Added Nextcloud role

2019-12-17 11:01:02 +10:00 · 2019-12-17 11:01:02 +10:00 · 6c06eacc08
parent 68aa551be0
commit 6c06eacc08
2 changed files with 68 additions and 0 deletions
--- a/hosts/cuallaidh.nix
+++ b/hosts/cuallaidh.nix
@ -11,6 +11,7 @@
      ../roles/hydra.nix
      ../roles/iohk.nix
      ../roles/matrix.nix
      ../roles/nextcloud.nix
      ../roles/nixpkgs-dev.nix
      ../roles/taskserver.nix
      ../roles/tt-rss.nix
--- a/roles/nextcloud.nix
+++ b/roles/nextcloud.nix
@ -0,0 +1,67 @@
 # NixOps configuration for the hosts running Nextcloud
 { config, pkgs, lib, ... }:
 {
  imports =
    [
      ../secrets/nextcloud.nix
    ];
  services.nextcloud = {
    enable = true;                                   # Enable Nextcloud
    hostName = "cloud.mcwhirter.io";                 # FQDN for the Nextcloud instance
    nginx.enable = true;                             # Whether to enable nginx virtual host management
    config = {                                       # Configure Nextcloud
      dbtype = "pgsql";                              # Set database type
      dbname = "nextcloud";
      dbhost = "/run/postgresql";
      dbuser = "nextcloud";
      dbpassFile = "/run/keys/nextcloud-dbpass";     # Where to find the password
      adminpassFile = "/run/keys/nextcloud-admin";   # Where to find the password
      adminuser = "root";
      overwriteProtocol = "https";                   # Force Nextcloud to always use HTTPS
    };
  };
  services.postgresql = {
    enable = true;                       # Ensure postgresql is enabled
    ensureDatabases = [ "nextcloud" ];
    ensureUsers = [
      { name = "nextcloud";
        ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
      }
    ];
  };
  services.nginx = {
    #enable = true;                             # Enable Nginx
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    virtualHosts."cloud.mcwhirter.io" = {      # Nextcloud hostname
      enableACME = true;                       # Use ACME certs
      forceSSL = true;                         # Force SSL
    };
    virtualHosts."owncloud.mcwhirter.io" = {   # Hostname to be redirected
      globalRedirect = "cloud.mcwhirter.io";   # Redirect permanently to the host
    };
  };
  systemd.services."nextcloud-setup" = {
    requires = ["postgresql.service"];
    after = ["postgresql.service"];
  };
  security.acme.certs = {
      "cloud.mcwhirter.io".email = "craige@mcwhirter.io";
  };
  users.groups.keys.members = [ "nextcloud" ];        # Required due to NixOps issue #1204
  users.groups.nextcloud.members = [ "nextcloud" ];   # Added for keys permissions
  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }