Added nextcloud module

2023-07-09 09:26:53 -07:00 · 2023-07-09 09:26:53 -07:00 · d6bf38b497
parent 89da451d18
commit d6bf38b497
5 changed files with 59 additions and 0 deletions
--- a/modules/services/adguardhome/default.nix
+++ b/modules/services/adguardhome/default.nix
@ -60,6 +60,8 @@ in {
    };
    networking.firewall = {
      # TODO: Remove this here and leave it up to systems to decide to enable
      # the firewall
      enable = true;
      allowedTCPPorts = [
        # Plain DNS
--- a/modules/services/nextcoud/default.nix
+++ b/modules/services/nextcoud/default.nix
@ -0,0 +1,46 @@
 {
  options,
  config,
  lib,
  pkgs,
  format,
  ...
 }:
 with lib; let
  cfg = config.aa.services.nextcloud;
 in {
  options.aa.services.nextcloud = with types; {
    enable = mkEnableOption "nextcloud";
  };
  config = mkIf cfg.enable {
    age.secrets.nextcloud_admin = {
      file = ../../../secrets/nextcloud_admin.age;
      owner = "nextcloud";
      group = "nextcloud";
    };
    services.nextcloud = {
      enable = true;
      package = pkgs.nextcloud27;
      hostName = "nextcloud.kilonull.com";
      https = true;
      database.createLocally = true;
      # Arbitrary large size
      maxUploadSize = "16G";
      config = {
        dbtype = "pgsql";
        adminuser = "alejandro";
        adminpassFile = config.age.secrets.nextcloud_admin.path;
      };
    };
    # nextcloud module configures nginx, just need to specify SSL stuffs here
    services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
      forceSSL = true;
      useACMEHost = "kilonull.com";
    };
    networking.firewall.allowedTCPPorts = [80 443];
  };
 }
--- a/secrets/nextcloud_admin.age
+++ b/secrets/nextcloud_admin.age
@ -0,0 +1,9 @@
 age-encryption.org/v1
 -> ssh-ed25519 Yk7ehg jGTbLdX/9pfr1mMPZQMfutxjJx82h+fbLR7Aun7b31A
 pt/Mf1YRNF9PM5HWuz3dC24P9F6n190Nm7zVH/Rz48U
 -> piv-p256 UIEGzg A+roQyuPNOR0XX+rOn9sgtN7ja6j5h7v0zXQavvj91YH
 2uhjJwrcMjidT5MRaAL9fLtSGd6+Km4K8FOvQukyhSQ
 -> o-grease ~&WP )T+8
 I2ZtPacZkO2VeFhzPEkvZDdXFg
 --- tGKnzyOnnKkdQKcQxEBx0OltPyhndHDxnveNE07HUTg
 ª‹ÅœÉË¸*õŽ§¯ <ùÙ\ž´\J0ðÑWašB0u\§Åt¡ØãÞ°Š´m<C2B4>ÛptÕI<C395>=ûN<0C>ÇpŠ
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -5,4 +5,5 @@ let
  machines.node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETLBnc8kJokmFiA28BaSYpeE7flY1W0SM5C1pWv/tOv";
 in {
  "cf_dns_kilonull.age".publicKeys = [users.me machines.node];
  "nextcloud_admin.age".publicKeys = [users.me machines.node];
 }
--- a/systems/x86_64-linux/node/default.nix
+++ b/systems/x86_64-linux/node/default.nix
@ -19,6 +19,7 @@
    };
    services.openssh.enable = true;
    services.adguardhome.enable = true;
    services.nextcloud.enable = true;
    system.zfs.enable = true;
    system.monitoring.enable = true;