nixos/hosts/architect/nextcloud.nix

{ pkgs, ... }:

let
  domain = "cloud.giugl.io";
  network = import ./network.nix;
  redis_port = 6379;
in {
  services = {
    mysql = {
      enable = true;
      package = pkgs.unstable.mysql80;
    };

    redis = {
      vmOverCommit = true;
      servers."nextcloud" = {
        enable = true;
        port = redis_port;
      };
    };

    nextcloud = {
      enable = true;
      hostName = domain;
      https = true;
      package = pkgs.unstable.nextcloud25;

      caching = {
        redis = true;
      };

      autoUpdateApps.enable = true;
      autoUpdateApps.startAt = "05:00:00";

      config = {
        overwriteProtocol = "https";
        dbtype = "mysql";
        dbuser = "oc_giulio2";
        dbhost = "localhost";
        dbname = "nextcloud_final";
        dbpassFile = "/secrets/nextcloud/dbpass.txt";
        adminpassFile = "/secrets/nextcloud/adminpass.txt";
        adminuser = "giulio";
        extraTrustedDomains = [ "${domain}" ];
      };
    };
  };

  systemd.services."nextcloud-setup" = {
    requires = [ "mysql.service" ];
    after = [ "mysql.service" ];
  };

  networking.extraHosts = ''
    ${network.architect-lan} ${domain}
    ${network.architect-wg} ${domain}
  '';

  services.nginx.virtualHosts.${domain} = {
    forceSSL = true;
    enableACME = true;
  };
}
formatting 2021-11-25 11:42:32 +00:00			`{ pkgs, ... }:`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00
removed implicit use of network.nix. use domain names in each service conf file. restrict access to gdevices to sensitive services. 2021-12-08 16:39:00 +00:00			`let`
			`domain = "cloud.giugl.io";`
			`network = import ./network.nix;`
nextcloud: Updates to service 2022-10-28 12:32:49 +01:00			`redis_port = 6379;`
removed implicit use of network.nix. use domain names in each service conf file. restrict access to gdevices to sensitive services. 2021-12-08 16:39:00 +00:00			`in {`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00			`services = {`
nextcloud: Updates to service 2022-10-28 12:32:49 +01:00			`mysql = {`
			`enable = true;`
			`package = pkgs.unstable.mysql80;`
			`};`
formatting 2021-11-25 11:42:32 +00:00
nextcloud: Updates to service 2022-10-28 12:32:49 +01:00			`redis = {`
			`vmOverCommit = true;`
			`servers."nextcloud" = {`
			`enable = true;`
			`port = redis_port;`
			`};`
			`};`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00
			`nextcloud = {`
			`enable = true;`
nextcloud: Updates to service 2022-10-28 12:32:49 +01:00			`hostName = domain;`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00			`https = true;`
nextcloud: Bump to NC 25 2022-11-11 18:17:40 +00:00			`package = pkgs.unstable.nextcloud25;`
nextcloud bump to 22 unstable 2021-08-25 12:10:31 +01:00
nextcloud: Updates to service 2022-10-28 12:32:49 +01:00			`caching = {`
			`redis = true;`
			`};`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00
			`autoUpdateApps.enable = true;`
			`autoUpdateApps.startAt = "05:00:00";`

			`config = {`
			`overwriteProtocol = "https";`
			`dbtype = "mysql";`
			`dbuser = "oc_giulio2";`
			`dbhost = "localhost";`
			`dbname = "nextcloud_final";`
			`dbpassFile = "/secrets/nextcloud/dbpass.txt";`
			`adminpassFile = "/secrets/nextcloud/adminpass.txt";`
			`adminuser = "giulio";`
removed implicit use of network.nix. use domain names in each service conf file. restrict access to gdevices to sensitive services. 2021-12-08 16:39:00 +00:00			`extraTrustedDomains = [ "${domain}" ];`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00			`};`
			`};`
			`};`

			`systemd.services."nextcloud-setup" = {`
formatting 2021-11-25 11:42:32 +00:00			`requires = [ "mysql.service" ];`
			`after = [ "mysql.service" ];`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00			`};`

			`networking.extraHosts = ''`
removed implicit use of network.nix. use domain names in each service conf file. restrict access to gdevices to sensitive services. 2021-12-08 16:39:00 +00:00			`${network.architect-lan} ${domain}`
			`${network.architect-wg} ${domain}`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00			`'';`

removed implicit use of network.nix. use domain names in each service conf file. restrict access to gdevices to sensitive services. 2021-12-08 16:39:00 +00:00			`services.nginx.virtualHosts.${domain} = {`
formatting 2021-11-25 11:42:32 +00:00			`forceSSL = true;`
			`enableACME = true;`
			`};`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00			`}`