Nextcloud #7

Merged
fugidev merged 3 commits from nextcloud into main 2022-11-18 17:41:42 +01:00
6 changed files with 84 additions and 16 deletions

View file

@ -87,18 +87,16 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1662496411, "lastModified": 1668650906,
"narHash": "sha256-BLzFzRQewnmzdCrcOv2f+IYQI9iY25MXBmJWHoxWynY=", "narHash": "sha256-JuiYfDO23O8oxUUOmhQflmOoJovyC5G4RjcYQMQjrRE=",
"owner": "revol-xut", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6d2d09e50ba9d12b80ed1c3be844f1d120e02682", "rev": "3a86856a13c88c8c64ea32082a851fefc79aa700",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "revol-xut", "id": "nixpkgs",
"ref": "nixos-22.05", "type": "indirect"
"repo": "nixpkgs",
"type": "github"
} }
}, },
"root": { "root": {

View file

@ -1,7 +1,5 @@
{ {
inputs = { inputs = {
nixpkgs.url = github:revol-xut/nixpkgs/nixos-22.05;
#nixpkgs.url = github:revol-xut/nixpkgs/master;
sops-nix.url = github:Mic92/sops-nix; sops-nix.url = github:Mic92/sops-nix;
sops-nix.inputs.nixpkgs.follows = "nixpkgs"; sops-nix.inputs.nixpkgs.follows = "nixpkgs";
fsr-infoscreen.url = github:fsr/infoscreen; fsr-infoscreen.url = github:fsr/infoscreen;
@ -64,6 +62,7 @@
./modules/hedgedoc.nix ./modules/hedgedoc.nix
./modules/wiki.nix ./modules/wiki.nix
./modules/stream.nix ./modules/stream.nix
./modules/nextcloud.nix
{ {
sops.defaultSopsFile = ./secrets/quitte.yaml; sops.defaultSopsFile = ./secrets/quitte.yaml;
} }

View file

@ -19,7 +19,7 @@ in
hedgedoc = { hedgedoc = {
enable = true; enable = true;
configuration = { settings = {
port = 3002; port = 3002;
domain = "${domain}"; domain = "${domain}";
protocolUseSSL = true; protocolUseSSL = true;
@ -44,7 +44,7 @@ in
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.hedgedoc.configuration.port}"; proxyPass = "http://127.0.0.1:${toString config.services.hedgedoc.settings.port}";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };

67
modules/nextcloud.nix Normal file
View file

@ -0,0 +1,67 @@
{ config, pkgs, lib, ... }:
let
domain = "nc.quitte.fugi.dev";
in
{
sops.secrets = {
postgres_nextcloud = {
owner = "nextcloud";
group = "nextcloud";
};
nextcloud_adminpass = {
owner = "nextcloud";
group = "nextcloud";
};
};
services = {
postgresql = {
enable = true;
ensureUsers = [
{
name = "nextcloud";
ensurePermissions = {
"DATABASE nextcloud" = "ALL PRIVILEGES";
};
}
];
ensureDatabases = [ "nextcloud" ];
};
nextcloud = {
enable = true;
package = pkgs.nextcloud25; # Use current latest nextcloud package
hostName = "${domain}";
https = true; # Use https for all urls
phpExtraExtensions = all: [
all.ldap # Enable ldap php extension
];
config = {
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql";
dbname = "nextcloud";
dbpassFile = config.sops.secrets.postgres_nextcloud.path;
adminpassFile = config.sops.secrets.nextcloud_adminpass.path;
adminuser = "root";
};
};
# Enable ACME and force SSL
nginx = {
recommendedProxySettings = true;
virtualHosts = {
"${domain}" = {
enableACME = true;
forceSSL = true;
};
};
};
};
# ensure that postgres is running *before* running the setup
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
}

