From b22174e5126ceba121a1cf243c576ab5ee31f3cc Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Sat, 16 Oct 2021 20:23:55 +0200
Subject: [PATCH] VEGAS: add Nextcloud service

---
 hosts/VEGAS/services/nextcloud/default.nix |  52 +++++++++++++++++++++
 hosts/VEGAS/system.nix                     |   1 +
 secrets/nextcloud-adminpass.age            | Bin 0 -> 630 bytes
 secrets/nextcloud-dbpass.age               |  11 +++++
 secrets/secrets.nix                        |   2 +
 5 files changed, 66 insertions(+)
 create mode 100644 hosts/VEGAS/services/nextcloud/default.nix
 create mode 100644 secrets/nextcloud-adminpass.age
 create mode 100644 secrets/nextcloud-dbpass.age

diff --git a/hosts/VEGAS/services/nextcloud/default.nix b/hosts/VEGAS/services/nextcloud/default.nix
new file mode 100644
index 0000000..a7042df
--- /dev/null
+++ b/hosts/VEGAS/services/nextcloud/default.nix
@@ -0,0 +1,52 @@
+{ config, lib, pkgs, tools, ... }:
+{
+  age.secrets = {
+    nextcloud-adminpass = {
+      file = ../../../../secrets/nextcloud-adminpass.age;
+      owner = "nextcloud";
+      group = "nextcloud";
+      mode = "0400";
+    };
+    nextcloud-dbpass = {
+      file = ../../../../secrets/nextcloud-dbpass.age;
+      owner = "nextcloud";
+      group = "nextcloud";
+      mode = "0400";
+    };
+  };
+  services.nextcloud = {
+    package = pkgs.nextcloud22;
+    enable = true;
+    https = true;
+    hostName = "storage.${tools.meta.domain}";
+    home = "/srv/storage/www-app/nextcloud";
+    maxUploadSize = "4G";
+    enableImagemagick = true;
+    caching = with lib; flip genAttrs (_: true) [
+      "apcu" "redis"
+    ];
+
+    autoUpdateApps = {
+      enable = true;
+      startAt = "02:00";
+    };
+
+    config = {
+      dbhost = "/run/postgresql";
+      dbtype = "pgsql";
+      dbname = "storage";
+      dbuser = "storage";
+      dbpassFile = config.age.secrets.nextcloud-adminpass.path;
+
+      overwriteProtocol = "https";
+
+      adminuser = "sa";
+      adminpassFile = config.age.secrets.nextcloud-dbpass.path;
+    };
+  };
+  services.nginx.virtualHosts."${config.services.nextcloud.hostName}" = {
+    addSSL = true;
+    enableACME = true;
+  };
+  systemd.services.phpfpm-nextcloud.aliases = [ "nextcloud.service" ];
+}
diff --git a/hosts/VEGAS/system.nix b/hosts/VEGAS/system.nix
index d17f4fd..8ae6a0e 100644
--- a/hosts/VEGAS/system.nix
+++ b/hosts/VEGAS/system.nix
@@ -25,6 +25,7 @@
       ./services/git
       ./services/ipfs
       ./services/jokes
+      ./services/nextcloud
       ./services/nfs
       ./services/mail
       ./services/matrix
diff --git a/secrets/nextcloud-adminpass.age b/secrets/nextcloud-adminpass.age
new file mode 100644
index 0000000000000000000000000000000000000000..c9a80c6a21c577161d3a25e9a3674a62e3ebcdbf
GIT binary patch
literal 630
zcmZ9_O>5I&003a|B190`FDNQ(Qe&DlZ<F`nplOrzGi{n|OX9_}O|m3w^PMK~rU%_n
z5Dy;2>%7QL-V_A!rXY&wWtRy9^)eJh1P_YWJ%8ZQEdw>?lQ8#V+nZnZLJLcA1YIpf
z(I#q42>@_d5(c0~)JrfPb*NkmiqSkFD5rvjvcPu6a7|onN_{w(H(@)1<#e{iA|t@H
zyvf)Kw=~Qiwb{Ho?~BYVYG++p04<#?t18fhObfi@8^8*=vM9-(IY_t$Ua7b;fk(d7
znN{=HU{g=zngJ&|dQl^t9t~L%87poqu|A2(b10fQu&0X2`)RqX;2^Hj9BnzmkZNZW
z**(5Zs~db$FC`s}js(pb!^F)gzuVyloi47qAOQjZTSZ<|6Jl+YTkZlWj~o1mZ?K6#
z742S+u`QE@Kp)EeSRq5DkL&fOPB}DLkpH)<=N!}u4LveS*ASL%de*pM^dd%7y1r&m
zSRe$7l$sTPIIdMg(^4DjP|eg<W|yr6(;wKwfK5BnL>4oqK=_ozDY6N>l0UT~L3G@<
z(32fe9Y~XGkhEh)U8^g71Vz!(M6bqCnh_4xif0}R=|EoOEFsWlLWILcG;HRKr}09C
zw~zw=m7RDee%}9jYvm`mcXX!m{?n;L^RD;d*%xx-ue^<&f2<uWy;-_&8|J$^aC@?M
z@!^e^H+Sg=_DSxJ`Dgj`(&1b8x&3<i-uK|!*&j#d!TziM>h~mkieCA6DO}GV-T(b$
K=lao$Y~>#?dEMdw

literal 0
HcmV?d00001

diff --git a/secrets/nextcloud-dbpass.age b/secrets/nextcloud-dbpass.age
new file mode 100644
index 0000000..ec5dd01
--- /dev/null
+++ b/secrets/nextcloud-dbpass.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 NO562A v+XDGMPzeE5olvFXKz7d74zzfk8pa5+LlfpZy/7Ga2g
+cA09Rc8f1zlc8qOIgIal8B3JOssjMZBZHIwrctMbkow
+-> ssh-ed25519 5/zT0w x8a+XLDGWkxpYu7HdgzDZADL66yBA3RIIxOmPlH281Y
+vbJOrd60jkjLc/UqWvlSB73atv4VleiO9PiymQJttEs
+-> ssh-ed25519 d3WGuA MZql6UkhVKdhO/f9CSFg43uKMxomP3UoE48mPUdEfyY
+s41KGPz7oEFZxmNfAGnZF40ap9oXPEp6BigSEhQhAuc
+-> TeXZ-grease % 5Y]W
+ci+D1OFwU36Tj40
+--- iSVW+fBmiuXLeI6KJblKNHe7ePF0jsKba+GShRotMaY
+н/›Мь/†§p'А±БLp•Дv&хЕЉХh›!ЁFҐЯ=¬”
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 6ce6a0c..a42f01c 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -11,6 +11,8 @@ in with hosts;
   "hydra-db-credentials.age".publicKeys = max ++ map systemKeys [ styx ];
   "hydra-s3.age".publicKeys = max ++ map systemKeys [ styx ];
   "matrix-appservice-discord-token.age".publicKeys = max ++ map systemKeys [ VEGAS ];
+  "nextcloud-adminpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
+  "nextcloud-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "oauth2_proxy-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "postfix-ldap-mailboxes.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "synapse-db.age".publicKeys = max ++ map systemKeys [ VEGAS ];