Deploy nextcloud
This commit is contained in:
parent
42c2668094
commit
8f9a556f37
|
@ -15,6 +15,7 @@
|
|||
|
||||
./headscale.nix
|
||||
./gitea.nix
|
||||
./nextcloud.nix
|
||||
];
|
||||
|
||||
common.linux.enable = false; # Don't enable the "common linux" module, this is a special machine.
|
||||
|
@ -182,7 +183,7 @@
|
|||
|
||||
|
||||
# Outline
|
||||
sops.secrets.minio-secret-key = { };
|
||||
sops.secrets.minio-secret-key = { owner = "root"; mode = "0444"; };
|
||||
sops.secrets.authentik-oidc-client-secret = { owner = "outline"; };
|
||||
sops.secrets."outline/smtp-password" = { owner = "outline"; };
|
||||
services.outline = {
|
||||
|
@ -242,6 +243,7 @@
|
|||
listenAddress = ":61929";
|
||||
consoleAddress = ":62929";
|
||||
rootCredentialsFile = config.sops.secrets.minio-credentials.path;
|
||||
dataDir = lib.mkForce [ "/mnt/minio/minio" ];
|
||||
};
|
||||
cloud.traefik.hosts.minio = { host = "s3.dtth.ch"; port = 61929; };
|
||||
system.stateVersion = "21.11";
|
||||
|
|
|
@ -7,4 +7,10 @@
|
|||
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
|
||||
# swap
|
||||
swapDevices = [{ device = "/var/swapfile"; size = 2 * 1024; }];
|
||||
# volumes
|
||||
fileSystems."/mnt/minio" = {
|
||||
device = "/dev/disk/by-id/scsi-0HC_Volume_31812942";
|
||||
fsType = "ext4";
|
||||
|
||||
};
|
||||
}
|
||||
|
|
66
nki-personal-do/nextcloud.nix
Normal file
66
nki-personal-do/nextcloud.nix
Normal file
|
@ -0,0 +1,66 @@
|
|||
{ lib, pkgs, config, ... }:
|
||||
with lib;
|
||||
let
|
||||
user = "nextcloud";
|
||||
host = "cloud.dtth.ch";
|
||||
port = 61155;
|
||||
|
||||
secrets = config.sops.secrets;
|
||||
in
|
||||
{
|
||||
sops.secrets."nextcloud/admin-password" = { owner = user; };
|
||||
sops.secrets."nextcloud/minio-secret-key" = { owner = user; key = "minio-secret-key"; };
|
||||
# database
|
||||
cloud.postgresql.databases = [ user ];
|
||||
# traefik
|
||||
cloud.traefik.hosts.nextcloud = {
|
||||
inherit port host;
|
||||
};
|
||||
services.nextcloud = {
|
||||
enable = true;
|
||||
hostName = host;
|
||||
package = pkgs.nextcloud26;
|
||||
enableBrokenCiphersForSSE = false;
|
||||
|
||||
home = "/mnt/minio/nextcloud";
|
||||
https = true;
|
||||
database.createLocally = false;