View file

@ -1,5 +1,7 @@
postgres_keycloak: ENC[AES256_GCM,data:Vi0NLjpYDvFGIYYL/VPdgOqAS51KXQynBFlBjK64elU=,iv:JY65V7b8zWSX4aNEK5pD7iyxnqIr8jexcG3pIBNbmvg=,tag:auDyPClH1VbWbFoWWK5E9w==,type:str] postgres_keycloak: ENC[AES256_GCM,data:Vi0NLjpYDvFGIYYL/VPdgOqAS51KXQynBFlBjK64elU=,iv:JY65V7b8zWSX4aNEK5pD7iyxnqIr8jexcG3pIBNbmvg=,tag:auDyPClH1VbWbFoWWK5E9w==,type:str]
postgres_hedgedoc: ENC[AES256_GCM,data:VCoWXZbNGWfmorTNZRFWkDUp0B5JMmsA+bJFVrUREj0=,iv:fnSs3FOgmFn5/BqKTODpwIq023ZRMF8s/JiDyf2ZqkE=,tag:oit5sHf6QffhYYi/WJk5SQ==,type:str] postgres_hedgedoc: ENC[AES256_GCM,data:VCoWXZbNGWfmorTNZRFWkDUp0B5JMmsA+bJFVrUREj0=,iv:fnSs3FOgmFn5/BqKTODpwIq023ZRMF8s/JiDyf2ZqkE=,tag:oit5sHf6QffhYYi/WJk5SQ==,type:str]
postgres_nextcloud: ENC[AES256_GCM,data:Lv0Ld3sf+hoUE2qrsf9qGSYf5aVLqm5GIbK2hEoR5Uc=,iv:/4hqMV42J37byJgZZGhMqsHNtutikcXhun2uk2HhsHY=,tag:+L4scIHq2nopBlr64KJgjA==,type:str]
nextcloud_adminpass: ENC[AES256_GCM,data:EMvcFOGJz45P4nvJ5Yy4SziWa2pUWBqt4ZZdde6wegk=,iv:tG9bhB7HPprZMnfV/uC/v7fqmjQd5d4Oj5avOtK2/0A=,tag:8jBDpnahwQsXsD2Ivf6jDw==,type:str]
hedgedoc_session_secret: ENC[AES256_GCM,data:uz7KggZqeZ2eqiCnOcnYh2I1p5BBXTQbC8PUhB2kM2U=,iv:aJDHKCPkccCT/OF6AGZMfRESNmoV9muGHbuCUfLQhH8=,tag:uEVXylpE8MSebqRr+4mQOw==,type:str] hedgedoc_session_secret: ENC[AES256_GCM,data:uz7KggZqeZ2eqiCnOcnYh2I1p5BBXTQbC8PUhB2kM2U=,iv:aJDHKCPkccCT/OF6AGZMfRESNmoV9muGHbuCUfLQhH8=,tag:uEVXylpE8MSebqRr+4mQOw==,type:str]
wg-seckey: ENC[AES256_GCM,data:NHk6E5uu3CshC/0//LoGk6iCGKWbx49wVVkjoMqF19gc7MhdHAn9aJD+0Zc=,iv:N3PuU7+QSW9aD0ZhTI7CmMI3drLIzO7XaW3mgEDp/sk=,tag:fxH4eRIboy9O15oul7JOTw==,type:str] wg-seckey: ENC[AES256_GCM,data:NHk6E5uu3CshC/0//LoGk6iCGKWbx49wVVkjoMqF19gc7MhdHAn9aJD+0Zc=,iv:N3PuU7+QSW9aD0ZhTI7CmMI3drLIzO7XaW3mgEDp/sk=,tag:fxH4eRIboy9O15oul7JOTw==,type:str]
mediawiki: mediawiki:
@ -21,8 +23,8 @@ sops:
N3R3emp1d0Z1OEZIU082Q2VXWHRLSVkKkw6L/Zm17zP6Ej0KCASv1uSibzDCG2Zp N3R3emp1d0Z1OEZIU082Q2VXWHRLSVkKkw6L/Zm17zP6Ej0KCASv1uSibzDCG2Zp
22lr2Kw6qIgQn1zO8wEpgHMfiJMImMgon/EWpozz/De0C/xOWgYprg== 22lr2Kw6qIgQn1zO8wEpgHMfiJMImMgon/EWpozz/De0C/xOWgYprg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2022-10-01T12:32:58Z" lastmodified: "2022-11-18T15:28:28Z"
mac: ENC[AES256_GCM,data:s0Fj8NhTEer1evxhlXU1sAuzZjHvw+tHFJdwRCrzc5ux/JQUjGGVzEH3fbdIX41PXEhKVi64J3EJCmLfPhXOrY7idGtEyzDOfny+mswbdo6tfAn/P+G+uNw96qXh3Msq+SwDnzWuhjPYfoXX9Ku5m9rYS/qodq+huKrxV6pfu8Q=,iv:0YBxmSC5CiPO2xk65sKP8+itp3xTjQRq0t845XFpGF0=,tag:F58Iz3cteXRNpj+Jtnnoqw==,type:str] mac: ENC[AES256_GCM,data:+o08gLLG3tz9uheJOMeKWtdvcRjgdcpOFUjSW3sHdFWC/FM5dcwDgBAtTO3/pPB6+e//SfpZgIWq1EASpgChPmE61K0U1lnYK/5gBY1QMDZ9tLgl8VjQ1ShVSeTL/dLWopBEVeDT0cR8jhJ+MIaVTEzMLK8I2qn/LaZqEktMPSg=,iv:N5TPSuijpULToU4EoZ7P6bL0sMZ1Jfu10Jxmnpzh4Ec=,tag:UIHIM+CMNS70ivKtEzbR3w==,type:str]
pgp: pgp:
- created_at: "2022-11-18T15:05:14Z" - created_at: "2022-11-18T15:05:14Z"
enc: | enc: |

