os/hosts/0001/nextcloud.nix

89 lines
1.8 KiB
Nix

{
config,
lib,
inputs,
pkgs,
self,
...
}: let
hostAddress = "10.10.42.1";
serviceAddress = "10.10.42.2";
hostname = "cloud.momo.koeln";
dbUserName = "nextcloud";
hostStateDir = "/mnt/internal/nextcloud";
containerStateDir = "/var/lib/nextcloud";
in {
age.secrets.nextcloud-db-password = {
file = "${self}/secrets/nextcloud-db-password.age";
mode = "700";
owner = "nextcloud";
};
age.secrets.nextcloud-admin-password = {
file = "${self}/secrets/nextcloud-admin-password";
mode = "700";
owner = "nextcloud";
};
services.caddy.virtualHosts.${hostname} = {
logFormat = lib.mkForce ''
output discard
'';
extraConfig = ''
reverse_proxy ${serviceAddress}:80
'';
};
containers."nextcloud" = {
privateNetwork = true;
hostAddress = hostAddress;
localAddress = serviceAddress;
bindMounts."${containerStateDir}" = {
hostPath = hostStateDir;
isReadOnly = false;
};
config = {
config,
pkgs,
...
}: {
networking.firewall.allowedTCPPorts = [80];
# nextcloud
services.nextcloud = {
enable = true;
hostName = hostname;
home = containerStateDir;
config = {
dbuser = dbUserName;
dbtype = "pgsql";
dbport = 5432;
dbpassFile = config.age.secrets.nextcloud-db-password.path;
adminUser = "admin";
adminpassFile = config.age.secrets.nextcloud-admin-password.path;
};
};
services.postgresql = {
enable = true;
ensureUsers = [
{
name = dbUserName;
ensurePermissions = {
"DATABASE nextcloud" = "ALL PRIVILEGES";
};
}
];
ensureDatabases = ["nextcloud"];
};
};
};
}