From 72483ad795da5b1f7fc673455c4d5c483b928b5d Mon Sep 17 00:00:00 2001 From: Victor Mignot Date: Thu, 11 Apr 2024 20:08:05 +0200 Subject: [PATCH] london: enable Nextcloud --- configurations/camelot/default.nix | 8 +++-- configurations/camelot/nextcloud.nix | 33 +++++++++++++++++++++ configurations/camelot/secrets/secrets.yaml | 7 +++-- 3 files changed, 43 insertions(+), 5 deletions(-) create mode 100644 configurations/camelot/nextcloud.nix diff --git a/configurations/camelot/default.nix b/configurations/camelot/default.nix index b9a63d5..d910203 100644 --- a/configurations/camelot/default.nix +++ b/configurations/camelot/default.nix @@ -29,6 +29,7 @@ imports = [ ./jellyfin.nix ./wireguard.nix + ./nextcloud.nix ]; swapDeviceUUID = "a7c628ab-c5cb-4094-89d0-19b153fbead4"; @@ -52,8 +53,11 @@ keyFile = "/var/lib/sops-nix/key.txt"; }; defaultSopsFile = ./secrets/secrets.yaml; - secrets.wg0_private = { }; - secrets.wg1_private = { }; + secrets = { + wg0_private = { }; + wg1_private = { }; + nextcloud_admin_pw = { }; + }; }; machineUsers = { diff --git a/configurations/camelot/nextcloud.nix b/configurations/camelot/nextcloud.nix new file mode 100644 index 0000000..c98ad6b --- /dev/null +++ b/configurations/camelot/nextcloud.nix @@ -0,0 +1,33 @@ +{ config, extraInfo, ... }: +{ + services.nginx.virtualHosts.${extraInfo.nextcloudURI} = { + enableACME = true; + forceSSL = true; + }; + + services.nextcloud = { + enable = true; + datadir = "/srv/nextcloud"; + https = true; + hostName = extraInfo.nextcloudURI; + + extraAppsEnable = true; + extraApps = {}; + + database.createLocally = true; + configureRedis = true; + + config = { + dbtype = "pgsql"; + + adminuser = "dala"; + adminpassFile = config.sops.secrets.nextcloud_admin_pw.path; + }; + + caching = { + redis = true; + memcached = true; + apcu = true; + }; + }; +} diff --git a/configurations/camelot/secrets/secrets.yaml b/configurations/camelot/secrets/secrets.yaml index e1d6a03..77d801e 100644 --- a/configurations/camelot/secrets/secrets.yaml +++ b/configurations/camelot/secrets/secrets.yaml @@ -1,5 +1,6 @@ wg0_private: ENC[AES256_GCM,data:nuHHAwi+l9BQ8oJupm+i47EbfFc62QZXDeATeE+23RAEq/grJ/bN6sTn/o4=,iv:hZQAvvcCe2DOTvM1mABB26PsEqw8jpQUNhGbBaK/l0I=,tag:9VMaJys4IzelbBdCDuiy0Q==,type:str] wg1_private: ENC[AES256_GCM,data:tpetT5qyude2G1hRt4lPONhJMSSdHt6V92yY/NhgeZRQkZZg9WIdHAMI2JM=,iv:78Sn0Thki4LkHBM37x618Oc3FjztYoXEzMSoRQGmnFk=,tag:RV9cYT1A68gBrPpwS0npIg==,type:str] +nextcloud_admin_pw: ENC[AES256_GCM,data:MKD4sEOfpvd0GWcA/CHcbV5/uLI=,iv:4WJ0S9OvumWZu4i5EYkX+b3OCODKc7IkUzWsd1GtngA=,tag:phIRRR8dTFwCGwUps3P7tQ==,type:str] sops: kms: [] gcp_kms: [] @@ -15,8 +16,8 @@ sops: b00xT3ZHWTJBNFlUbTUrRjlVV0FoM1UKtfWg4R4Y28r2w8MYp1B1yhFEOBT8rEkz P5qEP0p1i/zXlglaxxXTiQSuloG1Fwi2l5VGrhm6Hse07u3fEmS2VQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-23T20:36:26Z" - mac: ENC[AES256_GCM,data:eMjDz1U9qwSG1X08Ebng03vbQBUsQXrG5/NPrp6exNVVQ3+aHKLU7tTmWJjVVYGN90zxiZSr45ywfJmWi6SfWCtQL3oDsbnrdbwWtB4OXiIDsnXFIYtvSHXUZOazutSOaP8Xgc8jjjCht15QXZ4VWYz9Yh2rRvIBCG3sszlHFB4=,iv:qXt8kDHTSLda1IqAnzFHHdkGHiSESF0F1ZGjlO0GMMc=,tag:Bs4d7kQ3suzKVGJeYENHOA==,type:str] + lastmodified: "2024-04-11T18:31:57Z" + mac: ENC[AES256_GCM,data:6paQrkMjdjZ3/RUkQ7fa+FeK5/Byz3hTUeKUFzm3kx3iaFhV7D+J2DdKUED/H5c0aBXmL/RnFHSTnZ73tAWl80ALVHVtuwWKrhu/0pV4a9MCPKCiX4VB8cz60fZfaXZ/7198tcJI+Yl9zff+fzrRgBXNqi794giz7D7U76tza3Q=,iv:0xGn0z9Fm5eD2n2cXSlErPenfNpnAbxQf16cSG4HGCY=,tag:axMyKGIe76zAN7UB0GVH0w==,type:str] pgp: - created_at: "2023-12-10T17:24:42Z" enc: | @@ -31,4 +32,4 @@ sops: -----END PGP MESSAGE----- fp: 2763F2B50E63CE401A3EB9C040DE2FEE4D3C5E2C unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1