depot/cluster/services/nextcloud/host.nix

63 lines
1.5 KiB
Nix
Raw Permalink Normal View History

{ cluster, config, lib, pkgs, tools, ... }:
let
patroni = cluster.config.links.patroni-pg-access;
in
2021-10-16 21:23:55 +03:00
{
age.secrets = {
nextcloud-adminpass = {
file = ../../../secrets/nextcloud-adminpass.age;
2021-10-16 21:23:55 +03:00
owner = "nextcloud";
group = "nextcloud";
mode = "0400";
};
nextcloud-dbpass = {
file = ../../../secrets/nextcloud-dbpass.age;
2021-10-16 21:23:55 +03:00
owner = "nextcloud";
group = "nextcloud";
mode = "0400";
};
};
services.nextcloud = {
package = pkgs.nextcloud26;
enableBrokenCiphersForSSE = false;
2021-10-16 21:23:55 +03:00
enable = true;
https = true;
hostName = "storage.${tools.meta.domain}";
home = "/srv/storage/www-app/nextcloud";
maxUploadSize = "4G";
enableImagemagick = true;
caching = with lib; flip genAttrs (_: true) [
"apcu" "redis"
];
autoUpdateApps = {
enable = true;
startAt = "02:00";
};
config = {
dbhost = patroni.tuple;
2021-10-16 21:23:55 +03:00
dbtype = "pgsql";
dbname = "storage";
dbuser = "storage";
dbpassFile = config.age.secrets.nextcloud-dbpass.path;
2021-10-16 21:23:55 +03:00
overwriteProtocol = "https";
adminuser = "sa";
adminpassFile = config.age.secrets.nextcloud-adminpass.path;
2021-10-16 21:23:55 +03:00
};
};
services.nginx.virtualHosts."${config.services.nextcloud.hostName}" = {
addSSL = true;
enableACME = true;
};
2021-12-03 00:39:54 +02:00
systemd.services = {
phpfpm-nextcloud.aliases = [ "nextcloud.service" ];
nextcloud-setup.serviceConfig = {
Restart = "on-failure";
RestartSec = "10s";
};
2021-12-03 00:39:54 +02:00
};
2021-10-16 21:23:55 +03:00
}