tsuki: set up nextcloud, without enabling it
This commit is contained in:
parent
32885239c3
commit
58061df4ab
|
@ -16,6 +16,7 @@
|
||||||
# ./services/keycloak.nix
|
# ./services/keycloak.nix
|
||||||
./services/matrix
|
./services/matrix
|
||||||
./services/minecraft
|
./services/minecraft
|
||||||
|
./services/nextcloud.nix
|
||||||
./services/nginx
|
./services/nginx
|
||||||
./services/osuchan.nix
|
./services/osuchan.nix
|
||||||
./services/pgadmin.nix
|
./services/pgadmin.nix
|
||||||
|
|
|
@ -0,0 +1,70 @@
|
||||||
|
{ pkgs, config, secrets, ... }:
|
||||||
|
|
||||||
|
# TODO: This kinda sucks, but nextcloud refuses to use the NFS mounted
|
||||||
|
# drive, as it is not able to lock it properly.
|
||||||
|
# I'll wait for a while with enabling this service, until I have gotten
|
||||||
|
# Some proper disks into the server.
|
||||||
|
{
|
||||||
|
sops.secrets."nextcloud/initialPassword" = {
|
||||||
|
restartUnits = [ "nextcloud.service" ];
|
||||||
|
owner = "nextcloud";
|
||||||
|
group = "nextcloud";
|
||||||
|
};
|
||||||
|
sops.secrets."postgres/nextcloud" = {
|
||||||
|
restartUnits = [ "nextcloud.service" ];
|
||||||
|
owner = "nextcloud";
|
||||||
|
group = "nextcloud";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nextcloud = {
|
||||||
|
enable = false;
|
||||||
|
hostName = "cloud.nani.wtf";
|
||||||
|
https = true;
|
||||||
|
maxUploadSize = "10G";
|
||||||
|
package = pkgs.nextcloud25;
|
||||||
|
|
||||||
|
datadir = "${config.machineVars.dataDrives.default}/var/nextcloud";
|
||||||
|
|
||||||
|
home = "${config.machineVars.dataDrives.default}/var/nextcloud";
|
||||||
|
|
||||||
|
enableBrokenCiphersForSSE = false;
|
||||||
|
|
||||||
|
caching.redis = true;
|
||||||
|
extraOptions = {
|
||||||
|
redis = {
|
||||||
|
host = config.services.redis.servers.nextcloud.unixSocket;
|
||||||
|
port = 0;
|
||||||
|
dbindex = 0;
|
||||||
|
timeout = 1.5;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = {
|
||||||
|
defaultPhoneRegion = "NO";
|
||||||
|
|
||||||
|
dbtype = "pgsql";
|
||||||
|
dbport = secrets.ports.postgres;
|
||||||
|
dbpassFile = config.sops.secrets."postgres/nextcloud".path;
|
||||||
|
|
||||||
|
adminuser = "h7x4";
|
||||||
|
adminpassFile = config.sops.secrets."nextcloud/initialPassword".path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.redis.servers.nextcloud = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.postgresql = {
|
||||||
|
enable = true;
|
||||||
|
ensureDatabases = [ "nextcloud" ];
|
||||||
|
ensureUsers = [
|
||||||
|
(rec {
|
||||||
|
name = "nextcloud";
|
||||||
|
ensurePermissions = {
|
||||||
|
"DATABASE \"${name}\"" = "ALL PRIVILEGES";
|
||||||
|
};
|
||||||
|
})
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
|
@ -7,8 +7,12 @@ cloudflare:
|
||||||
drives:
|
drives:
|
||||||
cirno:
|
cirno:
|
||||||
credentials: ENC[AES256_GCM,data:ypMZhs7dQw/IlcLwHwFcIZw0N+kCzvFGLe3gEqZVe1hj0lzK8MCfxAR8GpA=,iv:by5ljMzOuuY4b6BDUQNLhp8/gcXDNe+rHkqhFzjNA6c=,tag:3C5iYsxEWwAKs9Blgr5o6g==,type:str]
|
