nixos/hosts/architect/nextcloud.nix

{ pkgs, ... }:

let
  domain = "cloud.giugl.io";
  network = import ./network.nix;
  redis_port = 6379;
in
{
  services = {
    mysql = {
      enable = true;
      package = pkgs.unstablePkgs.mysql80;
    };

    redis = {
      vmOverCommit = true;
      servers."nextcloud" = {
        enable = true;
        port = redis_port;
      };
    };

    nextcloud = {
      enable = true;
      hostName = domain;
      https = true;
      package = pkgs.unstablePkgs.nextcloud25;
      datadir = "/services/nextcloud";
      caching = {
        redis = true;
      };

      autoUpdateApps.enable = true;
      autoUpdateApps.startAt = "05:00:00";

      config = {
        overwriteProtocol = "https";
        dbtype = "mysql";
        dbuser = "oc_giulio2";
        dbhost = "localhost";
        dbname = "nextcloud_final";
        dbpassFile = "/secrets/nextcloud/dbpass.txt";
        adminpassFile = "/secrets/nextcloud/adminpass.txt";
        adminuser = "giulio";
        extraTrustedDomains = [ "${domain}" ];
      };
    };
  };

  systemd.services."nextcloud-setup" = {
    requires = [ "mysql.service" ];
    after = [ "mysql.service" ];
  };

  networking.extraHosts = ''
    ${network.architect-lan} ${domain}
    ${network.architect-wg} ${domain}
    ${network.architect-ts} ${domain}
  '';

  services.nginx.virtualHosts.${domain} = {
    forceSSL = true;
    enableACME = true;
  };
}
formatting 2021-11-25 11:42:32 +00:00			`{ pkgs, ... }:`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00
removed implicit use of network.nix. use domain names in each service conf file. restrict access to gdevices to sensitive services. 2021-12-08 16:39:00 +00:00			`let`
			`domain = "cloud.giugl.io";`
			`network = import ./network.nix;`
nextcloud: Updates to service 2022-10-28 12:32:49 +01:00			`redis_port = 6379;`
Formatting 2023-02-11 02:29:48 +00:00			`in`
			`{`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00			`services = {`
nextcloud: Updates to service 2022-10-28 12:32:49 +01:00			`mysql = {`
			`enable = true;`
Renamed unstable to unstablePkgs to avoid confusion with nixos-unstable flake 2023-02-14 20:30:37 +00:00			`package = pkgs.unstablePkgs.mysql80;`
nextcloud: Updates to service 2022-10-28 12:32:49 +01:00			`};`
formatting 2021-11-25 11:42:32 +00:00
nextcloud: Updates to service 2022-10-28 12:32:49 +01:00			`redis = {`
			`vmOverCommit = true;`
			`servers."nextcloud" = {`
			`enable = true;`
			`port = redis_port;`
			`};`
			`};`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00
			`nextcloud = {`
			`enable = true;`
nextcloud: Updates to service 2022-10-28 12:32:49 +01:00			`hostName = domain;`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00			`https = true;`
Renamed unstable to unstablePkgs to avoid confusion with nixos-unstable flake 2023-02-14 20:30:37 +00:00			`package = pkgs.unstablePkgs.nextcloud25;`
flake: Removed proxy host 2022-12-01 13:28:10 +00:00			`datadir = "/services/nextcloud";`
nextcloud: Updates to service 2022-10-28 12:32:49 +01:00			`caching = {`
			`redis = true;`
			`};`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00
			`autoUpdateApps.enable = true;`
			`autoUpdateApps.startAt = "05:00:00";`

			`config = {`
			`overwriteProtocol = "https";`
			`dbtype = "mysql";`
			`dbuser = "oc_giulio2";`
			`dbhost = "localhost";`
			`dbname = "nextcloud_final";`
			`dbpassFile = "/secrets/nextcloud/dbpass.txt";`
			`adminpassFile = "/secrets/nextcloud/adminpass.txt";`
			`adminuser = "giulio";`
removed implicit use of network.nix. use domain names in each service conf file. restrict access to gdevices to sensitive services. 2021-12-08 16:39:00 +00:00			`extraTrustedDomains = [ "${domain}" ];`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00			`};`
			`};`
			`};`

			`systemd.services."nextcloud-setup" = {`
formatting 2021-11-25 11:42:32 +00:00			`requires = [ "mysql.service" ];`
			`after = [ "mysql.service" ];`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00			`};`

			`networking.extraHosts = ''`
removed implicit use of network.nix. use domain names in each service conf file. restrict access to gdevices to sensitive services. 2021-12-08 16:39:00 +00:00			`${network.architect-lan} ${domain}`
			`${network.architect-wg} ${domain}`
architect: Add tailscale IP to hosts for every service 2023-02-01 20:55:32 +00:00			`${network.architect-ts} ${domain}`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00			`'';`

removed implicit use of network.nix. use domain names in each service conf file. restrict access to gdevices to sensitive services. 2021-12-08 16:39:00 +00:00			`services.nginx.virtualHosts.${domain} = {`
formatting 2021-11-25 11:42:32 +00:00			`forceSSL = true;`
			`enableACME = true;`
			`};`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00			`}`