts/nextcloud/nextcloud.nix
@ -0,0 +1,52 @@
+{ pkgs, config, ... }:
+{
+  services.nextcloud = {
+    enable = true;
+    package = pkgs.nextcloud27;
+    hostName = "cloud.nekover.se";
+    https = true;
+    config = {
+      dbtype = "pgsql";
+      adminpassFile = "/secrets/nextcloud-adminpass.secret";
+      defaultPhoneRegion = "DE";
+    };
+    database.createLocally = true;
+    configureRedis = true;
+    extraAppsEnable = true;
+    extraApps = with config.services.nextcloud.package.packages.apps; {
+      inherit bookmarks contacts calendar tasks twofactor_webauthn;
+    };
+    maxUploadSize = "16G";
+    extraOptions = {
+      mail_smtpmode = "smtp";
+      mail_sendmailmode = "smtp";
+      mail_smtpsecure = "ssl";
+      mail_from_address = "cloud";
+      mail_domain = "nekover.se";
+      mail_smtpauthtype = "LOGIN";
+      mail_smtpauth = 1;
+      mail_smtphost = "mail.grzb.de";
+      mail_smtpport = 465;
+      mail_smtpname = "nextcloud";
+    };
+    # Only contains mail_smtppassword
+    secretFile = "/secrets/nextcloud-secretfile.secret";
+    phpOptions = {
+      # The amount of memory for interned strings in Mbytes
+      "opcache.interned_strings_buffer" = "64";
+    };
+  };
+
+  services.nginx = {
+    virtualHosts.${config.services.nextcloud.hostName} = {
+      forceSSL = true;
+      enableACME = true;
+      extraConfig = ''
+        listen 0.0.0.0:8443 http2 ssl proxy_protocol;
+
+        set_real_ip_from 10.202.41.100;
+        real_ip_header proxy_protocol;
+      '';
+    };
+  };
+}
--- a/config/hosts/nextcloud/secrets.nix
+++ b/config/hosts/nextcloud/secrets.nix
@ -0,0 +1,21 @@
+{ ... }:
+{
+  deployment.keys = {
+    "nextcloud-adminpass.secret" = {
+      keyCommand = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" "pass" "nextcloud/adminpass" ];
+      destDir = "/secrets";
+      user = "nextcloud";
+      group = "nextcloud";
+      permissions = "0640";
+      uploadAt = "pre-activation";
+    };
+    "nextcloud-secretfile.secret" = {
+      keyCommand = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" "pass" "nextcloud/secretfile" ];
+      destDir = "/secrets";
+      user = "nextcloud";
+      group = "nextcloud";
+      permissions = "0640";
+      uploadAt = "pre-activation";
+    };
+  };
+}