add nextcloud

2025-07-05 20:56:33 +05:30 · 2024-10-15 17:54:40 +05:30
parent c33278b0bf
commit 23e8f2edfb
3 changed files with 56 additions and 2 deletions
--- a/hosts/arcturus/default.nix
+++ b/hosts/arcturus/default.nix
@ -18,6 +18,7 @@
    ../../modules/nixos/ntfy-sh.nix
    ../../modules/nixos/searx.nix
    ../../modules/nixos/wakapi.nix
+    ../../modules/nixos/nextcloud.nix
  ];

  sops.secrets = {
@ -48,6 +49,11 @@
    wakapi_salt = {
      sopsFile = ./secrets.yaml;
    };
+
+    nextcloud_password = {
+      sopsFile = ./secrets.yaml;
+      owner = "nextcloud";
+    };
  };

  boot = {
--- a/hosts/arcturus/secrets.yaml
+++ b/hosts/arcturus/secrets.yaml
@ -6,6 +6,7 @@ wakapi_salt: ENC[AES256_GCM,data:Vk5Lezv0f/0ehHqXXBCsQxWFYE2KFujTfII0r7Gd1BXFrwi
 cloudflare_credentials:
    email: ENC[AES256_GCM,data:qesgxkzUglKdYPI=,iv:2XDEoQzmtagSiILWZzJPswdhkQ+qjdZfNd+LL1nHPx8=,tag:K1F23Za2Zq78tzf0fl5zEw==,type:str]
    dns_api_token: ENC[AES256_GCM,data:ibSL4KWYhqgHjo27fiSqB1iN9NWU3/qGGuLpmiMpBf+qCuh8uxR7Yw==,iv:NapMvfUSm5rgeROK7KuxGyog8s2PW9CCKtjRG87FoCQ=,tag:/Oah7PRCe4XPts0IYt83zw==,type:str]
+nextcloud_password: ENC[AES256_GCM,data:o37mq4YHQT5pbi+cXrk=,iv:8HiDwdHTozNM2lHpgqVhdsspuifppsL2I6Z31xEnYFI=,tag:xTnfn8HcubfiQwLYIkpxjw==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -30,8 +31,8 @@ sops:
            NGprRGVyZ2plWVNrM3drM3JSUjM2L0UKuNk5DqYn2DIfRpY72zDRP5BKoVAXtNv9
            uLI//8wc7f4I3uBdARQdpRE1fapY1UOJOn3i0yndrZARPEbdohRK1Q==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-29T05:10:28Z"
-    mac: ENC[AES256_GCM,data:pMOHJ4X52riV5ZRrENjy2pNpClmd33eFQwDZeiAf17nb3T5fHEfUDzOWkJBjNcxW1+ekjvcfREMNz7ny+x+yG52WrOBldvHO5MiQ/SaKXdzDD33uREnlBVXgp19feu2WdhW4cRvEu/vKILSVqGwNZvD1zMIQbRHIqymIXlxVFlg=,iv:BU3x8clOZ4HyWSOT6u+1Cf7zdrc1h9+9MUNurcezNAY=,tag:jt/45ZMiz94ENch7eCvDNA==,type:str]
+    lastmodified: "2024-10-15T09:48:47Z"
+    mac: ENC[AES256_GCM,data:zYluS2ijrrGgCVXJ20SrdYf51QgVwoyPqk+JIFQNV9Q/HlWTWss2Y3Xst2Q0oDUO05Pwkk8z1lML2VmQkZH6EpxFpOpzQrKPu5V9jEjA23kSEbh1+JZE/dfRoH0XsXiLiByXktsSuBCoZiu2O9RQUFKAeAOlEwqdNxkQLsrdVZg=,iv:ll0uBFuDPsaH1Qy6p67I6jOJTLiK/L08p66f+1R8WbI=,tag:2eZLoam+YaECWBFicI9agg==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.0
--- a/modules/nixos/nextcloud.nix
+++ b/modules/nixos/nextcloud.nix
@ -0,0 +1,47 @@
+{
+  config,
+  pkgs,
+  lib,
+  username,
+  ...
+}: {
+  services = {
+    nginx = {
+      enable = lib.mkForce true;
+      virtualHosts = {
+        "cloud.tux.rs" = {
+          forceSSL = true;
+          useACMEHost = "tux.rs";
+        };
+      };
+    };
+
+    nextcloud = {
+      enable = true;
+      hostName = "cloud.tux.rs";
+      package = pkgs.nextcloud30;
+      database.createLocally = true;
+      configureRedis = true;
+      maxUploadSize = "16G";
+      https = true;
+
+      autoUpdateApps.enable = true;
+      extraAppsEnable = true;
+      extraApps = with config.services.nextcloud.package.packages.apps; {
+        inherit mail spreed;
+      };
+
+      config = {
+        adminuser = "${username}";
+        adminpassFile = config.sops.secrets.nextcloud_password.path;
+      };
+
+      settings = {
+        overwriteProtocol = "https";
+        default_phone_region = "IN";
+      };
+    };
+  };
+
+  environment.systemPackages = with pkgs; [nextcloud30];
+}