nextcloud
This commit is contained in:
Lennart J. Kurzweg (Nx2)
@@ -1,27 +1,98 @@
|
||||
{ pkgs, ...}@all: with all;
|
||||
{
|
||||
sops.secrets = {
|
||||
"nx2site/nextcloud/admin-pass" = { owner = "nextcloud"; };
|
||||
"nx2site/nextcloud/db-pass" = { owner = "nextcloud"; };
|
||||
# "nx2site/nextcloud/users-pass/nx2" = { owner = "nextcloud"; };
|
||||
{ config, pkgs, ... }@all: with all; let
|
||||
user = "nextcloud";
|
||||
in {
|
||||
sops.secrets = let ss = { owner = user; group = user; mode = "777"; }; in {
|
||||
"nx2site/nextcloud/admin_pass" = ss;
|
||||
"nx2site/nextcloud/db_pass" = ss;
|
||||
"nx2site/nextcloud/lennart_pass" = ss;
|
||||
"nx2site/nextcloud/daniel_pass" = ss;
|
||||
"nx2site/nextcloud/diane_pass" = ss;
|
||||
"nx2site/nextcloud/georg_pass" = ss;
|
||||
"nx2site/nextcloud/tessa_pass" = ss;
|
||||
};
|
||||
|
||||
services = {
|
||||
nextcloud = {
|
||||
enable = true;
|
||||
package = pkgs.nextcloud;
|
||||
hostName = "nc.${hyper.domain}";
|
||||
https = true;
|
||||
configureRedis = true;
|
||||
config = {
|
||||
adminpassFile = config.sops.secrets."nx2site/nextcloud/admin-pass".path;
|
||||
adminuser = "nx2";
|
||||
|
||||
dbtype = "pgsql";
|
||||
# dbhost = config.services.postgresql.settings.port; # using usix socket
|
||||
dbname = "nextcloud";
|
||||
dbpassFile = config.sops.secrets."nx2site/nextcloud/db-pass".path;
|
||||
};
|
||||
users.users."${user}" = {
|
||||
isSystemUser = true;
|
||||
isNormalUser = false;
|
||||
group = user;
|
||||
};
|
||||
# users.groups."${user}" = {};
|
||||
users.groups.nextcloud.members = [ "nextcloud" config.services.nginx.user ];
|
||||
services.nextcloud = {
|
||||
enable = true;
|
||||
hostName = "n.${hyper.domain}";
|
||||
# Need to manually increment with every major upgrade.
|
||||
package = pkgs.nextcloud33;
|
||||
# Let NixOS install and configure the database automatically.
|
||||
# database.createLocally = false;
|
||||
# Let NixOS install and configure Redis caching automatically.
|
||||
configureRedis = true;
|
||||
# Increase the maximum file upload size.
|
||||
maxUploadSize = "16G";
|
||||
https = true;
|
||||
# autoUpdateApps.enable = true;
|
||||
appstoreEnable = false;
|
||||
extraAppsEnable = true;
|
||||
extraApps = with config.services.nextcloud.package.packages.apps; {
|
||||
inherit calendar contacts notes tasks;
|
||||
};
|
||||
settings = {
|
||||
overwriteProtocol = "https";
|
||||
default_phone_region = "DE";
|
||||
|
||||
"mail_smtpmode" = "smtp";
|
||||
"mail_smtphost" = "127.0.0.1";
|
||||
"mail_smtpport" = 2525;
|
||||
"mail_from_address" = "nextcloud";
|
||||
"mail_domain" = hyper.domain;
|
||||
"mail_smtpsecure" = ""; # = STARTTLS
|
||||
# "mail_smtpauth" = true;
|
||||
# "mail_smtpauthtype" = "LOGIN";
|
||||
# "mail_smtpname" = "nextcloud@${hyper.domain}";
|
||||
};
|
||||
secrets."mail_smtppassword" = config.sops.secrets."nx2site/maddy/nextcloud_password".path;
|
||||
# secrets.settings."mail_smtppassword" = config.sops.secrets."nx2site/maddy/nextcloud_password".path;
|
||||
config = {
|
||||
adminpassFile = config.sops.secrets."nx2site/nextcloud/admin_pass".path;
|
||||
dbtype = "pgsql";
|
||||
adminuser = "nextcloud";
|
||||
# dbhost = "localhost:5432";
|
||||
dbhost = "/run/postgresql";
|
||||
dbname = "nextcloud";
|
||||
dbuser = "nextcloud";
|
||||
dbpassFile = config.sops.secrets."nx2site/nextcloud/db_pass".path;
|
||||
};
|
||||
phpOptions = {
|
||||
"memory_limit" = pkgs.lib.mkForce "2G";
|
||||
"opcache.interned_strings_buffer" = "16";
|
||||
};
|
||||
};
|
||||
systemd.services.nextcloud-ensure-users = let
|
||||
users = pkgs.lib.mergeAttrsList (pkgs.lib.map (name: {
|
||||
"${name}" = {
|
||||
email = "${name}@nx2.site";
|
||||
passwordFile = config.sops.secrets."nx2site/nextcloud/${name}_pass".path;
|
||||
};
|
||||
}) [ "lennart" "daniel" "diane" "georg" "tessa" ]);
|
||||
in {
|
||||
enable = true;
|
||||
script = let occ = "${config.services.nextcloud.occ}/bin/nextcloud-occ"; in /* bash */ ''
|
||||
${pkgs.lib.optionalString (users != {}) ''
|
||||
${pkgs.lib.concatStringsSep "\n" (pkgs.lib.mapAttrsToList (name: cfg: ''
|
||||
if ${occ} user:info "${name}" | grep "user not found"; then
|
||||
export OC_PASS="$(cat ${pkgs.lib.escapeShellArg cfg.passwordFile})"
|
||||
${occ} user:add --password-from-env "${name}"
|
||||
fi
|
||||
${pkgs.lib.optionalString (cfg.email != null) ''
|
||||
${occ} user:setting "${name}" settings email "${cfg.email}"
|
||||
''}
|
||||
'') users)}
|
||||
''}
|
||||
'';
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "nextcloud-setup.service" ];
|
||||
};
|
||||
services.phpfpm.pools.nextcloud.settings = pkgs.lib.mkIf config.services.nextcloud.enable {
|
||||
"listen.owner" = config.services.nginx.user;
|
||||
"listen.group" = config.services.nginx.group;
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user