From aaf6cefc094129df7eda5f5c4f1f6e34e4cde7e7 Mon Sep 17 00:00:00 2001 From: Jacob Bachmann Date: Tue, 17 Sep 2024 16:12:42 +0200 Subject: [PATCH] feat(APPA): add nextcloud --- hosts/APPA/services/adguard-home.nix | 4 ++++ hosts/APPA/services/default.nix | 1 + hosts/APPA/services/nextcloud.nix | 24 ++++++++++++++++++++++++ hosts/APPA/services/nginx.nix | 4 ++++ secrets/passwords/nextcloud/admin.age | 9 +++++++++ secrets/secrets.nix | 1 + 6 files changed, 43 insertions(+) create mode 100644 hosts/APPA/services/nextcloud.nix create mode 100644 secrets/passwords/nextcloud/admin.age diff --git a/hosts/APPA/services/adguard-home.nix b/hosts/APPA/services/adguard-home.nix index 82bcfab..b62fd13 100644 --- a/hosts/APPA/services/adguard-home.nix +++ b/hosts/APPA/services/adguard-home.nix @@ -42,6 +42,10 @@ domain = config.services.gitea.settings.server.DOMAIN; answer = "192.168.2.40"; } + { + domain = config.services.nextcloud.hostName; + answer = "192.168.2.40"; + } { domain = "anki.dryb.org"; answer = "192.168.2.40"; diff --git a/hosts/APPA/services/default.nix b/hosts/APPA/services/default.nix index f4085ab..6438b05 100644 --- a/hosts/APPA/services/default.nix +++ b/hosts/APPA/services/default.nix @@ -6,6 +6,7 @@ ./ddclient.nix ./gitea.nix ./homepage-dashboard.nix + ./nextcloud.nix ./nginx.nix ./postgresql.nix ./vaultwarden.nix diff --git a/hosts/APPA/services/nextcloud.nix b/hosts/APPA/services/nextcloud.nix new file mode 100644 index 0000000..0cb72bd --- /dev/null +++ b/hosts/APPA/services/nextcloud.nix @@ -0,0 +1,24 @@ +{ config, ... }: +{ + + age.secrets.passwords-gitea-db = { + file = ../../../secrets/passwords/gitea/db.age; + owner = config.users.users.nextcloud.name; + group = config.users.groups.nextcloud.name; + }; + + services.nextcloud = { + enable = true; + https = true; + hostName = "nextcloud.dryb.org"; + database.createLocally = true; + config = { + adminuser = "admin"; + adminpassFile = config.age.secrets.passwords-gitea-db.path; + }; + autoUpdateApps = { + enable = true; + }; + }; + +} diff --git a/hosts/APPA/services/nginx.nix b/hosts/APPA/services/nginx.nix index ea79158..494e49c 100644 --- a/hosts/APPA/services/nginx.nix +++ b/hosts/APPA/services/nginx.nix @@ -18,6 +18,10 @@ proxyPass = "http://127.0.0.1:8001"; }; }; + virtualHosts."${config.services.nextcloud.hostName}" = { + useACMEHost = "dryb.org"; + forceSSL = true; + }; virtualHosts."${config.services.gitea.settings.server.DOMAIN}" = { useACMEHost = "dryb.org"; forceSSL = true; diff --git a/secrets/passwords/nextcloud/admin.age b/secrets/passwords/nextcloud/admin.age new file mode 100644 index 0000000..3761b2d --- /dev/null +++ b/secrets/passwords/nextcloud/admin.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 OFTJeQ ZR/HXJbMffa0GONFhLI54XbnMfUa44IBtmc35WfFalE +5k336aLzA40CP1qy1bhpAeOBMf/v8acDsbT3ehJgNH8 +-> ssh-ed25519 lfMVeg rNkPlKPIOnU3MX1DRAAqUrVCl2aFCD1LiULqgT94ih0 +s1dizDfvjFexbtOaY+8LHT4rASAmna+YtI6sThwY2lo +-> ssh-ed25519 ueRyzQ yXUlKmMDvGQpYHDPax8AOmAupPm1MlOB8O0dWLZlPxI +a/+l6l8f6Bwl6cmfob0lZnBriQ5uGE/zK/JDRwsp3+o +--- k6YDdEeu5493P74E1pt8yOaWrlKxq5KEEfokK+FaFq4 +€Є€¤u¨nh(§Qð‚yëòÈ5b¥¥Yω<·›ˆ —ä¦éZ„Döwæƒ0 ¶Ì #8¥¨t¸Ò…! ±¯‡ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index caa5c4a..0c58d9a 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -31,5 +31,6 @@ in "keys/wireguard/dryborg/presharedkey.age".publicKeys = [ gandalf ] ++ clients; "passwords/gitea/db.age".publicKeys = users ++ [ APPA ]; "passwords/anki/admin.age".publicKeys = users ++ [ APPA ]; + "passwords/nextcloud/admin.age".publicKeys = users ++ [ APPA ]; "passwords/ddclient/cloudflare.age".publicKeys = users ++ [ APPA ]; }