forked from pub-solar/infra
teutat3s
d26b3c12f4
The nextcloud push service would fail with the following error message when deploying a new version: please add '2a01:4f8:172:1c25::1' to the list of trusted proxies or configure any existing reverse proxy to forward the 'x-forwarded-for' send by the push server The following x-forwarded-for header was received by Nextcloud: 1.2.3.4 The following trusted proxies are currently configured: "127.0.0.1", "::1" https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/reverse_proxy_configuration.html#defining-trusted-proxies
151 lines
4 KiB
Nix
151 lines
4 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
flake,
|
|
...
|
|
}:
|
|
{
|
|
age.secrets."nextcloud-secrets" = {
|
|
file = "${flake.self}/secrets/nextcloud-secrets.age";
|
|
mode = "400";
|
|
owner = "nextcloud";
|
|
};
|
|
|
|
age.secrets."nextcloud-admin-pass" = {
|
|
file = "${flake.self}/secrets/nextcloud-admin-pass.age";
|
|
mode = "400";
|
|
owner = "nextcloud";
|
|
};
|
|
|
|
services.nginx.virtualHosts."cloud.pub.solar" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
};
|
|
|
|
services.nextcloud = {
|
|
hostName = "cloud.pub.solar";
|
|
home = "/var/lib/nextcloud";
|
|
|
|
enable = true;
|
|
package = pkgs.nextcloud27;
|
|
https = true;
|
|
secretFile = config.age.secrets."nextcloud-secrets".path; # secret
|
|
maxUploadSize = "1G";
|
|
|
|
configureRedis = true;
|
|
|
|
notify_push = {
|
|
enable = true;
|
|
bendDomainToLocalhost = true;
|
|
};
|
|
|
|
config = {
|
|
adminuser = "admin";
|
|
adminpassFile = config.age.secrets."nextcloud-admin-pass".path;
|
|
dbuser = "nextcloud";
|
|
dbtype = "pgsql";
|
|
dbname = "nextcloud";
|
|
dbtableprefix = "oc_";
|
|
overwriteProtocol = "https";
|
|
};
|
|
|
|
extraOptions = {
|
|
overwrite.cli.url = "http://cloud.pub.solar";
|
|
|
|
installed = true;
|
|
default_phone_region = "+49";
|
|
mail_sendmailmode = "smtp";
|
|
mail_from_address = "nextcloud";
|
|
mail_smtpmode = "smtp";
|
|
mail_smtpauthtype = "PLAIN";
|
|
mail_domain = "pub.solar";
|
|
mail_smtpname = "admins@pub.solar";
|
|
mail_smtpsecure = "tls";
|
|
mail_smtpauth = 1;
|
|
mail_smtphost = "mx2.greenbaum.cloud";
|
|
mail_smtpport = "587";
|
|
|
|
# This is to allow connections to collabora and keycloak, among other services
|
|
# running on the same host
|
|
#
|
|
# https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html?highlight=allow_local_remote_servers%20true
|
|
# https://github.com/ONLYOFFICE/onlyoffice-nextcloud/issues/293
|
|
allow_local_remote_servers = true;
|
|
|
|
enable_previews = true;
|
|
enabledPreviewProviders = [
|
|
"OC\\Preview\\PNG"
|
|
"OC\\Preview\\JPEG"
|
|
"OC\\Preview\\GIF"
|
|
"OC\\Preview\\BMP"
|
|
"OC\\Preview\\XBitmap"
|
|
"OC\\Preview\\Movie"
|
|
"OC\\Preview\\PDF"
|
|
"OC\\Preview\\MP3"
|
|
"OC\\Preview\\TXT"
|
|
"OC\\Preview\\MarkDown"
|
|
];
|
|
preview_max_x = "1024";
|
|
preview_max_y = "768";
|
|
preview_max_scale_factor = "1";
|
|
|
|
auth.bruteforce.protection.enabled = true;
|
|
trashbin_retention_obligation = "auto,7";
|
|
skeletondirectory = "";
|
|
defaultapp = "file";
|
|
activity_expire_days = "14";
|
|
integrity.check.disabled = false;
|
|
updater.release.channel = "stable";
|
|
loglevel = 0;
|
|
# maintenance = false;
|
|
app_install_overwrite = [
|
|
"pdfdraw"
|
|
"integration_whiteboard"
|
|
];
|
|
htaccess.RewriteBase = "/";
|
|
theme = "";
|
|
simpleSignUpLink.shown = false;
|
|
};
|
|
|
|
phpOptions = {
|
|
"opcache.interned_strings_buffer" = "16";
|
|
};
|
|
|
|
# Calculated with 4GiB RAM, 80MiB process size available on
|
|
# https://spot13.com/pmcalculator/
|
|
poolSettings = {
|
|
pm = "dynamic";
|
|
"pm.max_children" = "52";
|
|
"pm.max_requests" = "500";
|
|
"pm.max_spare_servers" = "39";
|
|
"pm.min_spare_servers" = "13";
|
|
"pm.start_servers" = "13";
|
|
};
|
|
|
|
caching.redis = true;
|
|
autoUpdateApps.enable = true;
|
|
database.createLocally = true;
|
|
};
|
|
|
|
services.restic.backups.nextcloud = {
|
|
paths = [
|
|
"/var/lib/nextcloud/data"
|
|
"/tmp/nextcloud-backup.sql"
|
|
];
|
|
timerConfig = {
|
|
OnCalendar = "*-*-* 02:00:00 Etc/UTC";
|
|
# droppie will be offline if nachtigall misses the timer
|
|
Persistent = false;
|
|
};
|
|
initialize = true;
|
|
passwordFile = config.age.secrets."restic-repo-droppie".path;
|
|
repository = "sftp:yule@droppie.b12f.io:/media/internal/pub.solar";
|
|
backupPrepareCommand = ''
|
|
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d nextcloud > /tmp/nextcloud-backup.sql
|
|
'';
|
|
backupCleanupCommand = ''
|
|
rm /tmp/nextcloud-backup.sql
|
|
'';
|
|
};
|
|
}
|