Adding nextcloud

2025-10-18 00:11:03 +02:00 · 2025-10-18 00:11:03 +02:00 · 7893349400
commit 7893349400
parent d2a132bf0a
6 changed files with 66 additions and 0 deletions
--- a/hosts/zora/default.nix
+++ b/hosts/zora/default.nix
@ -17,6 +17,7 @@
      ../../modules/server/link
      ../../modules/server/taf
      ../../modules/server/giovanni
      ../../modules/server/baba
      # disko.nixosModules.disko
      agenix.nixosModules.default
--- a/hosts/zora/reverse-proxy.nix
+++ b/hosts/zora/reverse-proxy.nix
@ -12,6 +12,14 @@
    recommendedTlsSettings = true;
    virtualHosts = {
      "lyes.eu" = {
        default = true;
        forceSSL = true;
        enableACME = true;
        locations."/" = {
          root = "/var/data/www/lyes.eu/";
        };
      };
      "auth.lyes.eu" = {
        forceSSL = true;
        enableACME = true;
--- a/modules/server/baba/default.nix
+++ b/modules/server/baba/default.nix
@ -0,0 +1,48 @@
 { config, pkgs, ... }:
 {
  services.nextcloud = {
    enable = true;
    package = pkgs.nextcloud32;
    hostName = "cloud.lyes.eu";
    https = true;
    configureRedis = true;
    maxUploadSize = "10G";
    extraAppsEnable = true;
    extraApps = {
      inherit (pkgs.nextcloud32Packages.apps) mail calendar contacts user_oidc notes richdocuments tasks;
    };
    config = {
      dbtype = "pgsql";
      dbuser = "baba";
      dbname = "baba";
      dbpassFile = config.age.secrets.path;
      adminpassFile = config.age.secrets.path;
    };
    phpOptions = {
      "opcache.interned_strings_buffer" = "32";
      "opcache.memory_consumption" = "512";
    };
  };
  services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
    forceSSL = true;
    enableACME = true;
  };
  age.secrets = {
    baba-db-pass = {
      file = ../../../secrets/zora/services/baba-db-pass.age;
      owner = "nextcloud";
      group = "nextcloud";
    };
    baba-admin-pass = {
      file = ../../../secrets/zora/services/baba-admin-pass.age;
      owner = "nextcloud";
      group = "nextcloud";
    };
  };
 }
--- a/secrets.nix
+++ b/secrets.nix
@ -15,4 +15,6 @@ in
  "secrets/zora/services/kanidm-idm-admin-password.age".publicKeys = all;
  "secrets/zora/services/taf-token.age".publicKeys = all;
  "secrets/zora/services/giovanni-env.age".publicKeys = all;
  "secrets/zora/services/baba-db-pass.age".publicKeys = all;
  "secrets/zora/services/baba-admin-pass.age".publicKeys = all;
 }
--- a/secrets/zora/services/baba-admin-pass.age
+++ b/secrets/zora/services/baba-admin-pass.age
--- a/secrets/zora/services/baba-db-pass.age
+++ b/secrets/zora/services/baba-db-pass.age
@ -0,0 +1,7 @@
 age-encryption.org/v1
 -> ssh-ed25519 whuRpQ LtFKAcJJ74Mca7gWMLv5zpqSgXvBiVnTPy0vHNRYkDA
 B+NIOcyzQTlNmjKX0CNtTzhms1bOvkmRLCfh/z8tCTs
 -> ssh-ed25519 TFqgIg PK+2avlrI63eVfDBuwBhFvTzKYxLz6spkUARFhIsK0A
 fD0BVpgq8gqJLjrrweVfsS82uruP/N+jMKkgDIEM7Ls
 --- zIUOql4g4BircTLHxDVtsZPhA3YjQIji2f8Mz9MzaSw
 Ès´»Q¦t¬ÛEá¤T<>l’»ËØ~P¼=àJMµºßr5êx¢@ÔAå/˜i<69>Xƒö<1A>•gî²ÂŠ^0ðW