From 86a2bf0395990cc7251bffcbac54e0a722603d0f Mon Sep 17 00:00:00 2001 From: yuri Date: Fri, 4 Aug 2023 03:32:06 +0200 Subject: [PATCH] Add SMTP configuration to nextcloud and use an additional disk for the data --- hosts/nextcloud/default.nix | 1 + hosts/nextcloud/hardware-configuration.nix | 10 +++++ hosts/nextcloud/nextcloud.nix | 49 +++++++++++++++------- hosts/nextcloud/secrets.nix | 24 +++++++---- 4 files changed, 62 insertions(+), 22 deletions(-) create mode 100644 hosts/nextcloud/hardware-configuration.nix diff --git a/hosts/nextcloud/default.nix b/hosts/nextcloud/default.nix index 81ddd9a..9677aef 100644 --- a/hosts/nextcloud/default.nix +++ b/hosts/nextcloud/default.nix @@ -2,6 +2,7 @@ { imports = [ ./configuration.nix + ./hardware-configuration.nix ./nextcloud.nix ]; } diff --git a/hosts/nextcloud/hardware-configuration.nix b/hosts/nextcloud/hardware-configuration.nix new file mode 100644 index 0000000..89fc191 --- /dev/null +++ b/hosts/nextcloud/hardware-configuration.nix @@ -0,0 +1,10 @@ +{ ... }: +{ + fileSystems."/var/lib/nextcloud/data" = { + device = "/dev/vdb"; + fsType = "ext4"; + autoFormat = true; + autoResize = true; + options = [ "X-mount.owner=nextcloud" "X-mount.group=nextcloud" ]; + }; +} diff --git a/hosts/nextcloud/nextcloud.nix b/hosts/nextcloud/nextcloud.nix index 88aa605..e6cb567 100644 --- a/hosts/nextcloud/nextcloud.nix +++ b/hosts/nextcloud/nextcloud.nix @@ -17,22 +17,41 @@ inherit bookmarks contacts calendar tasks twofactor_webauthn; }; maxUploadSize = "16G"; + extraOptions = { + mail_smtpmode = "smtp"; + mail_sendmailmode = "smtp"; + mail_smtpsecure = "ssl"; + mail_from_address = "cloud"; + mail_domain = "nekover.se"; + mail_smtpauthtype = "LOGIN"; + mail_smtpauth = 1; + mail_smtphost = "mail.grzb.de"; + mail_smtpport = 465; + mail_smtpname = "nextcloud"; + }; + secretFile = "/secrets/nextcloud-secretfile.secret"; }; - services.nginx.virtualHosts.${config.services.nextcloud.hostName} = { - forceSSL = true; - enableACME = true; - listen = [ - { - addr = "localhost"; - port = 1234; - } # workaround for enableACME check - { - addr = "0.0.0.0"; - port = 8443; - ssl = true; - proxyProtocol = true; - } - ]; + services.nginx = { + virtualHosts.${config.services.nextcloud.hostName} = { + forceSSL = true; + enableACME = true; + listen = [ + { + addr = "localhost"; + port = 1234; + } # workaround for enableACME check + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + } + ]; + extraConfig = '' + set_real_ip_from 10.202.41.100; + real_ip_header proxy_protocol; + ''; + }; }; } diff --git a/hosts/nextcloud/secrets.nix b/hosts/nextcloud/secrets.nix index 785e179..c4a91b9 100644 --- a/hosts/nextcloud/secrets.nix +++ b/hosts/nextcloud/secrets.nix @@ -1,11 +1,21 @@ { ... }: { - deployment.keys."nextcloud-adminpass.secret" = { - keyCommand = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" "pass" "nextcloud/adminpass" ]; - destDir = "/secrets"; - user = "nextcloud"; - group = "nextcloud"; - permissions = "0640"; - uploadAt = "pre-activation"; + deployment.keys = { + "nextcloud-adminpass.secret" = { + keyCommand = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" "pass" "nextcloud/adminpass" ]; + destDir = "/secrets"; + user = "nextcloud"; + group = "nextcloud"; + permissions = "0640"; + uploadAt = "pre-activation"; + }; + "nextcloud-secretfile.secret" = { + keyCommand = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" "pass" "nextcloud/secretfile" ]; + destDir = "/secrets"; + user = "nextcloud"; + group = "nextcloud"; + permissions = "0640"; + uploadAt = "pre-activation"; + }; }; }