diff --git a/hosts/arcturus/default.nix b/hosts/arcturus/default.nix index ea873df..024a1aa 100644 --- a/hosts/arcturus/default.nix +++ b/hosts/arcturus/default.nix @@ -18,6 +18,7 @@ ../../modules/nixos/ntfy-sh.nix ../../modules/nixos/searx.nix ../../modules/nixos/wakapi.nix + ../../modules/nixos/nextcloud.nix ]; sops.secrets = { @@ -48,6 +49,11 @@ wakapi_salt = { sopsFile = ./secrets.yaml; }; + + nextcloud_password = { + sopsFile = ./secrets.yaml; + owner = "nextcloud"; + }; }; boot = { diff --git a/hosts/arcturus/secrets.yaml b/hosts/arcturus/secrets.yaml index 8fd48b7..0fa3fc3 100644 --- a/hosts/arcturus/secrets.yaml +++ b/hosts/arcturus/secrets.yaml @@ -6,6 +6,7 @@ wakapi_salt: ENC[AES256_GCM,data:Vk5Lezv0f/0ehHqXXBCsQxWFYE2KFujTfII0r7Gd1BXFrwi cloudflare_credentials: email: ENC[AES256_GCM,data:qesgxkzUglKdYPI=,iv:2XDEoQzmtagSiILWZzJPswdhkQ+qjdZfNd+LL1nHPx8=,tag:K1F23Za2Zq78tzf0fl5zEw==,type:str] dns_api_token: ENC[AES256_GCM,data:ibSL4KWYhqgHjo27fiSqB1iN9NWU3/qGGuLpmiMpBf+qCuh8uxR7Yw==,iv:NapMvfUSm5rgeROK7KuxGyog8s2PW9CCKtjRG87FoCQ=,tag:/Oah7PRCe4XPts0IYt83zw==,type:str] +nextcloud_password: ENC[AES256_GCM,data:o37mq4YHQT5pbi+cXrk=,iv:8HiDwdHTozNM2lHpgqVhdsspuifppsL2I6Z31xEnYFI=,tag:xTnfn8HcubfiQwLYIkpxjw==,type:str] sops: kms: [] gcp_kms: [] @@ -30,8 +31,8 @@ sops: NGprRGVyZ2plWVNrM3drM3JSUjM2L0UKuNk5DqYn2DIfRpY72zDRP5BKoVAXtNv9 uLI//8wc7f4I3uBdARQdpRE1fapY1UOJOn3i0yndrZARPEbdohRK1Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-29T05:10:28Z" - mac: ENC[AES256_GCM,data:pMOHJ4X52riV5ZRrENjy2pNpClmd33eFQwDZeiAf17nb3T5fHEfUDzOWkJBjNcxW1+ekjvcfREMNz7ny+x+yG52WrOBldvHO5MiQ/SaKXdzDD33uREnlBVXgp19feu2WdhW4cRvEu/vKILSVqGwNZvD1zMIQbRHIqymIXlxVFlg=,iv:BU3x8clOZ4HyWSOT6u+1Cf7zdrc1h9+9MUNurcezNAY=,tag:jt/45ZMiz94ENch7eCvDNA==,type:str] + lastmodified: "2024-10-15T09:48:47Z" + mac: ENC[AES256_GCM,data:zYluS2ijrrGgCVXJ20SrdYf51QgVwoyPqk+JIFQNV9Q/HlWTWss2Y3Xst2Q0oDUO05Pwkk8z1lML2VmQkZH6EpxFpOpzQrKPu5V9jEjA23kSEbh1+JZE/dfRoH0XsXiLiByXktsSuBCoZiu2O9RQUFKAeAOlEwqdNxkQLsrdVZg=,iv:ll0uBFuDPsaH1Qy6p67I6jOJTLiK/L08p66f+1R8WbI=,tag:2eZLoam+YaECWBFicI9agg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/modules/nixos/nextcloud.nix b/modules/nixos/nextcloud.nix new file mode 100644 index 0000000..eef252f --- /dev/null +++ b/modules/nixos/nextcloud.nix @@ -0,0 +1,47 @@ +{ + config, + pkgs, + lib, + username, + ... +}: { + services = { + nginx = { + enable = lib.mkForce true; + virtualHosts = { + "cloud.tux.rs" = { + forceSSL = true; + useACMEHost = "tux.rs"; + }; + }; + }; + + nextcloud = { + enable = true; + hostName = "cloud.tux.rs"; + package = pkgs.nextcloud30; + database.createLocally = true; + configureRedis = true; + maxUploadSize = "16G"; + https = true; + + autoUpdateApps.enable = true; + extraAppsEnable = true; + extraApps = with config.services.nextcloud.package.packages.apps; { + inherit mail spreed; + }; + + config = { + adminuser = "${username}"; + adminpassFile = config.sops.secrets.nextcloud_password.path; + }; + + settings = { + overwriteProtocol = "https"; + default_phone_region = "IN"; + }; + }; + }; + + environment.systemPackages = with pkgs; [nextcloud30]; +}