VEGAS: add Nextcloud service

2021-10-16 20:23:55 +02:00 · 2021-10-16 20:23:55 +02:00 · b22174e512
commit b22174e512
parent bdf1153359
5 changed files with 66 additions and 0 deletions
--- a/hosts/VEGAS/services/nextcloud/default.nix
+++ b/hosts/VEGAS/services/nextcloud/default.nix
@ -0,0 +1,52 @@
 { config, lib, pkgs, tools, ... }:
 {
  age.secrets = {
    nextcloud-adminpass = {
      file = ../../../../secrets/nextcloud-adminpass.age;
      owner = "nextcloud";
      group = "nextcloud";
      mode = "0400";
    };
    nextcloud-dbpass = {
      file = ../../../../secrets/nextcloud-dbpass.age;
      owner = "nextcloud";
      group = "nextcloud";
      mode = "0400";
    };
  };
  services.nextcloud = {
    package = pkgs.nextcloud22;
    enable = true;
    https = true;
    hostName = "storage.${tools.meta.domain}";
    home = "/srv/storage/www-app/nextcloud";
    maxUploadSize = "4G";
    enableImagemagick = true;
    caching = with lib; flip genAttrs (_: true) [
      "apcu" "redis"
    ];
    autoUpdateApps = {
      enable = true;
      startAt = "02:00";
    };
    config = {
      dbhost = "/run/postgresql";
      dbtype = "pgsql";
      dbname = "storage";
      dbuser = "storage";
      dbpassFile = config.age.secrets.nextcloud-adminpass.path;
      overwriteProtocol = "https";
      adminuser = "sa";
      adminpassFile = config.age.secrets.nextcloud-dbpass.path;
    };
  };
  services.nginx.virtualHosts."${config.services.nextcloud.hostName}" = {
    addSSL = true;
    enableACME = true;
  };
  systemd.services.phpfpm-nextcloud.aliases = [ "nextcloud.service" ];
 }
--- a/hosts/VEGAS/system.nix
+++ b/hosts/VEGAS/system.nix
@ -25,6 +25,7 @@
      ./services/git
      ./services/ipfs
      ./services/jokes
      ./services/nextcloud
      ./services/nfs
      ./services/mail
      ./services/matrix
--- a/secrets/nextcloud-adminpass.age
+++ b/secrets/nextcloud-adminpass.age
--- a/secrets/nextcloud-dbpass.age
+++ b/secrets/nextcloud-dbpass.age
@ -0,0 +1,11 @@
 age-encryption.org/v1
 -> ssh-ed25519 NO562A v+XDGMPzeE5olvFXKz7d74zzfk8pa5+LlfpZy/7Ga2g
 cA09Rc8f1zlc8qOIgIal8B3JOssjMZBZHIwrctMbkow
 -> ssh-ed25519 5/zT0w x8a+XLDGWkxpYu7HdgzDZADL66yBA3RIIxOmPlH281Y
 vbJOrd60jkjLc/UqWvlSB73atv4VleiO9PiymQJttEs
 -> ssh-ed25519 d3WGuA MZql6UkhVKdhO/f9CSFg43uKMxomP3UoE48mPUdEfyY
 s41KGPz7oEFZxmNfAGnZF40ap9oXPEp6BigSEhQhAuc
 -> TeXZ-grease % 5Y]W
 ci+D1OFwU36Tj40
 --- iSVW+fBmiuXLeI6KJblKNHe7ePF0jsKba+GShRotMaY
 í/›Ìü/†§p'À±ÁLp•Äv&õÅŠÕh›!¨F¥ß=¬”
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -11,6 +11,8 @@ in with hosts;
  "hydra-db-credentials.age".publicKeys = max ++ map systemKeys [ styx ];
  "hydra-s3.age".publicKeys = max ++ map systemKeys [ styx ];
  "matrix-appservice-discord-token.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "nextcloud-adminpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "nextcloud-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "oauth2_proxy-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "postfix-ldap-mailboxes.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "synapse-db.age".publicKeys = max ++ map systemKeys [ VEGAS ];