From 789334940021f488ba115f6912192ec7f4edaf4c Mon Sep 17 00:00:00 2001 From: Lyes Saadi Date: Sat, 18 Oct 2025 00:11:03 +0200 Subject: [PATCH] Adding nextcloud --- hosts/zora/default.nix | 1 + hosts/zora/reverse-proxy.nix | 8 ++++ modules/server/baba/default.nix | 48 ++++++++++++++++++++++ secrets.nix | 2 + secrets/zora/services/baba-admin-pass.age | Bin 0 -> 355 bytes secrets/zora/services/baba-db-pass.age | 7 ++++ 6 files changed, 66 insertions(+) create mode 100644 modules/server/baba/default.nix create mode 100644 secrets/zora/services/baba-admin-pass.age create mode 100644 secrets/zora/services/baba-db-pass.age diff --git a/hosts/zora/default.nix b/hosts/zora/default.nix index b1af5d7..ab18ff2 100644 --- a/hosts/zora/default.nix +++ b/hosts/zora/default.nix @@ -17,6 +17,7 @@ ../../modules/server/link ../../modules/server/taf ../../modules/server/giovanni + ../../modules/server/baba # disko.nixosModules.disko agenix.nixosModules.default diff --git a/hosts/zora/reverse-proxy.nix b/hosts/zora/reverse-proxy.nix index cfdbf0b..810341d 100644 --- a/hosts/zora/reverse-proxy.nix +++ b/hosts/zora/reverse-proxy.nix @@ -12,6 +12,14 @@ recommendedTlsSettings = true; virtualHosts = { + "lyes.eu" = { + default = true; + forceSSL = true; + enableACME = true; + locations."/" = { + root = "/var/data/www/lyes.eu/"; + }; + }; "auth.lyes.eu" = { forceSSL = true; enableACME = true; diff --git a/modules/server/baba/default.nix b/modules/server/baba/default.nix new file mode 100644 index 0000000..b608686 --- /dev/null +++ b/modules/server/baba/default.nix @@ -0,0 +1,48 @@ +{ config, pkgs, ... }: + +{ + services.nextcloud = { + enable = true; + package = pkgs.nextcloud32; + hostName = "cloud.lyes.eu"; + https = true; + configureRedis = true; + maxUploadSize = "10G"; + + extraAppsEnable = true; + extraApps = { + inherit (pkgs.nextcloud32Packages.apps) mail calendar contacts user_oidc notes richdocuments tasks; + }; + + config = { + dbtype = "pgsql"; + dbuser = "baba"; + dbname = "baba"; + dbpassFile = config.age.secrets.path; + adminpassFile = config.age.secrets.path; + }; + + phpOptions = { + "opcache.interned_strings_buffer" = "32"; + "opcache.memory_consumption" = "512"; + }; + }; + + services.nginx.virtualHosts.${config.services.nextcloud.hostName} = { + forceSSL = true; + enableACME = true; + }; + + age.secrets = { + baba-db-pass = { + file = ../../../secrets/zora/services/baba-db-pass.age; + owner = "nextcloud"; + group = "nextcloud"; + }; + baba-admin-pass = { + file = ../../../secrets/zora/services/baba-admin-pass.age; + owner = "nextcloud"; + group = "nextcloud"; + }; + }; +} diff --git a/secrets.nix b/secrets.nix index 6b8f51f..d23a103 100644 --- a/secrets.nix +++ b/secrets.nix @@ -15,4 +15,6 @@ in "secrets/zora/services/kanidm-idm-admin-password.age".publicKeys = all; "secrets/zora/services/taf-token.age".publicKeys = all; "secrets/zora/services/giovanni-env.age".publicKeys = all; + "secrets/zora/services/baba-db-pass.age".publicKeys = all; + "secrets/zora/services/baba-admin-pass.age".publicKeys = all; } diff --git a/secrets/zora/services/baba-admin-pass.age b/secrets/zora/services/baba-admin-pass.age new file mode 100644 index 0000000000000000000000000000000000000000..555a858921b48bd487f6bb6dd8d8df7373197f7f GIT binary patch literal 355 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH&nOKl2vkTb&J8#9 zvuZjvXwlpeBEDUiAG6<;B*UvT0$f-0d%1Q|e3C^epb>&J9@C^0|@$^Vfbt;Xp z2re)y3o}Y_bu)7GbPe|OEvfSKs|a#3H!$6BtAS2YzJ<+8i(%D%% zDm*Pbu{2S;+{o3^A~QLq!Xm#YBa%y3S69IxD?d29BCEJEB&#?ez0||3D9|`Gu)HWB zI5#7upg5#3y)4TzE#Jk*sF-WfJ%*<`K3B~HUzY#bacNNtmkR5m ssh-ed25519 whuRpQ LtFKAcJJ74Mca7gWMLv5zpqSgXvBiVnTPy0vHNRYkDA +B+NIOcyzQTlNmjKX0CNtTzhms1bOvkmRLCfh/z8tCTs +-> ssh-ed25519 TFqgIg PK+2avlrI63eVfDBuwBhFvTzKYxLz6spkUARFhIsK0A +fD0BVpgq8gqJLjrrweVfsS82uruP/N+jMKkgDIEM7Ls +--- zIUOql4g4BircTLHxDVtsZPhA3YjQIji2f8Mz9MzaSw +sQtETl~P=JMr5x@A/iXgŠ^0W \ No newline at end of file