nextcloud

This commit is contained in:
Schrottkatze 2023-02-04 01:14:39 +01:00
parent b159ff8c4b
commit f537809a4b
5 changed files with 46 additions and 7 deletions

View file

@ -11,6 +11,7 @@
../common.nix ../common.nix
./proxy.nix ./proxy.nix
./vaultwarden.nix ./vaultwarden.nix
./nextcloud.nix
]; ];
jade = { jade = {

View file

@ -0,0 +1,37 @@
{ pkgs, ... }:
{
services.nextcloud = {
enable = true;
config = {
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
dbname = "nextcloud";
adminpassFile = "${../secret-data/nextcloud-admin-pass}";
adminuser = "root";
};
package = pkgs.nextcloud25;
extraApps = with pkgs.nextcloud25Packages.apps; {
inherit bookmarks calendar contacts deck keeweb mail news notes onlyoffice polls tasks twofactor_webauthn;
};
extraAppsEnable = true;
hostName = "wolke.schrottkatze.de";
https = true;
};
services.postgresql = {
enable = true;
ensureDatabases = [ "nextcloud" ];
ensureUsers = [
{ name = "nextcloud";
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
}
];
};
# ensure that postgres is running *before* running the setup
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
}

View file

@ -1,13 +1,10 @@
{ inputs, config, pkgs, ... }: { inputs, config, pkgs, ... }:
let {
domain = "schrottkatze.de";
vaultwardenSubdomain = "vw";
in {
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "jade@schrottkatze.de"; defaults.email = "jade@schrottkatze.de";
certs = { certs = {
"${vaultwardenSubdomain}.${domain}" = { "vw.schrottkatze.de" = {
group = "nginx"; group = "nginx";
keyType = "rsa2048"; keyType = "rsa2048";
}; };
@ -23,7 +20,7 @@ in {
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts = { virtualHosts = {
"${vaultwardenSubdomain}.${domain}" = { "vw.schrottkatze.de" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
@ -39,6 +36,10 @@ in {
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
"wolke.schrottkatze.de" = {
forceSSL = true;
enableACME = true;
};
}; };
}; };
} }

View file

@ -16,7 +16,7 @@
ROCKET_LOG = "debug"; ROCKET_LOG = "debug";
ENABLE_WAL = false; ENABLE_WAL = false;
ADMIN_TOKEN = builtins.readFile ../secret-data/vaultwarden-admin-token; ADMIN_TOKEN = builtins.readFile ../secret-data/vaultwarden-admin-token;
DOMAIN = "http://localhost"; DOMAIN = "https://vw.schrottkatze.de";
#SMTP_HOST = "mx.example.com"; #SMTP_HOST = "mx.example.com";
#SMTP_FROM = "bitwarden@example.com"; #SMTP_FROM = "bitwarden@example.com";
#SMTP_FROM_NAME = "Bitwarden_RS"; #SMTP_FROM_NAME = "Bitwarden_RS";

Binary file not shown.