79 lines
2.6 KiB
Nix
79 lines
2.6 KiB
Nix
# NixOps configuration for the hosts running Nextcloud
|
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
{
|
|
|
|
imports = [ ../secrets/nextcloud.nix ];
|
|
|
|
services.nextcloud = {
|
|
enable = true; # Enable Nextcloud
|
|
hostName = "cloud.mcwhirter.io"; # FQDN for the Nextcloud instance
|
|
https = true; # Use HTTPS for links
|
|
config = { # Configure Nextcloud
|
|
dbtype = "pgsql"; # Set the database type
|
|
dbname = "nextcloud"; # Set the database name
|
|
dbhost = "/run/postgresql"; # Set the database connection
|
|
dbuser = "nextcloud"; # Set the database user
|
|
dbpassFile =
|
|
"/run/keys/nextcloud-dbpass"; # Where to find the database password
|
|
adminpassFile =
|
|
"/run/keys/nextcloud-admin"; # Where to find the admin password
|
|
adminuser = "root"; # Set the admin user name
|
|
overwriteProtocol = "https"; # Force Nextcloud to always use HTTPS
|
|
defaultPhoneRegion =
|
|
"AU"; # Country code for automatic phone-number detection
|
|
};
|
|
autoUpdateApps = {
|
|
enable = true; # Run regular auto update of all apps installed
|
|
startAt = "01:00:00"; # When to run the update
|
|
};
|
|
package = pkgs.nextcloud23;
|
|
};
|
|
|
|
services.postgresql = {
|
|
enable = true; # Ensure postgresql is enabled
|
|
ensureDatabases = [ "nextcloud" ]; # Ensure the database persists
|
|
ensureUsers = [{
|
|
name = "nextcloud"; # Ensure the database user persists
|
|
ensurePermissions = { # Ensure the database permissions persist
|
|
"DATABASE nextcloud" = "ALL PRIVILEGES";
|
|
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
|
|
};
|
|
}];
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true; # Enable Nginx
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
virtualHosts."cloud.mcwhirter.io" = { # Nextcloud hostname
|
|
enableACME = true; # Use ACME certs
|
|
forceSSL = true; # Force SSL
|
|
};
|
|
virtualHosts."owncloud.mcwhirter.io" = { # Hostname to be redirected
|
|
globalRedirect = "cloud.mcwhirter.io"; # Redirect permanently to the host
|
|
};
|
|
};
|
|
|
|
systemd.services."nextcloud-setup" = { # Ensure PostgreSQL is running first
|
|
requires = [ "postgresql.service" ];
|
|
after = [ "postgresql.service" ];
|
|
};
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
certs = { "cloud.mcwhirter.io" = { email = "craige@mcwhirter.io"; }; };
|
|
};
|
|
|
|
users.groups.keys.members =
|
|
[ "nextcloud" ]; # Required due to NixOps issue #1204
|
|
users.groups.nextcloud.members = [ "nextcloud" ]; # Added for keys permissions
|
|
|
|
networking.firewall.allowedTCPPorts =
|
|
[ 80 443 ]; # Open the required firewall ports
|
|
|
|
}
|