|
||||
|
||||
extraApps = with pkgs.nextcloud26Packages.apps; {
|
||||
inherit calendar contacts deck forms groupfolders news tasks;
|
||||
sociallogin = pkgs.fetchNextcloudApp rec {
|
||||
url = "https://github.com/zorn-v/nextcloud-social-login/releases/download/v5.4.3/release.tar.gz";
|
||||
sha256 = "sha256-ZKwtF9j9WFIk3MZgng9DmN00A73S2Rb4qbehL9adaZo=";
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
# Database
|
||||
dbtype = "pgsql";
|
||||
dbname = user;
|
||||
dbuser = user;
|
||||
dbhost = "/run/postgresql";
|
||||
# User
|
||||
adminuser = "nki";
|
||||
adminpassFile = secrets."nextcloud/admin-password".path;
|
||||
# General
|
||||
overwriteProtocol = "https";
|
||||
defaultPhoneRegion = "VN";
|
||||
|
||||
objectstore.s3 = {
|
||||
enable = true;
|
||||
bucket = "nextcloud-dtth";
|
||||
autocreate = true;
|
||||
key = "minio";
|
||||
secretFile = config.sops.secrets."nextcloud/minio-secret-key".path;
|
||||
hostname = "s3.dtth.ch";
|
||||
port = 443;
|
||||
useSsl = true;
|
||||
usePathStyle = true;
|
||||
region = "us-east-1";
|
||||
};
|
||||
};
|
||||
};
|
||||
services.nginx.virtualHosts.${host}.listen = [{ inherit port; addr = "127.0.0.1"; }];
|
||||
}
|
||||
|
|
@ -7,7 +7,7 @@ minio-secret-key: ENC[AES256_GCM,data:FkF4hFiW7s5gYbMbdemsmhduYDtb/aqMoUgP+CWI3r
|
|||
cloudflare-dns-api-token: ENC[AES256_GCM,data:2ny3JehpK30fTUDKrbzHv1QOczriChRyMQn6kNPULpUJ+eVwdptLvg==,iv:8wNAn3oawzLez7sO4ZvhFXcaZIpFVKgKCvTBlszFHn8=,tag:fRaO+u/5MtAWnTiy2Zwh0Q==,type:str]
|
||||
#ENC[AES256_GCM,data:KWrVRQg+cLm5MUdfsYrh7hkI4CWkl4Z0sDj0769eebeXDy+veixrQrxh1ZW+ro3WLwoIdU/IH5DPM4TWYn2qoM5aDHjGX764pr1x,iv:uZHBsGvSHv9vd/Wragl1dYNJ+8vCcMit2K3SrMFlz7s=,tag:7z4LyADfQvXsM2vvtWru8w==,type:comment]
|
||||
traefik-dashboard-users: ENC[AES256_GCM,data:kviapOq+xzxhjryse+5DaZbXRS/LEYyjqqFbHymXAZVEkWlu0T5pZ2bxSNCbXN+tXnb0u+6YPgGCaRNPLW74AF1hO8W8QqlLDA==,iv:41bwPyFQcuOLILTjLWUu5Kcnct/MaIIJsMbllc+n7Y0=,tag:17HyUjfRUcLGb0FrUm1O2A==,type:str]
|
||||
mail-users: ENC[AES256_GCM,data:FLmmXKcYLNRCyksuEervvU3HHzbPa4nPyHziF0CAtvB571AilH35KylvVb6YAh66Zacr8aO6CkxgIhcqs4/IFWmqNRSWta3R2r5g6yQE3gUW+HhPra1rRrmB9lRFs8j6lkUza0Rrrr1NmTkf2YqGyAR40+lEcaCQUyDAqUE3GW39YSunWDkvbsBCHK/Pj+Oq46dKr8NrOHqkbN7rdamSdReAKMzk8/lRAkbsxe9kfra/cwxVArEEVX10w2g4zTdPW2QlykvrmBLcjY6NA6FWDPwSUvq87lfKo6svUSN3zgfsgo2F809FdKPazEMQq9QvAoWe5jJ1YJbiquuJpelH6Ip7ShKGGw==,iv:BlhylfpbRfq9e9UOuhwcL2BUuWpynZT46RsprcaEVrI=,tag:g8QVUuNk4TuxgkHrfzqQvQ==,type:str]
