Add SMTP configuration to nextcloud and use an additional disk for the data

hosts/nextcloud/default.nix

@@ -2,6 +2,7 @@
 {
   imports = [
     ./configuration.nix
+    ./hardware-configuration.nix
     ./nextcloud.nix
   ];
 }

hosts/nextcloud/hardware-configuration.nix

@@ -0,0 +1,10 @@
+{ ... }:
+{
+  fileSystems."/var/lib/nextcloud/data" = {
+    device = "/dev/vdb";
+    fsType = "ext4";
+    autoFormat = true;
+    autoResize = true;
+    options = [ "X-mount.owner=nextcloud" "X-mount.group=nextcloud" ];
+  };
+}

hosts/nextcloud/nextcloud.nix

@@ -17,9 +17,23 @@
       inherit bookmarks contacts calendar tasks twofactor_webauthn;
     };
     maxUploadSize = "16G";
+    extraOptions = {
+      mail_smtpmode = "smtp";
+      mail_sendmailmode = "smtp";
+      mail_smtpsecure = "ssl";
+      mail_from_address = "cloud";
+      mail_domain = "nekover.se";
+      mail_smtpauthtype = "LOGIN";
+      mail_smtpauth = 1;
+      mail_smtphost = "mail.grzb.de";
+      mail_smtpport = 465;
+      mail_smtpname = "nextcloud";
+    };
+    secretFile = "/secrets/nextcloud-secretfile.secret";
   };
 
-  services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
+  services.nginx = {
+    virtualHosts.${config.services.nextcloud.hostName} = {
       forceSSL = true;
       enableACME = true;
       listen = [
@@ -34,5 +48,10 @@
           proxyProtocol = true;
         }
       ];
+      extraConfig = ''
+        set_real_ip_from 10.202.41.100;
+        real_ip_header proxy_protocol;
+      '';
+    };
   };
 }

hosts/nextcloud/secrets.nix

@@ -1,6 +1,7 @@
 { ... }:
 {
-  deployment.keys."nextcloud-adminpass.secret" = {
+  deployment.keys = {
+    "nextcloud-adminpass.secret" = {
       keyCommand = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" "pass" "nextcloud/adminpass" ];
       destDir = "/secrets";
       user = "nextcloud";
@@ -8,4 +9,13 @@
       permissions = "0640";
       uploadAt = "pre-activation";
     };
+    "nextcloud-secretfile.secret" = {
+      keyCommand = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" "pass" "nextcloud/secretfile" ];
+      destDir = "/secrets";
+      user = "nextcloud";
+      group = "nextcloud";
+      permissions = "0640";
+      uploadAt = "pre-activation";
+    };
+  };
 }