nextcloud

2024-11-05 15:16:23 +01:00 · 2023-02-04 01:14:39 +01:00 · 2023-02-04 01:14:39 +01:00 · f537809a4b
parent b159ff8c4b
commit f537809a4b
5 changed files with 46 additions and 7 deletions
--- a/schrottserver/configuration.nix
+++ b/schrottserver/configuration.nix
@ -11,6 +11,7 @@
      ../common.nix
      ./proxy.nix
      ./vaultwarden.nix
      ./nextcloud.nix
    ];
  jade = {
--- a/schrottserver/nextcloud.nix
+++ b/schrottserver/nextcloud.nix
@ -0,0 +1,37 @@
 { pkgs, ... }:
 {
  services.nextcloud = {
    enable = true;
    config = {
      dbtype = "pgsql";
      dbuser = "nextcloud";
      dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
      dbname = "nextcloud";
      adminpassFile = "${../secret-data/nextcloud-admin-pass}";
      adminuser = "root";
    };
    package = pkgs.nextcloud25;
    extraApps = with pkgs.nextcloud25Packages.apps; { 
      inherit bookmarks calendar contacts deck keeweb mail news notes onlyoffice polls tasks twofactor_webauthn;
    };
    extraAppsEnable = true;
    hostName = "wolke.schrottkatze.de";
    https = true;
  };
  services.postgresql = {
    enable = true;
    ensureDatabases = [ "nextcloud" ];
    ensureUsers = [
     { name = "nextcloud";
       ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
     }
    ];
  };
  # ensure that postgres is running *before* running the setup
  systemd.services."nextcloud-setup" = {
    requires = ["postgresql.service"];
    after = ["postgresql.service"];
  };
 }
--- a/schrottserver/proxy.nix
+++ b/schrottserver/proxy.nix
@ -1,13 +1,10 @@
 { inputs, config, pkgs, ... }:
-let 
+{
  domain = "schrottkatze.de";
  vaultwardenSubdomain = "vw";
 in {
  security.acme = {
    acceptTerms = true;
    defaults.email = "jade@schrottkatze.de";
    certs = {
-      "${vaultwardenSubdomain}.${domain}" = {
+      "vw.schrottkatze.de" = {
        group = "nginx";
        keyType = "rsa2048";
      };
@ -23,7 +20,7 @@ in {
    recommendedTlsSettings = true;
    virtualHosts = {
-      "${vaultwardenSubdomain}.${domain}" = {
+      "vw.schrottkatze.de" = {
        forceSSL = true;
        enableACME = true;
        locations."/" = {
@ -39,6 +36,10 @@ in {
          proxyWebsockets = true;
        };
      };
      "wolke.schrottkatze.de" = {
        forceSSL = true;
        enableACME = true;
      };
    };
  };
 }
--- a/schrottserver/vaultwarden.nix
+++ b/schrottserver/vaultwarden.nix
@ -16,7 +16,7 @@
      ROCKET_LOG = "debug";
      ENABLE_WAL = false;
      ADMIN_TOKEN = builtins.readFile ../secret-data/vaultwarden-admin-token;
-      DOMAIN = "http://localhost";
+      DOMAIN = "https://vw.schrottkatze.de";
      #SMTP_HOST = "mx.example.com";
      #SMTP_FROM = "bitwarden@example.com";
      #SMTP_FROM_NAME = "Bitwarden_RS";
--- a/secret-data/nextcloud-admin-pass
+++ b/secret-data/nextcloud-admin-pass