From 9fd461393642619b365e7ccea0a69c2545033425 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 22 Oct 2023 14:27:42 +0100 Subject: [PATCH] nextcloud: this is goood enough for now, will have to move server shortly --- applications/nextcloud.nix | 97 ++++++++++++++++++++++++++++++++++++++ machines/optimus.nix | 9 ++++ secrets/nextcloud/pw.age | 15 ++++++ secrets/secrets.nix | 7 +++ 4 files changed, 128 insertions(+) create mode 100644 applications/nextcloud.nix create mode 100644 secrets/nextcloud/pw.age diff --git a/applications/nextcloud.nix b/applications/nextcloud.nix new file mode 100644 index 0000000..8b85073 --- /dev/null +++ b/applications/nextcloud.nix @@ -0,0 +1,97 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.services.skynet_nextcloud; + domain = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; +in { + imports = [ + ./acme.nix + ./dns.nix + ./nginx.nix + ]; + + options.services.skynet_nextcloud = { + enable = mkEnableOption "Skynet Nextcloud"; + + host = { + ip = mkOption { + type = types.str; + }; + + name = mkOption { + type = types.str; + }; + }; + + domain = { + tld = mkOption { + type = types.str; + default = "ie"; + }; + + base = mkOption { + type = types.str; + default = "skynet"; + }; + + sub = mkOption { + type = types.str; + default = "nextcloud"; + }; + }; + }; + + config = mkIf cfg.enable { + # shove the entire config file into secrets + + age.secrets.nextcloud_admin_pass = { + file = ../secrets/nextcloud/pw.age; + owner = "nextcloud"; + group = "nextcloud"; + }; + + skynet_acme.domains = [ + domain + ]; + + skynet_dns.records = [ + { + record = cfg.domain.sub; + r_type = "CNAME"; + value = cfg.host.name; + } + ]; + + # /var/lib/nextcloud/data + + services.nextcloud = { + enable = true; + package = pkgs.nextcloud27; + hostName = domain; + https = true; + + config = { + trustedProxies = ["193.1.99.65"]; + adminpassFile = config.age.secrets.nextcloud_admin_pass.path; + }; + + extraApps = with config.services.nextcloud.package.packages.apps; { + inherit files_markdown files_texteditor forms groupfolders mail maps news notes onlyoffice polls; + }; + + extraOptions = { + mail_smtpmode = "sendmail"; + mail_sendmailmode = "pipe"; + }; + }; + + services.nginx.virtualHosts.${domain} = { + forceSSL = true; + useACMEHost = "skynet"; + }; + }; +} diff --git a/machines/optimus.nix b/machines/optimus.nix index 095c55c..211a37f 100644 --- a/machines/optimus.nix +++ b/machines/optimus.nix @@ -22,6 +22,7 @@ Notes: in { imports = [ ../applications/games.nix + ../applications/nextcloud.nix ]; deployment = { @@ -60,4 +61,12 @@ in { name = name; }; }; + + services.skynet_nextcloud = { + enable = true; + host = { + ip = ip_pub; + name = name; + }; + }; } diff --git a/secrets/nextcloud/pw.age b/secrets/nextcloud/pw.age new file mode 100644 index 0000000..211565a --- /dev/null +++ b/secrets/nextcloud/pw.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> ssh-ed25519 V1pwNA GHSErc8c9vc/xRJKfYMJLayQL7HxOL8JeGoYo2h6RlI +s7kkNRo60WiIgaiml8dWe8n16T+u8T+yb4W3wwmuqjU +-> ssh-ed25519 4PzZog bbecpnwp/8Si9z0pu77WKcKJm+2MB1zBmVOup6oR5UQ +DUVCb2U8z21cOnMYULXdtmkpwH3MlOuUZFgl1TvRhT0 +-> ssh-ed25519 5Nd93w YHCbzauRkUdRs50+5RhRLBEvlXGsbqBNAjF/S6xBiiQ +xsCA1eICC97DvIQe2Sumb0tM0rvXgpHoWalWZjf9fMI +-> ssh-ed25519 q8eJgg yhKxSY9qxfwhofkrDKUbvORm3T52/CfNtVuDYwn6DGM +G590dtERfI+O7eCTm2mycUsE5PaCUTGaNGGg4bmm1k8 +-> ssh-ed25519 DVzSig 0qqpCx7UbH23wxeJJMK21E8tknH/dnFZCa2dx830fF8 +BphKZzApbyb/QRMpx8cn8Okp/G9glu0l1BdaNGFkeII +-> 9w/.T-grease ^xmu\A /R-"|G ;! +pSeeYWA63jGkK0k2Fd+edOuyks/vMLbxa5eVlx7x4MiyLHiAS/K7QVpbFU0 +--- I8Og0EodMu4gqGxgeNXyA8+VeRYwfOB86mWKXLRoKg8 +}p?8vHk7 ˸/H_T_o}2>~ň A_kP \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index c161ff0..25fddf0 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -86,6 +86,10 @@ let discord = [ kitt ]; + + nextcloud = [ + optimus + ]; in { # nix run github:ryantm/agenix -- -e secret1.age @@ -120,4 +124,7 @@ in { # email stuff "email/details.age".publicKeys = users ++ ldap ++ discord; + + # nextcloud + "nextcloud/pw.age".publicKeys = users ++ nextcloud; }