tsuki: set up nextcloud, without enabling it

This commit is contained in:
Oystein Kristoffer Tveit 2023-05-08 02:27:52 +02:00
parent 32885239c3
commit 58061df4ab
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146
3 changed files with 77 additions and 2 deletions

View File

@ -16,6 +16,7 @@
# ./services/keycloak.nix # ./services/keycloak.nix
./services/matrix ./services/matrix
./services/minecraft ./services/minecraft
./services/nextcloud.nix
./services/nginx ./services/nginx
./services/osuchan.nix ./services/osuchan.nix
./services/pgadmin.nix ./services/pgadmin.nix

View File

@ -0,0 +1,70 @@
{ pkgs, config, secrets, ... }:
# TODO: This kinda sucks, but nextcloud refuses to use the NFS mounted
# drive, as it is not able to lock it properly.
# I'll wait for a while with enabling this service, until I have gotten
# Some proper disks into the server.
{
sops.secrets."nextcloud/initialPassword" = {
restartUnits = [ "nextcloud.service" ];
owner = "nextcloud";
group = "nextcloud";
};
sops.secrets."postgres/nextcloud" = {
restartUnits = [ "nextcloud.service" ];
owner = "nextcloud";
group = "nextcloud";
};
services.nextcloud = {
enable = false;
hostName = "cloud.nani.wtf";
https = true;
maxUploadSize = "10G";
package = pkgs.nextcloud25;
datadir = "${config.machineVars.dataDrives.default}/var/nextcloud";
home = "${config.machineVars.dataDrives.default}/var/nextcloud";
enableBrokenCiphersForSSE = false;
caching.redis = true;
extraOptions = {
redis = {
host = config.services.redis.servers.nextcloud.unixSocket;
port = 0;
dbindex = 0;
timeout = 1.5;
};
};
config = {
defaultPhoneRegion = "NO";
dbtype = "pgsql";
dbport = secrets.ports.postgres;
dbpassFile = config.sops.secrets."postgres/nextcloud".path;
adminuser = "h7x4";
adminpassFile = config.sops.secrets."nextcloud/initialPassword".path;
};
};
services.redis.servers.nextcloud = {
enable = true;
};
services.postgresql = {
enable = true;
ensureDatabases = [ "nextcloud" ];
ensureUsers = [
(rec {
name = "nextcloud";
ensurePermissions = {
"DATABASE \"${name}\"" = "ALL PRIVILEGES";
};
})
];
};
}

