Added Nextcloud role

This commit is contained in:
Serĉanto de Scio 2019-12-17 11:01:02 +10:00
parent 68aa551be0
commit 6c06eacc08
Signed by: sercanto
GPG key ID: A4122FF3971B6865
2 changed files with 68 additions and 0 deletions

View file

@ -11,6 +11,7 @@
../roles/hydra.nix
../roles/iohk.nix
../roles/matrix.nix
../roles/nextcloud.nix
../roles/nixpkgs-dev.nix
../roles/taskserver.nix
../roles/tt-rss.nix

67
roles/nextcloud.nix Normal file
View file

@ -0,0 +1,67 @@
# NixOps configuration for the hosts running Nextcloud
{ config, pkgs, lib, ... }:
{
imports =
[
../secrets/nextcloud.nix
];
services.nextcloud = {
enable = true; # Enable Nextcloud
hostName = "cloud.mcwhirter.io"; # FQDN for the Nextcloud instance
nginx.enable = true; # Whether to enable nginx virtual host management
config = { # Configure Nextcloud
dbtype = "pgsql"; # Set database type
dbname = "nextcloud";
dbhost = "/run/postgresql";
dbuser = "nextcloud";
dbpassFile = "/run/keys/nextcloud-dbpass"; # Where to find the password
adminpassFile = "/run/keys/nextcloud-admin"; # Where to find the password
adminuser = "root";
overwriteProtocol = "https"; # Force Nextcloud to always use HTTPS
};
};
services.postgresql = {
enable = true; # Ensure postgresql is enabled
ensureDatabases = [ "nextcloud" ];
ensureUsers = [
{ name = "nextcloud";
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
}
];
};
services.nginx = {
#enable = true; # Enable Nginx
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."cloud.mcwhirter.io" = { # Nextcloud hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
};
virtualHosts."owncloud.mcwhirter.io" = { # Hostname to be redirected
globalRedirect = "cloud.mcwhirter.io"; # Redirect permanently to the host
};
};
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
security.acme.certs = {
"cloud.mcwhirter.io".email = "craige@mcwhirter.io";
};
users.groups.keys.members = [ "nextcloud" ]; # Required due to NixOps issue #1204
users.groups.nextcloud.members = [ "nextcloud" ]; # Added for keys permissions
networking.firewall.allowedTCPPorts = [ 80 443 ];
}