Add nextcloud host

2023-08-03 15:51:21 +02:00 · 2023-08-03 15:51:21 +02:00 · 5c0f7dd6b8
parent 5691e65bf3
commit 5c0f7dd6b8
7 changed files with 79 additions and 2 deletions
--- a/hosts.nix
+++ b/hosts.nix
@ -38,6 +38,10 @@ in
      hostNixpkgs = nixpkgs-unstable;
      site = "vs";
    };
+    nextcloud = {
+      hostNixpkgs = nixpkgs-unstable;
+      site = "vs";
+    };
    nitter = {
      site = "vs";
    };
--- a/hosts/nextcloud/configuration.nix
+++ b/hosts/nextcloud/configuration.nix
@ -0,0 +1,17 @@
+{ ... }:
+{
+  boot.loader.grub = {
+    enable = true;
+    device = "/dev/vda";
+  };
+
+  networking = {
+    hostName = "nextcloud";
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 80 443 8443 ];
+    };
+  };
+
+  system.stateVersion = "23.05";
+}
--- a/hosts/nextcloud/default.nix
+++ b/hosts/nextcloud/default.nix
@ -0,0 +1,7 @@
+{ ... }:
+{
+  imports = [
+    ./configuration.nix
+    ./nextcloud.nix
+  ];
+}
--- a/hosts/nextcloud/nextcloud.nix
+++ b/hosts/nextcloud/nextcloud.nix
@ -0,0 +1,38 @@
+{ pkgs, config, ... }:
+{
+  services.nextcloud = {
+    enable = true;
+    package = pkgs.nextcloud27;
+    hostName = "cloud.nekover.se";
+    https = true;
+    config = {
+      dbtype = "pgsql";
+      adminpassFile = "/secrets/nextcloud-adminpass.secret";
+      defaultPhoneRegion = "DE";
+    };
+    database.createLocally = true;
+    configureRedis = true;
+    extraAppsEnable = true;
+    extraApps = with config.services.nextcloud.package.packages.apps; {
+      inherit bookmarks contacts calendar tasks twofactor_webauthn;
+    };
+    maxUploadSize = "16G";
+  };
+
+  services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
+    forceSSL = true;
+    enableACME = true;
+    listen = [
+      { 
+        addr = "localhost";
+        port = 1234;
+      } # workaround for enableACME check
+      {
+        addr = "0.0.0.0";
+        port = 8443;
+        ssl = true;
+        proxyProtocol = true;
+      }
+    ];
+  };
+}
--- a/hosts/nextcloud/secrets.nix
+++ b/hosts/nextcloud/secrets.nix
@ -0,0 +1,11 @@
+{ ... }:
+{
+  deployment.keys."nextcloud-adminpass.secret" = {
+    keyCommand = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" "pass" "nextcloud/adminpass" ];
+    destDir = "/secrets";
+    user = "nextcloud";
+    group = "nextcloud";
+    permissions = "0640";
+    uploadAt = "pre-activation";
+  };
+}
--- a/hosts/web-public-2/nginx.nix
+++ b/hosts/web-public-2/nginx.nix
@ -11,6 +11,7 @@
      map $ssl_preread_server_name $address {
        anisync.grzb.de 127.0.0.1:8443;
        birdsite.nekover.se 127.0.0.1:8443;
+        cloud.nekover.se 10.202.41.122:8443;
        element.nekover.se 127.0.0.1:8443;
        gameserver.grzb.de 127.0.0.1:8443;
        git.grzb.de 127.0.0.1:8443;
@ -21,7 +22,6 @@
        nextcloud.grzb.de 127.0.0.1:8443;
        nix-cache.nekover.se 10.202.41.121:8443;
        social.nekover.se 127.0.0.1:8443;
-        test.grzb.de 127.0.0.1:8443;
      }

      server {
--- a/hosts/web-public-2/virtualHosts/nextcloud.grzb.de.nix
+++ b/hosts/web-public-2/virtualHosts/nextcloud.grzb.de.nix
@ -15,7 +15,7 @@
      proxyProtocol = true;
    }];
    locations."/" = {
-      proxyPass = "http://nextcloud.vs.grzb.de:80";
+      proxyPass = "http://nextcloud-grzb.vs.grzb.de:80";
    };
    locations."= /.well-known/carddav" = {
      return = "301 $scheme://$host/remote.php/dav";