Merge pull request #7 from fsr/nextcloud

2022-11-18 17:41:42 +01:00 · 2022-11-18 17:41:42 +01:00 · 5f5f06dbdb
commit 5f5f06dbdb
parent 99c4986f03 970f1180cc
6 changed files with 84 additions and 16 deletions
--- a/modules/hedgedoc.nix
+++ b/modules/hedgedoc.nix
@ -19,7 +19,7 @@ in

    hedgedoc = {
      enable = true;
-      configuration = {
+      settings = {
        port = 3002;
        domain = "${domain}";
        protocolUseSSL = true;
@ -44,7 +44,7 @@ in
          enableACME = true;
          forceSSL = true;
          locations."/" = {
-            proxyPass = "http://127.0.0.1:${toString config.services.hedgedoc.configuration.port}";
+            proxyPass = "http://127.0.0.1:${toString config.services.hedgedoc.settings.port}";
            proxyWebsockets = true;
          };
        };
--- a/modules/nextcloud.nix
+++ b/modules/nextcloud.nix
@ -0,0 +1,67 @@
+{ config, pkgs, lib, ... }:
+let
+  domain = "nc.quitte.fugi.dev";
+in
+{
+  sops.secrets = {
+    postgres_nextcloud = {
+      owner = "nextcloud";
+      group = "nextcloud";
+    };
+    nextcloud_adminpass = {
+      owner = "nextcloud";
+      group = "nextcloud";
+    };
+  };
+
+  services = {
+    postgresql = {
+      enable = true;
+      ensureUsers = [
+        {
+          name = "nextcloud";
+          ensurePermissions = {
+            "DATABASE nextcloud" = "ALL PRIVILEGES";
+          };
+        }
+      ];
+      ensureDatabases = [ "nextcloud" ];
+    };
+
+    nextcloud = {
+      enable = true;
+      package = pkgs.nextcloud25; # Use current latest nextcloud package
+      hostName = "${domain}";
+      https = true; # Use https for all urls
+      phpExtraExtensions = all: [
+        all.ldap # Enable ldap php extension
+      ];
+      config = {
+        dbtype = "pgsql";
+        dbuser = "nextcloud";
+        dbhost = "/run/postgresql";
+        dbname = "nextcloud";
+        dbpassFile = config.sops.secrets.postgres_nextcloud.path;
+        adminpassFile = config.sops.secrets.nextcloud_adminpass.path;
+        adminuser = "root";
+      };
+    };
+
+    # Enable ACME and force SSL
+    nginx = {
+      recommendedProxySettings = true;
+      virtualHosts = {
+        "${domain}" = {
+          enableACME = true;
+          forceSSL = true;
+        };
+      };
+    };
+  };
+
+  # ensure that postgres is running *before* running the setup
+  systemd.services."nextcloud-setup" = {
+    requires = ["postgresql.service"];
+    after = ["postgresql.service"];
+  };
+}