View file

@ -1,5 +1,7 @@
postgres_keycloak: ENC[AES256_GCM,data:dHuqrGcrJUE5GZhhWG5a4Ko=,iv:bvbyDXhkovtX5BQKw36WTGyUl3KR0Df2fB5qmMWbqqU=,tag:95XJCjKJjrITsHXK8ABF6A==,type:str] postgres_keycloak: ENC[AES256_GCM,data:dHuqrGcrJUE5GZhhWG5a4Ko=,iv:bvbyDXhkovtX5BQKw36WTGyUl3KR0Df2fB5qmMWbqqU=,tag:95XJCjKJjrITsHXK8ABF6A==,type:str]
postgres_hedgedoc: ENC[AES256_GCM,data:XWbf3F1b00RBFS9NXytzVkQ=,iv:dTbRUncYKsqOh0y0MTEJCpPcwfvROkIiO8v9OxZiHPU=,tag:YUxAkmbYKbGdGbIMS/8mOw==,type:str] postgres_hedgedoc: ENC[AES256_GCM,data:XWbf3F1b00RBFS9NXytzVkQ=,iv:dTbRUncYKsqOh0y0MTEJCpPcwfvROkIiO8v9OxZiHPU=,tag:YUxAkmbYKbGdGbIMS/8mOw==,type:str]
postgres_nextcloud: ENC[AES256_GCM,data:ySjpkMh1/6JuU2JwjlJcXh0D,iv:7CWZPjX7NZt4v1V3vbm42Iw7glz5/9F4TK9GUqTNsl8=,tag:701TSuhzyR4AnDHB4bG48Q==,type:str]
nextcloud_adminpass: ENC[AES256_GCM,data:G3FcJIAl0HmpCu4JAXQOZPmWCg==,iv:Bgk7j3EfD9a73hDe93hpzH2uZUcssgVPMxr3nEWvUvQ=,tag:ngBZEBSQHBlWr62dcQdvHA==,type:str]
hedgedoc_session_secret: ENC[AES256_GCM,data:wi2hWcIAU2u2t0hJkSUBI5pp2T29V/M=,iv:Iph099lne6cH6V1gnobcGZl/mfJZiw1bFJMdSTiVsxE=,tag:xGI+S3Uygzmdnmd0l1kCaQ==,type:str] hedgedoc_session_secret: ENC[AES256_GCM,data:wi2hWcIAU2u2t0hJkSUBI5pp2T29V/M=,iv:Iph099lne6cH6V1gnobcGZl/mfJZiw1bFJMdSTiVsxE=,tag:xGI+S3Uygzmdnmd0l1kCaQ==,type:str]
wg-seckey: ENC[AES256_GCM,data:wuDmkZgUzzK5,iv:sa2I3qVkXWddcZlItfmKj3K5vT10WE/knoVOaA/HrIQ=,tag:SzGnDifhyol63eQKeJevcA==,type:str] wg-seckey: ENC[AES256_GCM,data:wuDmkZgUzzK5,iv:sa2I3qVkXWddcZlItfmKj3K5vT10WE/knoVOaA/HrIQ=,tag:SzGnDifhyol63eQKeJevcA==,type:str]
mediawiki: mediawiki:
@ -21,8 +23,8 @@ sops:
NjZ6dDludHREWTFkdmFST08vb05MNGsKbvBFq6gn9m85fWVgrYuDDZz1uJvMYIwU NjZ6dDludHREWTFkdmFST08vb05MNGsKbvBFq6gn9m85fWVgrYuDDZz1uJvMYIwU
NcptCTo8AVckjTNuP0z19TGt1oD+eYSe55W1hbUKJ1c7wqAys0VnkQ== NcptCTo8AVckjTNuP0z19TGt1oD+eYSe55W1hbUKJ1c7wqAys0VnkQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2022-11-05T11:24:00Z" lastmodified: "2022-11-18T15:23:26Z"
mac: ENC[AES256_GCM,data:IgW58nKqznUoWBhsI+HZD47HjJ7qF8/lS5nQ2Qg2VE7JkQgs/+AYVyMNAckjnpDtHEnK/YaFmnTfRpdQ7BMGaJtGu6TT0PR60jme82rg+iMwspSOVsAIDf9YyrjIv0rF7xwCF65p4/3TIc1OohV2GzLsAykKApMA5kqAo+UNSAs=,iv:sWURn1jmZ7myC2gEuo5BdcZn8JNSXQsopLWeOoLEpkc=,tag:E5kldjnyElfvJyilPiCYUg==,type:str] mac: ENC[AES256_GCM,data:meFon3NJLJ3E7pxGFvmol2WThaTPlPUKdRzeLnPhcLeJ2cGzj/DlnjTBmsk9hKhhTsQ4osdFo/DchId0MyV7Xi5ZmMVD0lyRZEPzguIbkg3UezRiNlosm21DpQ7Pl/yEXd02x/5kLast/Ud3zF1ZNGeGTxNriZvm5XY3KFiMCSY=,iv:oPPQnA82IbMTCsivp1fh4k9hS2keyh7Zm1C1jRkYUMU=,tag:vOkON7/N4v3yXu8kYkAEMg==,type:str]
pgp: pgp:
- created_at: "2022-11-18T15:05:25Z" - created_at: "2022-11-18T15:05:25Z"
enc: | enc: |