pub-solar-os/hosts/cube/nextcloud.nix

73 lines
1.7 KiB
Nix

{ self, pkgs, config, ... }:
{
age.secrets.nextcloud_db_pass = {
owner = "nextcloud";
group = "nextcloud";
file = "${self}/secrets/cube_nextcloud_db_pass.age";
};
age.secrets.nextcloud_admin_pass = {
owner = "nextcloud";
group = "nextcloud";
file = "${self}/secrets/cube_nextcloud_admin_pass.age";
};
# HTTP
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
virtualHosts."data.gssws.de" = {
enableACME = true;
forceSSL = true;
};
};
# DATABASES
services.postgresql = {
enable = true;
package = pkgs.postgresql_11;
ensureDatabases = [ "nextcloud" ];
ensureUsers = [
{
name = "nextcloud";
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
}
];
};
systemd.services."nextcloud-setup" = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
# NEXTCLOUD
services.nextcloud = {
enable = true;
package = pkgs.nextcloud24;
hostName = "data.gssws.de";
https = true;
#datadir = "/mnt/internal/nextcloud";
autoUpdateApps.enable = true;
autoUpdateApps.startAt = "05:00:00";
config = {
# Further forces Nextcloud to use HTTPS
overwriteProtocol = "https";
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql";
dbname = "nextcloud";
dbpassFile = "/run/agenix/nextcloud_db_pass";
adminpassFile = "/run/agenix/nextcloud_admin_pass";
adminuser = "admin";
};
};
}