View File

@ -7,8 +7,12 @@ cloudflare:
drives: drives:
cirno: cirno:
credentials: ENC[AES256_GCM,data:ypMZhs7dQw/IlcLwHwFcIZw0N+kCzvFGLe3gEqZVe1hj0lzK8MCfxAR8GpA=,iv:by5ljMzOuuY4b6BDUQNLhp8/gcXDNe+rHkqhFzjNA6c=,tag:3C5iYsxEWwAKs9Blgr5o6g==,type:str] credentials: ENC[AES256_GCM,data:ypMZhs7dQw/IlcLwHwFcIZw0N+kCzvFGLe3gEqZVe1hj0lzK8MCfxAR8GpA=,iv:by5ljMzOuuY4b6BDUQNLhp8/gcXDNe+rHkqhFzjNA6c=,tag:3C5iYsxEWwAKs9Blgr5o6g==,type:str]
nextcloud:
initialPassword: ENC[AES256_GCM,data:ROG+4u6C9zBu8Ez3Jprw8cgwVd2gFErUIOBmrWL9o7/qSGPT8jnwd0T5W8E=,iv:uRdL/3Xslu/J/aPI44WxlNw3RLAvjDRPt5VttuQL/P0=,tag:IDmGXNF9PsHPaMqK5YUKIg==,type:str]
postgres: postgres:
gitea: ENC[AES256_GCM,data:HyYgEgOzeOnaEvPDEXoL+fRhrnqCeGbb/wOYf2kHulxrU9PKIAcRzmNljsc=,iv:1N/N2RUQ++rAWw4VNQzhee2aV9LzOJym6cyM6CAnZUU=,tag:o7dblJrIAPd4/S8X2LKdcQ==,type:str] gitea: ENC[AES256_GCM,data:HyYgEgOzeOnaEvPDEXoL+fRhrnqCeGbb/wOYf2kHulxrU9PKIAcRzmNljsc=,iv:1N/N2RUQ++rAWw4VNQzhee2aV9LzOJym6cyM6CAnZUU=,tag:o7dblJrIAPd4/S8X2LKdcQ==,type:str]
invidious: ENC[AES256_GCM,data:r/Jzs7U1fkCi2j5L/tOcBfakR3virj8HGrDrVZdP7VwubG4BJLvoeb14eJo=,iv:3plNFOds+HeF0HAliedczpNgPL4ZgqhCOwqbnb2e8Ag=,tag:DHm/KM9UuPiqaRxqNDb7QA==,type:str]
nextcloud: ENC[AES256_GCM,data:E1tD6Z2SDbi5TUDAACjXSJJIn+/ySu0+8xhvRVFxumxjex4ZsEw+mofKIxM=,iv:E4iPVF3M8GOoQghVQtn/kCEpXl0b8MueCbtyvzFM8AA=,tag:IF4kWOuTsylqrXMoXzQaVQ==,type:str]
pgadmin: pgadmin:
oauth2_secret: ENC[AES256_GCM,data:A1Upe1Ja76++ZdOx5YhuKjpaont4m5ChRzn/YVpJbnFzWy1tFlBkOr6UgBj7Wopg,iv:hY+b7AVSrSgHu/10reIjUjJ8+yR4FrZe2JgGiAowfGs=,tag:thy6O1Y3FGTWaQXqlU9aYg==,type:str] oauth2_secret: ENC[AES256_GCM,data:A1Upe1Ja76++ZdOx5YhuKjpaont4m5ChRzn/YVpJbnFzWy1tFlBkOr6UgBj7Wopg,iv:hY+b7AVSrSgHu/10reIjUjJ8+yR4FrZe2JgGiAowfGs=,tag:thy6O1Y3FGTWaQXqlU9aYg==,type:str]
initialPassword: ENC[AES256_GCM,data:674lqcGTDCOYBNocf0LQuQB1cbMus0iZOcvwbadpAXrF4DPQSetqrg==,iv:y8hfzLh6i7LxR11fmM9T0z2t7202JMAiZzi/1iCWPvM=,tag:lHwCBWaWsArrAJ0rZ8Xk/w==,type:str] initialPassword: ENC[AES256_GCM,data:674lqcGTDCOYBNocf0LQuQB1cbMus0iZOcvwbadpAXrF4DPQSetqrg==,iv:y8hfzLh6i7LxR11fmM9T0z2t7202JMAiZzi/1iCWPvM=,tag:lHwCBWaWsArrAJ0rZ8Xk/w==,type:str]
@ -27,8 +31,8 @@ sops:
UE1YWkplaFBhV01CU0FDYTQ3NlkwVkUKMJyCfyh/vcj/VU7shtFF4YRRVaWdcMNh UE1YWkplaFBhV01CU0FDYTQ3NlkwVkUKMJyCfyh/vcj/VU7shtFF4YRRVaWdcMNh
rp9lZmRZpc9mARXYAj9RlkI/uuSzxshtqb5AGXKmSV0hncazxu75kg== rp9lZmRZpc9mARXYAj9RlkI/uuSzxshtqb5AGXKmSV0hncazxu75kg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-03-16T22:23:30Z" lastmodified: "2023-05-08T00:26:32Z"
mac: ENC[AES256_GCM,data:WhmY8htyrpTsAHuA8Q6RquBSafTZR/ocyB/OvLRhIV4gksSbzCWeMR+5Jwvvr8XYkwzD3rpCgCiqpA6R8ibxfdhHYZwHKMJNrAlpBdXSom67q9RUvDJjiCEQyJpcsvjJmT1mM9J3E6iVymoI0h2WW+rGzN3vgONBIr86p0nknKI=,iv:JdHn/qSzPCwkaBL81Wax0ThXFtSGrb26shA1tfXy/aI=,tag:dZLtLJM5mNCO6OOWLtQwXg==,type:str] mac: ENC[AES256_GCM,data:ESAcNcZu6MyT2h1gyXd7UHK5UK5slm+btmWAAaOjP4LVxn2ybNU9/K25gbiuDngH+xEclPXN8t/QtjKpHT1PtJW/nRcT7VDJ7+x50YTixvzrC7PSz2ebdm/HOG7Pb/y+Jo/I/LqKzdYmrbBfug61z84DJJqLHjzuDaWT/9s6U90=,iv:Yco3AQerNcDmO2H36Osm0XsbE7G/Yp4sTcYfutQZ7gM=,tag:/7VZifOICO+7Ebjt6RDe0g==,type:str]
pgp: pgp:
- created_at: "2023-03-07T12:32:53Z" - created_at: "2023-03-07T12:32:53Z"
enc: | enc: |