credentials: ENC[AES256_GCM,data:ypMZhs7dQw/IlcLwHwFcIZw0N+kCzvFGLe3gEqZVe1hj0lzK8MCfxAR8GpA=,iv:by5ljMzOuuY4b6BDUQNLhp8/gcXDNe+rHkqhFzjNA6c=,tag:3C5iYsxEWwAKs9Blgr5o6g==,type:str]
|
||||||
|
nextcloud:
|
||||||
|
initialPassword: ENC[AES256_GCM,data:ROG+4u6C9zBu8Ez3Jprw8cgwVd2gFErUIOBmrWL9o7/qSGPT8jnwd0T5W8E=,iv:uRdL/3Xslu/J/aPI44WxlNw3RLAvjDRPt5VttuQL/P0=,tag:IDmGXNF9PsHPaMqK5YUKIg==,type:str]
|
||||||
postgres:
|
postgres:
|
||||||
gitea: ENC[AES256_GCM,data:HyYgEgOzeOnaEvPDEXoL+fRhrnqCeGbb/wOYf2kHulxrU9PKIAcRzmNljsc=,iv:1N/N2RUQ++rAWw4VNQzhee2aV9LzOJym6cyM6CAnZUU=,tag:o7dblJrIAPd4/S8X2LKdcQ==,type:str]
|
gitea: ENC[AES256_GCM,data:HyYgEgOzeOnaEvPDEXoL+fRhrnqCeGbb/wOYf2kHulxrU9PKIAcRzmNljsc=,iv:1N/N2RUQ++rAWw4VNQzhee2aV9LzOJym6cyM6CAnZUU=,tag:o7dblJrIAPd4/S8X2LKdcQ==,type:str]
|
||||||
|
invidious: ENC[AES256_GCM,data:r/Jzs7U1fkCi2j5L/tOcBfakR3virj8HGrDrVZdP7VwubG4BJLvoeb14eJo=,iv:3plNFOds+HeF0HAliedczpNgPL4ZgqhCOwqbnb2e8Ag=,tag:DHm/KM9UuPiqaRxqNDb7QA==,type:str]
|
||||||
|
nextcloud: ENC[AES256_GCM,data:E1tD6Z2SDbi5TUDAACjXSJJIn+/ySu0+8xhvRVFxumxjex4ZsEw+mofKIxM=,iv:E4iPVF3M8GOoQghVQtn/kCEpXl0b8MueCbtyvzFM8AA=,tag:IF4kWOuTsylqrXMoXzQaVQ==,type:str]
|
||||||
pgadmin:
|
pgadmin:
|
||||||
oauth2_secret: ENC[AES256_GCM,data:A1Upe1Ja76++ZdOx5YhuKjpaont4m5ChRzn/YVpJbnFzWy1tFlBkOr6UgBj7Wopg,iv:hY+b7AVSrSgHu/10reIjUjJ8+yR4FrZe2JgGiAowfGs=,tag:thy6O1Y3FGTWaQXqlU9aYg==,type:str]
|
oauth2_secret: ENC[AES256_GCM,data:A1Upe1Ja76++ZdOx5YhuKjpaont4m5ChRzn/YVpJbnFzWy1tFlBkOr6UgBj7Wopg,iv:hY+b7AVSrSgHu/10reIjUjJ8+yR4FrZe2JgGiAowfGs=,tag:thy6O1Y3FGTWaQXqlU9aYg==,type:str]
|
||||||
initialPassword: ENC[AES256_GCM,data:674lqcGTDCOYBNocf0LQuQB1cbMus0iZOcvwbadpAXrF4DPQSetqrg==,iv:y8hfzLh6i7LxR11fmM9T0z2t7202JMAiZzi/1iCWPvM=,tag:lHwCBWaWsArrAJ0rZ8Xk/w==,type:str]
|
initialPassword: ENC[AES256_GCM,data:674lqcGTDCOYBNocf0LQuQB1cbMus0iZOcvwbadpAXrF4DPQSetqrg==,iv:y8hfzLh6i7LxR11fmM9T0z2t7202JMAiZzi/1iCWPvM=,tag:lHwCBWaWsArrAJ0rZ8Xk/w==,type:str]
|
||||||
|
@ -27,8 +31,8 @@ sops:
|
||||||
UE1YWkplaFBhV01CU0FDYTQ3NlkwVkUKMJyCfyh/vcj/VU7shtFF4YRRVaWdcMNh
|
UE1YWkplaFBhV01CU0FDYTQ3NlkwVkUKMJyCfyh/vcj/VU7shtFF4YRRVaWdcMNh
|
||||||
rp9lZmRZpc9mARXYAj9RlkI/uuSzxshtqb5AGXKmSV0hncazxu75kg==
|
rp9lZmRZpc9mARXYAj9RlkI/uuSzxshtqb5AGXKmSV0hncazxu75kg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-03-16T22:23:30Z"
|
lastmodified: "2023-05-08T00:26:32Z"
|
||||||
mac: ENC[AES256_GCM,data:WhmY8htyrpTsAHuA8Q6RquBSafTZR/ocyB/OvLRhIV4gksSbzCWeMR+5Jwvvr8XYkwzD3rpCgCiqpA6R8ibxfdhHYZwHKMJNrAlpBdXSom67q9RUvDJjiCEQyJpcsvjJmT1mM9J3E6iVymoI0h2WW+rGzN3vgONBIr86p0nknKI=,iv:JdHn/qSzPCwkaBL81Wax0ThXFtSGrb26shA1tfXy/aI=,tag:dZLtLJM5mNCO6OOWLtQwXg==,type:str]
|
mac: ENC[AES256_GCM,data:ESAcNcZu6MyT2h1gyXd7UHK5UK5slm+btmWAAaOjP4LVxn2ybNU9/K25gbiuDngH+xEclPXN8t/QtjKpHT1PtJW/nRcT7VDJ7+x50YTixvzrC7PSz2ebdm/HOG7Pb/y+Jo/I/LqKzdYmrbBfug61z84DJJqLHjzuDaWT/9s6U90=,iv:Yco3AQerNcDmO2H36Osm0XsbE7G/Yp4sTcYfutQZ7gM=,tag:/7VZifOICO+7Ebjt6RDe0g==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2023-03-07T12:32:53Z"
|
- created_at: "2023-03-07T12:32:53Z"
|
||||||
enc: |
|
enc: |
|
||||||
|
|
Loading…
Reference in New Issue