feat(APPA): add nextcloud

2024-09-17 16:12:42 +02:00 · 2024-09-17 16:12:42 +02:00 · aaf6cefc09
commit aaf6cefc09
parent 8a3823f7df
6 changed files with 43 additions and 0 deletions
--- a/hosts/APPA/services/adguard-home.nix
+++ b/hosts/APPA/services/adguard-home.nix
@ -42,6 +42,10 @@
            domain = config.services.gitea.settings.server.DOMAIN;
            answer = "192.168.2.40";
          }
+          {
+            domain = config.services.nextcloud.hostName;
+            answer = "192.168.2.40";
+          }
          {
            domain = "anki.dryb.org";
            answer = "192.168.2.40";
--- a/hosts/APPA/services/default.nix
+++ b/hosts/APPA/services/default.nix
@ -6,6 +6,7 @@
    ./ddclient.nix
    ./gitea.nix
    ./homepage-dashboard.nix
+    ./nextcloud.nix
    ./nginx.nix
    ./postgresql.nix
    ./vaultwarden.nix
--- a/hosts/APPA/services/nextcloud.nix
+++ b/hosts/APPA/services/nextcloud.nix
@ -0,0 +1,24 @@
+{ config, ... }:
+{
+
+  age.secrets.passwords-gitea-db = {
+    file = ../../../secrets/passwords/gitea/db.age;
+    owner = config.users.users.nextcloud.name;
+    group = config.users.groups.nextcloud.name;
+  };
+
+  services.nextcloud = {
+    enable = true;
+    https = true;
+    hostName = "nextcloud.dryb.org";
+    database.createLocally = true;
+    config = {
+      adminuser = "admin";
+      adminpassFile = config.age.secrets.passwords-gitea-db.path;
+    };
+    autoUpdateApps = {
+      enable = true;
+    };
+  };
+
+}
--- a/hosts/APPA/services/nginx.nix
+++ b/hosts/APPA/services/nginx.nix
@ -18,6 +18,10 @@
        proxyPass = "http://127.0.0.1:8001";
      };
    };
+    virtualHosts."${config.services.nextcloud.hostName}" = {
+      useACMEHost = "dryb.org";
+      forceSSL = true;
+    };
    virtualHosts."${config.services.gitea.settings.server.DOMAIN}" = {
      useACMEHost = "dryb.org";
      forceSSL = true;
--- a/secrets/passwords/nextcloud/admin.age
+++ b/secrets/passwords/nextcloud/admin.age
@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 OFTJeQ ZR/HXJbMffa0GONFhLI54XbnMfUa44IBtmc35WfFalE
+5k336aLzA40CP1qy1bhpAeOBMf/v8acDsbT3ehJgNH8
+-> ssh-ed25519 lfMVeg rNkPlKPIOnU3MX1DRAAqUrVCl2aFCD1LiULqgT94ih0
+s1dizDfvjFexbtOaY+8LHT4rASAmna+YtI6sThwY2lo
+-> ssh-ed25519 ueRyzQ yXUlKmMDvGQpYHDPax8AOmAupPm1MlOB8O0dWLZlPxI
+a/+l6l8f6Bwl6cmfob0lZnBriQ5uGE/zK/JDRwsp3+o
+--- k6YDdEeu5493P74E1pt8yOaWrlKxq5KEEfokK+FaFq4
+€Ð„€¤u¨nh(§Qð‚yëòÈ5b¥¥YÏ‰<·›ˆ—ä¦éZ„Döwæƒ0
¶Ì #8¥¨t¸Ò…!±¯‡
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -31,5 +31,6 @@ in
  "keys/wireguard/dryborg/presharedkey.age".publicKeys = [ gandalf ] ++ clients;
  "passwords/gitea/db.age".publicKeys = users ++ [ APPA ];
  "passwords/anki/admin.age".publicKeys = users ++ [ APPA ];
+  "passwords/nextcloud/admin.age".publicKeys = users ++ [ APPA ];
  "passwords/ddclient/cloudflare.age".publicKeys = users ++ [ APPA ];
 }