diff --git a/hosts/zora/default.nix b/hosts/zora/default.nix index b1af5d7..ab18ff2 100644 --- a/hosts/zora/default.nix +++ b/hosts/zora/default.nix @@ -17,6 +17,7 @@ ../../modules/server/link ../../modules/server/taf ../../modules/server/giovanni + ../../modules/server/baba # disko.nixosModules.disko agenix.nixosModules.default diff --git a/hosts/zora/reverse-proxy.nix b/hosts/zora/reverse-proxy.nix index cfdbf0b..810341d 100644 --- a/hosts/zora/reverse-proxy.nix +++ b/hosts/zora/reverse-proxy.nix @@ -12,6 +12,14 @@ recommendedTlsSettings = true; virtualHosts = { + "lyes.eu" = { + default = true; + forceSSL = true; + enableACME = true; + locations."/" = { + root = "/var/data/www/lyes.eu/"; + }; + }; "auth.lyes.eu" = { forceSSL = true; enableACME = true; diff --git a/modules/server/baba/default.nix b/modules/server/baba/default.nix new file mode 100644 index 0000000..b608686 --- /dev/null +++ b/modules/server/baba/default.nix @@ -0,0 +1,48 @@ +{ config, pkgs, ... }: + +{ + services.nextcloud = { + enable = true; + package = pkgs.nextcloud32; + hostName = "cloud.lyes.eu"; + https = true; + configureRedis = true; + maxUploadSize = "10G"; + + extraAppsEnable = true; + extraApps = { + inherit (pkgs.nextcloud32Packages.apps) mail calendar contacts user_oidc notes richdocuments tasks; + }; + + config = { + dbtype = "pgsql"; + dbuser = "baba"; + dbname = "baba"; + dbpassFile = config.age.secrets.path; + adminpassFile = config.age.secrets.path; + }; + + phpOptions = { + "opcache.interned_strings_buffer" = "32"; + "opcache.memory_consumption" = "512"; + }; + }; + + services.nginx.virtualHosts.${config.services.nextcloud.hostName} = { + forceSSL = true; + enableACME = true; + }; + + age.secrets = { + baba-db-pass = { + file = ../../../secrets/zora/services/baba-db-pass.age; + owner = "nextcloud"; + group = "nextcloud"; + }; + baba-admin-pass = { + file = ../../../secrets/zora/services/baba-admin-pass.age; + owner = "nextcloud"; + group = "nextcloud"; + }; + }; +} diff --git a/secrets.nix b/secrets.nix index 6b8f51f..d23a103 100644 --- a/secrets.nix +++ b/secrets.nix @@ -15,4 +15,6 @@ in "secrets/zora/services/kanidm-idm-admin-password.age".publicKeys = all; "secrets/zora/services/taf-token.age".publicKeys = all; "secrets/zora/services/giovanni-env.age".publicKeys = all; + "secrets/zora/services/baba-db-pass.age".publicKeys = all; + "secrets/zora/services/baba-admin-pass.age".publicKeys = all; } diff --git a/secrets/zora/services/baba-admin-pass.age b/secrets/zora/services/baba-admin-pass.age new file mode 100644 index 0000000..555a858 Binary files /dev/null and b/secrets/zora/services/baba-admin-pass.age differ diff --git a/secrets/zora/services/baba-db-pass.age b/secrets/zora/services/baba-db-pass.age new file mode 100644 index 0000000..e4161b6 --- /dev/null +++ b/secrets/zora/services/baba-db-pass.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 whuRpQ LtFKAcJJ74Mca7gWMLv5zpqSgXvBiVnTPy0vHNRYkDA +B+NIOcyzQTlNmjKX0CNtTzhms1bOvkmRLCfh/z8tCTs +-> ssh-ed25519 TFqgIg PK+2avlrI63eVfDBuwBhFvTzKYxLz6spkUARFhIsK0A +fD0BVpgq8gqJLjrrweVfsS82uruP/N+jMKkgDIEM7Ls +--- zIUOql4g4BircTLHxDVtsZPhA3YjQIji2f8Mz9MzaSw +sQtETl~P=JMr5x@A/iXgŠ^0W \ No newline at end of file