From bea40ce69b2790efff19997e2a742a7d596d642e Mon Sep 17 00:00:00 2001 From: Grimmauld Date: Sat, 30 Dec 2023 12:48:12 +0000 Subject: [PATCH] add nextcloud --- flake.nix | 1 + modules/nextcloud.nix | 37 ++++++++++++++++++++++++++++++++ secrets/nextcloud_admin_pass.age | 15 +++++++++++++ secrets/secrets.nix | 3 ++- 4 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 modules/nextcloud.nix create mode 100644 secrets/nextcloud_admin_pass.age diff --git a/flake.nix b/flake.nix index 12aaf52..a89ff2a 100644 --- a/flake.nix +++ b/flake.nix @@ -29,6 +29,7 @@ ./modules/puffer.nix ./modules/gitea.nix ./modules/grafana.nix + ./modules/nextcloud.nix ./modules/prometheus.nix ./modules/letsencrypt.nix ./modules/fail2ban.nix diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix new file mode 100644 index 0000000..20de2b0 --- /dev/null +++ b/modules/nextcloud.nix @@ -0,0 +1,37 @@ +{ pkgs, config, ...} : +let + root_host = "grimmauld.de"; + nextcloud_host = "cloud.${root_host}"; + nextcloud_port = 8083; +in { + security.acme.certs."${root_host}".extraDomainNames = [ nextcloud_host ]; + age.secrets.nextcloud_admin_pass = { + file = ../secrets/nextcloud_admin_pass.age; + owner = "nextcloud"; + group = "nextcloud"; + mode = "0600"; + }; + + + services.nextcloud = { + enable = true; + https = true; + hostName = nextcloud_host; + package = pkgs.nextcloud28; +# extraApps = with config.services.nextcloud.package.packages.apps; [ +# news contacts calendar tasks; +# ]; + config = { + adminpassFile = config.age.secrets.nextcloud_admin_pass.path; + }; + }; + + services.nginx = { + enable = true; + virtualHosts."${nextcloud_host}" = { + serverName = nextcloud_host; + forceSSL = true; + useACMEHost = root_host; + }; + }; +} diff --git a/secrets/nextcloud_admin_pass.age b/secrets/nextcloud_admin_pass.age new file mode 100644 index 0000000..32c2eaa --- /dev/null +++ b/secrets/nextcloud_admin_pass.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> ssh-rsa jWbwAg +Q/jX41H5vQpkJf7eEOKeRezpVFRM8NS4puvIrPXE/zUx4DTn38BpSbVuv+PUH/D1 +LPAplIAh8JmeXGE9V0LcVX3cvwQ/IwYZ6Iwu82yCBFOv4F4EjbFZsXRjva64m4lj +Nr5vikahk3IVezsMqFn5f46/G5ZCRyPZSlOyojPZ4YA+mZq3g1PuL4Cd/296y0SI +0xNeYG9F8gCEW1iAKKjX5QBLBx/HztgJrYm6MVEK0jRDe1LC1JBWa670smI3ALH5 +V1uQbPutsOkuyZw46Nbb9bBYLQLDoKoVmAetj6AIak9p7q4/vzWMEv1zgmHczAMC +7T3zuQ1D2zjS+ePXXhof2ZpBT4yr/hfRtf0V7NhDokFZZOleJE9K3BLkQCVdUTA8 +ZSzX2MnZe4OXKXSh+8+KFD37AyR7P0G4eZF5rZJ2IIrdUz6/MFjheKUAQanfg8nm +Uh4YWFu2wyVYy1OYeuSoAhzj8VpGiEa4E1WRA7Hb7AdK9t2JvIIOG5duAWw+qHXY +leh5LKHeTdtEPqEY8QqdcUoEnU+q8DseXGrRJx16aPZgP1trjlDPRWNT9Ko8gIOn +kLctSbJ3v/wv9hI9waEaWw93LCDG6E+MK5pD03f6vKcr6HQoqEMg8+eVzX+dCoa4 +AF6DiI1pXrYzjLztPLcUwb7Az/hPFrVrAZ6x7KUq2E4 +--- QKrzExwjVrJvMy+dzU0aQ1PCye2SwR4e5ZJXEN/yX6c +˜vú4 Ás/ö¤R"y—RJˆ C?oâ«O]«ä¬aHézêš…’âl››À( y?¡šÀ™à /GM’ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index ac73041..caaead7 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -6,5 +6,6 @@ in # "duckdns_token.age".publicKeys = [ contabo_nix_pub ]; "synapse_db_pass.age".publicKeys = [ contabo_nix_pub ]; "synapse_db_pass_prepared.age".publicKeys = [ contabo_nix_pub ]; - "grafana_admin_pass".publicKeys = [ contabo_nix_pub ]; + "grafana_admin_pass.age".publicKeys = [ contabo_nix_pub ]; + "nextcloud_admin_pass.age".publicKeys = [ contabo_nix_pub ]; }