fi/nix-infra
1
1
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Add SMTP configuration to nextcloud and use an additional disk for the data

Browse source
This commit is contained in:
fi 2023-08-04 03:32:06 +02:00
parent 3f9cdc0943
commit c1bd4e3529
Signed by: fi
SSH key fingerprint: SHA256:d+6fQoDPMbSFK95zRVflRKZLRKF4cPSQb7VIxYkhFsA
4 changed files with 62 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
hosts/nextcloud/default.nix
View file

@ -2,6 +2,7 @@
{ {
imports = [ imports = [
./configuration.nix ./configuration.nix
./hardware-configuration.nix
./nextcloud.nix ./nextcloud.nix
]; ];
} }

10
hosts/nextcloud/hardware-configuration.nix Normal file
View file

@ -0,0 +1,10 @@
{ ... }:
{
fileSystems."/var/lib/nextcloud/data" = {
device = "/dev/vdb";
fsType = "ext4";
autoFormat = true;
autoResize = true;
options = [ "X-mount.owner=nextcloud" "X-mount.group=nextcloud" ];
};
}

49
hosts/nextcloud/nextcloud.nix
View file

@ -17,22 +17,41 @@
inherit bookmarks contacts calendar tasks twofactor_webauthn; inherit bookmarks contacts calendar tasks twofactor_webauthn;
}; };
maxUploadSize = "16G"; maxUploadSize = "16G";
extraOptions = {
mail_smtpmode = "smtp";
mail_sendmailmode = "smtp";
mail_smtpsecure = "ssl";
mail_from_address = "cloud";
mail_domain = "nekover.se";
mail_smtpauthtype = "LOGIN";
mail_smtpauth = 1;
mail_smtphost = "mail.grzb.de";
mail_smtpport = 465;
mail_smtpname = "nextcloud";
};
secretFile = "/secrets/nextcloud-secretfile.secret";
}; };
services.nginx.virtualHosts.${config.services.nextcloud.hostName} = { services.nginx = {
forceSSL = true; virtualHosts.${config.services.nextcloud.hostName} = {
enableACME = true; forceSSL = true;
listen = [ enableACME = true;
{ listen = [
addr = "localhost"; {
port = 1234; addr = "localhost";
} # workaround for enableACME check port = 1234;
{ } # workaround for enableACME check
addr = "0.0.0.0"; {
port = 8443; addr = "0.0.0.0";
ssl = true; port = 8443;
proxyProtocol = true; ssl = true;
} proxyProtocol = true;
]; }
];
extraConfig = ''
set_real_ip_from 10.202.41.100;
real_ip_header proxy_protocol;
'';
};
}; };
} }

24
hosts/nextcloud/secrets.nix
View file

@ -1,11 +1,21 @@
{ ... }: { ... }:
{ {
deployment.keys."nextcloud-adminpass.secret" = { deployment.keys = {
keyCommand = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" "pass" "nextcloud/adminpass" ]; "nextcloud-adminpass.secret" = {
destDir = "/secrets"; keyCommand = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" "pass" "nextcloud/adminpass" ];
user = "nextcloud"; destDir = "/secrets";
group = "nextcloud"; user = "nextcloud";
permissions = "0640"; group = "nextcloud";
uploadAt = "pre-activation"; permissions = "0640";
uploadAt = "pre-activation";
};
"nextcloud-secretfile.secret" = {
keyCommand = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" "pass" "nextcloud/secretfile" ];
destDir = "/secrets";
user = "nextcloud";
group = "nextcloud";
permissions = "0640";
uploadAt = "pre-activation";
};
}; };
} }