Added nextcloud module

2023-07-09 09:26:53 -07:00 · 2023-07-09 09:26:53 -07:00 · d6bf38b497
commit d6bf38b497
parent 89da451d18
5 changed files with 59 additions and 0 deletions
--- a/modules/services/adguardhome/default.nix
+++ b/modules/services/adguardhome/default.nix
@ -60,6 +60,8 @@ in {
    };

    networking.firewall = {
+      # TODO: Remove this here and leave it up to systems to decide to enable
+      # the firewall
      enable = true;
      allowedTCPPorts = [
        # Plain DNS
--- a/modules/services/nextcoud/default.nix
+++ b/modules/services/nextcoud/default.nix
@ -0,0 +1,46 @@
+{
+  options,
+  config,
+  lib,
+  pkgs,
+  format,
+  ...
+}:
+with lib; let
+  cfg = config.aa.services.nextcloud;
+in {
+  options.aa.services.nextcloud = with types; {
+    enable = mkEnableOption "nextcloud";
+  };
+
+  config = mkIf cfg.enable {
+    age.secrets.nextcloud_admin = {
+      file = ../../../secrets/nextcloud_admin.age;
+      owner = "nextcloud";
+      group = "nextcloud";
+    };
+
+    services.nextcloud = {
+      enable = true;
+      package = pkgs.nextcloud27;
+      hostName = "nextcloud.kilonull.com";
+      https = true;
+      database.createLocally = true;
+      # Arbitrary large size
+      maxUploadSize = "16G";
+      config = {
+        dbtype = "pgsql";
+        adminuser = "alejandro";
+        adminpassFile = config.age.secrets.nextcloud_admin.path;
+      };
+    };
+
+    # nextcloud module configures nginx, just need to specify SSL stuffs here
+    services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
+      forceSSL = true;
+      useACMEHost = "kilonull.com";
+    };
+
+    networking.firewall.allowedTCPPorts = [80 443];
+  };
+}
--- a/secrets/nextcloud_admin.age
+++ b/secrets/nextcloud_admin.age
@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 Yk7ehg jGTbLdX/9pfr1mMPZQMfutxjJx82h+fbLR7Aun7b31A
+pt/Mf1YRNF9PM5HWuz3dC24P9F6n190Nm7zVH/Rz48U
+-> piv-p256 UIEGzg A+roQyuPNOR0XX+rOn9sgtN7ja6j5h7v0zXQavvj91YH
+2uhjJwrcMjidT5MRaAL9fLtSGd6+Km4K8FOvQukyhSQ
+-> o-grease ~&WP )T+8
+I2ZtPacZkO2VeFhzPEkvZDdXFg
+--- tGKnzyOnnKkdQKcQxEBx0OltPyhndHDxnveNE07HUTg
+ª‹ÅœÉË¸*õŽ§¯ <ùÙ\ž´\J0ðÑWašB0u\§Åt¡ØãÞ°Š´m<C2B4>ÛptÕI<C395>=ûN<0C>ÇpŠ
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -5,4 +5,5 @@ let
  machines.node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETLBnc8kJokmFiA28BaSYpeE7flY1W0SM5C1pWv/tOv";
 in {
  "cf_dns_kilonull.age".publicKeys = [users.me machines.node];
+  "nextcloud_admin.age".publicKeys = [users.me machines.node];
 }
--- a/systems/x86_64-linux/node/default.nix
+++ b/systems/x86_64-linux/node/default.nix
@ -19,6 +19,7 @@
    };
    services.openssh.enable = true;
    services.adguardhome.enable = true;
+    services.nextcloud.enable = true;

    system.zfs.enable = true;
    system.monitoring.enable = true;