add nextcloud

2023-12-30 12:48:12 +00:00 · 2023-12-30 12:48:12 +00:00 · bea40ce69b
commit bea40ce69b
parent ba7db4a16f
4 changed files with 55 additions and 1 deletions
--- a/flake.nix
+++ b/flake.nix
@ -29,6 +29,7 @@
          ./modules/puffer.nix
          ./modules/gitea.nix
          ./modules/grafana.nix
+          ./modules/nextcloud.nix
          ./modules/prometheus.nix
          ./modules/letsencrypt.nix
          ./modules/fail2ban.nix
--- a/modules/nextcloud.nix
+++ b/modules/nextcloud.nix
@ -0,0 +1,37 @@
+{ pkgs, config, ...} :
+let
+  root_host = "grimmauld.de";
+  nextcloud_host = "cloud.${root_host}";
+  nextcloud_port = 8083;
+in {
+  security.acme.certs."${root_host}".extraDomainNames = [ nextcloud_host ];
+  age.secrets.nextcloud_admin_pass = {
+    file = ../secrets/nextcloud_admin_pass.age;
+    owner = "nextcloud";
+    group = "nextcloud";
+    mode = "0600";
+  };
+
+
+  services.nextcloud = {
+    enable = true;
+    https = true;
+    hostName = nextcloud_host;
+    package = pkgs.nextcloud28;
+#    extraApps = with config.services.nextcloud.package.packages.apps; [
+#      news contacts calendar tasks;
+#    ];
+    config = {
+      adminpassFile = config.age.secrets.nextcloud_admin_pass.path;
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    virtualHosts."${nextcloud_host}" = {
+      serverName = nextcloud_host;
+      forceSSL = true;
+      useACMEHost = root_host;
+    };
+  };
+}
--- a/secrets/nextcloud_admin_pass.age
+++ b/secrets/nextcloud_admin_pass.age
@ -0,0 +1,15 @@
+age-encryption.org/v1
+-> ssh-rsa jWbwAg
+Q/jX41H5vQpkJf7eEOKeRezpVFRM8NS4puvIrPXE/zUx4DTn38BpSbVuv+PUH/D1
+LPAplIAh8JmeXGE9V0LcVX3cvwQ/IwYZ6Iwu82yCBFOv4F4EjbFZsXRjva64m4lj
+Nr5vikahk3IVezsMqFn5f46/G5ZCRyPZSlOyojPZ4YA+mZq3g1PuL4Cd/296y0SI
+0xNeYG9F8gCEW1iAKKjX5QBLBx/HztgJrYm6MVEK0jRDe1LC1JBWa670smI3ALH5
+V1uQbPutsOkuyZw46Nbb9bBYLQLDoKoVmAetj6AIak9p7q4/vzWMEv1zgmHczAMC
+7T3zuQ1D2zjS+ePXXhof2ZpBT4yr/hfRtf0V7NhDokFZZOleJE9K3BLkQCVdUTA8
+ZSzX2MnZe4OXKXSh+8+KFD37AyR7P0G4eZF5rZJ2IIrdUz6/MFjheKUAQanfg8nm
+Uh4YWFu2wyVYy1OYeuSoAhzj8VpGiEa4E1WRA7Hb7AdK9t2JvIIOG5duAWw+qHXY
+leh5LKHeTdtEPqEY8QqdcUoEnU+q8DseXGrRJx16aPZgP1trjlDPRWNT9Ko8gIOn
+kLctSbJ3v/wv9hI9waEaWw93LCDG6E+MK5pD03f6vKcr6HQoqEMg8+eVzX+dCoa4
+AF6DiI1pXrYzjLztPLcUwb7Az/hPFrVrAZ6x7KUq2E4
+--- QKrzExwjVrJvMy+dzU0aQ1PCye2SwR4e5ZJXEN/yX6c
+˜vú4
Ás/ö¤R"y—RJˆC?oâ«O]«ä¬aHézêš…’âl››À(
y?¡šÀ™à /GM’
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -6,5 +6,6 @@ in
  # "duckdns_token.age".publicKeys = [ contabo_nix_pub ];
  "synapse_db_pass.age".publicKeys = [ contabo_nix_pub ];
  "synapse_db_pass_prepared.age".publicKeys = [ contabo_nix_pub ];
-  "grafana_admin_pass".publicKeys = [ contabo_nix_pub ];
+  "grafana_admin_pass.age".publicKeys = [ contabo_nix_pub ];
+  "nextcloud_admin_pass.age".publicKeys = [ contabo_nix_pub ];
 }