feat: add nextcloud module

2024-09-22 15:01:31 -04:00 · 2024-09-22 15:01:31 -04:00 · f78d27890f
commit f78d27890f
parent b4f42c62ce
5 changed files with 86 additions and 0 deletions
--- a/machines/nova/configuration.nix
+++ b/machines/nova/configuration.nix
@ -52,6 +52,7 @@
  programs.zsh.enable = true;
  my.services.mealie.enable = true;
  my.services.nextcloud.enable = true;
  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.michael = {
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@ -4,5 +4,6 @@
    ./homepage-dashboard
    ./homer
    ./mealie
    ./nextcloud
  ];
 }
--- a/modules/services/nextcloud/default.nix
+++ b/modules/services/nextcloud/default.nix
@ -0,0 +1,75 @@
 {
  pkgs,
  config,
  lib,
  ...
 }:
 with lib; let
  cfg = config.my.services.nextcloud;
 in {
  options.my.services.nextcloud = {
    enable = mkEnableOption "Nextcloud";
    port = mkOption {
      type = types.port;
      default = 9090;
      example = 8080;
      description = "HTTP port for the Nextcloud service.";
    };
  };
  config = mkIf cfg.enable {
    services.nextcloud = {
      enable = true;
      package = pkgs.nextcloud29;
      hostName = "cloud.thomasfmly.org";
      phpExtraExtensions = ext: with ext; [smbclient];
      database.createLocally = true;
      configureRedis = true;
      maxUploadSize = "16G";
      autoUpdateApps.enable = true;
      extraAppsEnable = true;
      # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
      extraApps = with config.services.nextcloud.package.packages.apps; {
        inherit calendar notes user_oidc;
      };
      config = {
        dbtype = "pgsql";
        adminuser = "michael";
        adminpassFile = config.age.secrets.nextcloudAdminpass.path;
      };
      settings = {
        # Proxy Settings
        overwriteprotocol = "https";
        trusted_proxies = ["192.168.1.10"];
        # Configuration Settings
        default_phone_region = "US";
        maintenance_window_start = 1;
      };
      phpOptions = {
        "opcache.interned_strings_buffer" = "23";
      };
    };
    age.secrets.nextcloudAdminpass = {
      file = ../../../secrets/nextcloud-adminpass.age;
      owner = "nextcloud";
      group = "nextcloud";
    };
    services.nginx.virtualHosts."${config.services.nextcloud.hostName}".listen = [
      {
        addr = "0.0.0.0";
        inherit (cfg) port;
      }
    ];
    networking.firewall.allowedTCPPorts = [cfg.port];
  };
 }
--- a/secrets/nextcloud-adminpass.age
+++ b/secrets/nextcloud-adminpass.age
@ -0,0 +1,5 @@
 age-encryption.org/v1
 -> ssh-ed25519 i7RvuQ u1hd5hpz806coGWHakeN1DWxlP4UVHjbGujV8ovBBT4
 ls2NRxp2+ZckbiVvMdmF7iy2nfDnTPYiDozuaZGXIX0
 --- j2NNFLVnUmZsSdCTLLtzCONlsT1qG7PyXuX0fZcTNJw
 ŠÊB<01>xe[ˆ0~¡^<5E>…£Rå¦ÑØlH·sÑ·I]ZìãD„j¤A5‹åáð_0ê
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -1,6 +1,7 @@
 let
  venus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKlbfu7ApeF0khvdzMSWfDaunI+5zy/BboN7qEE4jWd2 root@venus";
  oracle = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0vHE/b6tKk6I6DwEemIF5VdS/JBXW8eiYIBmnbv5LI root@oracle";
  nova = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHF7Ga+asH6tWbi0K49Arg3Ov5S+dLHWrT62MkPEJid root@nova";
  # systems = [system1];
 in {
  # Venus
@ -11,4 +12,7 @@ in {
  # Oracle
  "wireguard-oracle.age".publicKeys = [oracle];
  # Nova
  "nextcloud-adminpass.age".publicKeys = [nova];
 }