diff --git a/machines/nova/configuration.nix b/machines/nova/configuration.nix index 58a671e..d7286b7 100644 --- a/machines/nova/configuration.nix +++ b/machines/nova/configuration.nix @@ -52,6 +52,7 @@ programs.zsh.enable = true; my.services.mealie.enable = true; + my.services.nextcloud.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.michael = { diff --git a/modules/services/default.nix b/modules/services/default.nix index 10b9941..80f34bf 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -4,5 +4,6 @@ ./homepage-dashboard ./homer ./mealie + ./nextcloud ]; } diff --git a/modules/services/nextcloud/default.nix b/modules/services/nextcloud/default.nix new file mode 100644 index 0000000..66526d3 --- /dev/null +++ b/modules/services/nextcloud/default.nix @@ -0,0 +1,75 @@ +{ + pkgs, + config, + lib, + ... +}: +with lib; let + cfg = config.my.services.nextcloud; +in { + options.my.services.nextcloud = { + enable = mkEnableOption "Nextcloud"; + port = mkOption { + type = types.port; + default = 9090; + example = 8080; + description = "HTTP port for the Nextcloud service."; + }; + }; + + config = mkIf cfg.enable { + services.nextcloud = { + enable = true; + package = pkgs.nextcloud29; + hostName = "cloud.thomasfmly.org"; + phpExtraExtensions = ext: with ext; [smbclient]; + + database.createLocally = true; + configureRedis = true; + + maxUploadSize = "16G"; + + autoUpdateApps.enable = true; + extraAppsEnable = true; + # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json + extraApps = with config.services.nextcloud.package.packages.apps; { + inherit calendar notes user_oidc; + }; + + config = { + dbtype = "pgsql"; + adminuser = "michael"; + adminpassFile = config.age.secrets.nextcloudAdminpass.path; + }; + + settings = { + # Proxy Settings + overwriteprotocol = "https"; + trusted_proxies = ["192.168.1.10"]; + + # Configuration Settings + default_phone_region = "US"; + maintenance_window_start = 1; + }; + + phpOptions = { + "opcache.interned_strings_buffer" = "23"; + }; + }; + + age.secrets.nextcloudAdminpass = { + file = ../../../secrets/nextcloud-adminpass.age; + owner = "nextcloud"; + group = "nextcloud"; + }; + + services.nginx.virtualHosts."${config.services.nextcloud.hostName}".listen = [ + { + addr = "0.0.0.0"; + inherit (cfg) port; + } + ]; + + networking.firewall.allowedTCPPorts = [cfg.port]; + }; +} diff --git a/secrets/nextcloud-adminpass.age b/secrets/nextcloud-adminpass.age new file mode 100644 index 0000000..8b08cd4 --- /dev/null +++ b/secrets/nextcloud-adminpass.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 i7RvuQ u1hd5hpz806coGWHakeN1DWxlP4UVHjbGujV8ovBBT4 +ls2NRxp2+ZckbiVvMdmF7iy2nfDnTPYiDozuaZGXIX0 +--- j2NNFLVnUmZsSdCTLLtzCONlsT1qG7PyXuX0fZcTNJw +Bxe[0~^RlHsѷI]ZDjA5_0 \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index b441023..021624a 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,6 +1,7 @@ let venus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKlbfu7ApeF0khvdzMSWfDaunI+5zy/BboN7qEE4jWd2 root@venus"; oracle = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0vHE/b6tKk6I6DwEemIF5VdS/JBXW8eiYIBmnbv5LI root@oracle"; + nova = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHF7Ga+asH6tWbi0K49Arg3Ov5S+dLHWrT62MkPEJid root@nova"; # systems = [system1]; in { # Venus @@ -11,4 +12,7 @@ in { # Oracle "wireguard-oracle.age".publicKeys = [oracle]; + + # Nova + "nextcloud-adminpass.age".publicKeys = [nova]; }