feat: add nextcloud module

2024-09-22 15:01:31 -04:00 · 2024-09-22 15:01:31 -04:00 · f78d27890f
commit f78d27890f
parent b4f42c62ce
5 changed files with 86 additions and 0 deletions
--- a/machines/nova/configuration.nix
+++ b/machines/nova/configuration.nix
@ -52,6 +52,7 @@
  programs.zsh.enable = true;

  my.services.mealie.enable = true;
+  my.services.nextcloud.enable = true;

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.michael = {
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@ -4,5 +4,6 @@
    ./homepage-dashboard
    ./homer
    ./mealie
+    ./nextcloud
  ];
 }
--- a/modules/services/nextcloud/default.nix
+++ b/modules/services/nextcloud/default.nix
@ -0,0 +1,75 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.my.services.nextcloud;
+in {
+  options.my.services.nextcloud = {
+    enable = mkEnableOption "Nextcloud";
+    port = mkOption {
+      type = types.port;
+      default = 9090;
+      example = 8080;
+      description = "HTTP port for the Nextcloud service.";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.nextcloud = {
+      enable = true;
+      package = pkgs.nextcloud29;
+      hostName = "cloud.thomasfmly.org";
+      phpExtraExtensions = ext: with ext; [smbclient];
+
+      database.createLocally = true;
+      configureRedis = true;
+
+      maxUploadSize = "16G";
+
+      autoUpdateApps.enable = true;
+      extraAppsEnable = true;
+      # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
+      extraApps = with config.services.nextcloud.package.packages.apps; {
+        inherit calendar notes user_oidc;
+      };
+
+      config = {
+        dbtype = "pgsql";
+        adminuser = "michael";
+        adminpassFile = config.age.secrets.nextcloudAdminpass.path;
+      };
+
+      settings = {
+        # Proxy Settings
+        overwriteprotocol = "https";
+        trusted_proxies = ["192.168.1.10"];
+
+        # Configuration Settings
+        default_phone_region = "US";
+        maintenance_window_start = 1;
+      };
+
+      phpOptions = {
+        "opcache.interned_strings_buffer" = "23";
+      };
+    };
+
+    age.secrets.nextcloudAdminpass = {
+      file = ../../../secrets/nextcloud-adminpass.age;
+      owner = "nextcloud";
+      group = "nextcloud";
+    };
+
+    services.nginx.virtualHosts."${config.services.nextcloud.hostName}".listen = [
+      {
+        addr = "0.0.0.0";
+        inherit (cfg) port;
+      }
+    ];
+
+    networking.firewall.allowedTCPPorts = [cfg.port];
+  };
+}
--- a/secrets/nextcloud-adminpass.age
+++ b/secrets/nextcloud-adminpass.age
@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 i7RvuQ u1hd5hpz806coGWHakeN1DWxlP4UVHjbGujV8ovBBT4
+ls2NRxp2+ZckbiVvMdmF7iy2nfDnTPYiDozuaZGXIX0
+--- j2NNFLVnUmZsSdCTLLtzCONlsT1qG7PyXuX0fZcTNJw
+ŠÊB<01>xe[ˆ0~¡^<5E>…£Rå¦ÑØlH·sÑ·I]ZìãD„j¤A5‹åáð_0ê
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -1,6 +1,7 @@
 let
  venus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKlbfu7ApeF0khvdzMSWfDaunI+5zy/BboN7qEE4jWd2 root@venus";
  oracle = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0vHE/b6tKk6I6DwEemIF5VdS/JBXW8eiYIBmnbv5LI root@oracle";
+  nova = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHF7Ga+asH6tWbi0K49Arg3Ov5S+dLHWrT62MkPEJid root@nova";
  # systems = [system1];
 in {
  # Venus
@ -11,4 +12,7 @@ in {

  # Oracle
  "wireguard-oracle.age".publicKeys = [oracle];
+
+  # Nova
+  "nextcloud-adminpass.age".publicKeys = [nova];
 }