Add SMTP configuration to nextcloud and use an additional disk for the data

2023-08-04 03:32:06 +02:00 · 2023-08-04 03:32:06 +02:00 · c1bd4e3529
commit c1bd4e3529
parent 3f9cdc0943
4 changed files with 62 additions and 22 deletions
--- a/hosts/nextcloud/default.nix
+++ b/hosts/nextcloud/default.nix
@ -2,6 +2,7 @@
 {
  imports = [
    ./configuration.nix
    ./hardware-configuration.nix
    ./nextcloud.nix
  ];
 }
--- a/hosts/nextcloud/hardware-configuration.nix
+++ b/hosts/nextcloud/hardware-configuration.nix
@ -0,0 +1,10 @@
 { ... }:
 {
  fileSystems."/var/lib/nextcloud/data" = {
    device = "/dev/vdb";
    fsType = "ext4";
    autoFormat = true;
    autoResize = true;
    options = [ "X-mount.owner=nextcloud" "X-mount.group=nextcloud" ];
  };
 }
--- a/hosts/nextcloud/nextcloud.nix
+++ b/hosts/nextcloud/nextcloud.nix
@ -17,22 +17,41 @@
      inherit bookmarks contacts calendar tasks twofactor_webauthn;
    };
    maxUploadSize = "16G";
    extraOptions = {
      mail_smtpmode = "smtp";
      mail_sendmailmode = "smtp";
      mail_smtpsecure = "ssl";
      mail_from_address = "cloud";
      mail_domain = "nekover.se";
      mail_smtpauthtype = "LOGIN";
      mail_smtpauth = 1;
      mail_smtphost = "mail.grzb.de";
      mail_smtpport = 465;
      mail_smtpname = "nextcloud";
    };
    secretFile = "/secrets/nextcloud-secretfile.secret";
  };
-  services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
+  services.nginx = {
-    forceSSL = true;
+    virtualHosts.${config.services.nextcloud.hostName} = {
-    enableACME = true;
+      forceSSL = true;
-    listen = [
+      enableACME = true;
-      { 
+      listen = [
-        addr = "localhost";
+        { 
-        port = 1234;
+          addr = "localhost";
-      } # workaround for enableACME check
+          port = 1234;
-      {
+        } # workaround for enableACME check
-        addr = "0.0.0.0";
+        {
-        port = 8443;
+          addr = "0.0.0.0";
-        ssl = true;
+          port = 8443;
-        proxyProtocol = true;
+          ssl = true;
-      }
+          proxyProtocol = true;
-    ];
+        }
      ];
      extraConfig = ''
        set_real_ip_from 10.202.41.100;
        real_ip_header proxy_protocol;
      '';
    };
  };
 }
--- a/hosts/nextcloud/secrets.nix
+++ b/hosts/nextcloud/secrets.nix
@ -1,11 +1,21 @@
 { ... }:
 {
-  deployment.keys."nextcloud-adminpass.secret" = {
+  deployment.keys = {
-    keyCommand = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" "pass" "nextcloud/adminpass" ];
+    "nextcloud-adminpass.secret" = {
-    destDir = "/secrets";
+      keyCommand = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" "pass" "nextcloud/adminpass" ];
-    user = "nextcloud";
+      destDir = "/secrets";
-    group = "nextcloud";
+      user = "nextcloud";
-    permissions = "0640";
+      group = "nextcloud";
-    uploadAt = "pre-activation";
+      permissions = "0640";
      uploadAt = "pre-activation";
    };
    "nextcloud-secretfile.secret" = {
      keyCommand = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" "pass" "nextcloud/secretfile" ];
      destDir = "/secrets";
      user = "nextcloud";
      group = "nextcloud";
      permissions = "0640";
      uploadAt = "pre-activation";
    };
  };
 }