|
||||
mail-users: ENC[AES256_GCM,data:4L/G7TfwqchtaSRBQxbKMrQY0f857jzye4ojaaZ5m5Q9Du6dLwyZoMu7KyAedhaYnVnjv+qk7BdNpbbHH1cbFJ13Q5KLqyrge0iyXmhKdFoT7ftU60omiIBgZahTvoSgIg72r+bUNRDFqbb9yHYixEDpZFX2DScJ3A8FnjKZ1l022eRHpj8KMV534ew5QN9QB0gE5Swu5egBm/glgbX9OeiNX4N66Qf7HKGTQ5p1UXqlK38xIJelAm2KjZ2BGswxYCmxKV6f0q0lAD2Pi6Ass1AWfWb0Is00ZUcJy5KoqhqmcaXURlcAnfHunRQam/UJstfYzARg4SwUG2mrKSDrqtnawxlsaf4D9dtj6AwZiyrsK6jDTj8EH6ZPYpc3I6ag9FkMSrkWmWYPNdHMzZFtoDN8Yvb/yRB5KQj2zqHVEbvQba0afNDP1RsmPHFezGCe6PchTLChIPEyLzgZS5dqiA==,iv:0BAZIE4Y0ZzszkTounx3cRgxYWZKbUT5Ye83rdL39vw=,tag:OIaOwTdM/9h1fwY7gwWOdQ==,type:str]
|
||||
youmubot-env: ENC[AES256_GCM,data:m/NGN8r6Caq2tTHeVWV9y5fol9r36aKYYXLjHaa0AR+0XpVeJdXVZxPfQtzX4uo09rOGAPE4lepO05weo7mvEjI5m5QJ4FWrw0/HkLm4SUWnTnDU6BlK7l4K/2Ayz7jmD6GLWI+KcOSjEmma9GXNkVwDnxVrwaAWYOfDqDJMjMES/1S8OgCe5+74MCgNeefIwgXnmmxVMpl8fAdnOgovh1zRvcKPVrN5T0ia39IatDERwegas+q8t90Jjw==,iv:IEFvaMWzgClbHbsxGTdP5EdGayHQgggOT9CU7oAyMtE=,tag:GoEEcGCNHMimzltDit4kzA==,type:str]
|
||||
outline:
|
||||
smtp-password: ENC[AES256_GCM,data:zpIi6jVB2Y7ksBOR8SGFgjOD1x3aS6dKa6taLKB8v2l9p92iWDti75qgB1puglmmq8mCzz8KXLrM0Bv7W8GWRg==,iv:6tKINzQcApmNuIbNn0kSzFJtwn3rky/uFG2Ff3lazUk=,tag:kjB6qB87tRQVpy32Pt3D5A==,type:str]
|
||||
|
@ -24,6 +24,8 @@ headscale:
|
|||
gitea:
|
||||
mailer-password: ENC[AES256_GCM,data:LDW0bpbfanBa2QjqdgtKu6F+zG84xaGuLg1cs6eTJbg=,iv:Kle+czR9Xqi45qWjYJIjRhq87rG2PNoNF6YQ7tQ+HJA=,tag:WUuPgwdnz8F2WtFsgcrw/Q==,type:str]
|
||||
signing-key: ENC[AES256_GCM,data:64tLU6rVcCq6CSfVGtFfSc8m89gHFHwGQ4JSHw8p7GqlB7ioHrJVu8o+6u6UPERMfkcHsTG2gTwh7wpblF//bk1+TRyYWSuDnIGl1G7+6FVmJbvLyGJBck0NauW4s5Keiqr2qg38i3y9qy7kPaJGz/2J6cYYSQxB9xy8mtdoxwypGf+zxu1teiUnKmWa89i941s2FZZ+FoQvQCZs/7En3YnxNiDM+lXR4wqbPZPROlYHaVDOgeACBgq8GwNdgAFF7qRLdjxMGgjS3jjlD4QCJlEO6UbqVEBEK7pf4Or4kx/RM2A0rgGNUPpwKu/b5xGTUkA0X7TcZNIcLJ2zred0JIEj0bM7MNrkBIQovHEYLT3m33W1zKTTBC2lgPh90I/tPauIOb1hWHzgjM+LpV8bPkGXIk3BmoxW8eCiFmSjfvxdyS6WVJ6lGOIhaFNl59LyKsljyUmYcauig7/T+ylGyWiPViXuYB4fWxWr1t7Tb6DgY2fJdl5KQHLkDoAylHQ6pOb0l2YUGw1+vvHocMA9KTJeTnhTWAPZLOIFbfZL8sxrWRlpuZvvKdXlOjzKwVgCzWudYJ4jUoPSCmvxpnuCpiPbqaoZyA3Vyx7UCTN7UhKRb99jxEqdTrDPwRL0VlVZUQgLDTMPXHjdoOan06wXmDJEDRDBFsrrpna9wY1uvyPGBBpZ+uQZdxPZfXKQ8HRVHS1dKfyvdIaG/eYUrimF9euhYKYGPH02S6UcU+yQXw5B12HBxLDwS0oF3yWXfTMBsgejWFAuyQkQVJJjAi/Zs+9HJ3FQqr4vl/hUclv/X2XURuPc/jjYziNuOAn6yGhXuNC713SzUOnZlDgEcCkm8DHn5hQ/W4rZGUbSq+y/HUk8GA6XSw8u8H7KDQFnV4l4Chg1cKAf0YSXeinJ2x/RA9GXBvC5FVOM/Cx95arxS57vD578Rkdf/c7UQmuH+6X9YTX8MHVgkpHAGJ+bu2UnQ/hjAvGW6kee4jqefybCTxJm7qcSz1JrG6rS+S+9ZFj8BrXLcSIRlvxotg+FmBjdlqJMj5i0w+cR2f2zXPsmeDC0gmSTV7mYNz9+uMv708xwm26e4/rTT0hS+szLzzz/Ygm9yAkLf9lIS3457IWEjF+LCs9SEq3jfkx5zqpWfOpBCQU9rYKJhvjCVK6a1Hb2PfO4klkuwSNFPwyMHDlEqNmIVUf6uM5p8RVEQy07GsE4ycNtgicC32JGpkotcaU1ByQVbqRXlqJqMJnUEbnWH6qf3Em+wi8eBHmPf1BNjdP3f9BOle+H17/SdKssRbA8o4qQAGVkFzfjybMIh0onB1e15Rt5TUrRDxQAZG+uIsrHEiEOCDED846wO9apeV7wuOKXv2USDhybQhIctcuwxFGQEZWtGGrKzWTlK82Qb8FUM44x2HFj1SK7mIQbU20TcL2bd3b1OZ2kQe16CaT9R0BkpRlPLfiA1ZD7+3DdCyOJxTjutCQgaI1ONQuWn47rDOMbyqZhxs+Gj6bormGEWVRXQpV4VTknN/GyFB2aWQmZF8hGpEBl/t8IfOXDs56kN2Z8W2eKzHZz9u11HQ0eJ05LX2xz5DB+22UZT4bGK6Y3vJtB0+27r7G7hh79Fkapggm61xh3+D593epyW6Ix4hN29KrJWz/s93gi/g==,iv:LlUhINacJf7haxl7i0QI9ALdOFLdLJGbsXgszKVJOVg=,tag:ALkAcUmPFHp8wpI7DVYbiw==,type:str]
|
||||
nextcloud:
|
||||
admin-password: ENC[AES256_GCM,data:wDL8xCv8/mFQniIRQOR+zl1kArSUXc2KAfCP1jmnidLOYwC4X0d8V60s0hAXCO1gUxNTETjbjBkGlENpvQm8dL94DIshCMyMxFc5gUmrF9qc+omOPT5HF82FgaHnN9N6sH3r19SfoXkMtBROj1V6xlU/lVqx+CiJCSCBfbllYkY=,iv:DGFlXNRXey0dIQVzsg0qkPGxDG+36tcg0BXUQzHfANk=,tag:HdpNO+ikmXo7wtahYwtkDg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -57,8 +59,8 @@ sops:
|
|||
by9kZFlTRVdCZFkxYTVVb0RIRk8zUlkKCqMw9oL9RaYBV5Hhy3o8Nm5xmGrPH8Sd
|
||||
hv36sxRFFNZT/DCKaHaSRbT3mfpBZSTXJt1dgl4nZe6whH54t/1KmA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-05-07T15:39:19Z"
|
||||
mac: ENC[AES256_GCM,data:5+ORtiY/Ky9uk4eCoqypExNd2EJIi+VPOCVvwJeCXqD+arkAcwt1SGLETUI9Rh16Bs9k+e3q6bu9LBmoNjCBJ39yvDVChwNR7F0Uw0D5leTzDG9uLBFmAxJ+fTp8OL4UNQOwTO4Fmfhe9UC8v5X7wBBNmi5GS1dvDrw8FrfQvK0=,iv:ZFjT48N26e+TO5tjhcPgXmpBT5zjWs8BZfJx5eep24o=,tag:QajcmWss9MwKWmu6Ysy/8A==,type:str]
|
||||
lastmodified: "2023-05-11T20:46:04Z"
|
||||
mac: ENC[AES256_GCM,data:csUDc036tnmVNQcdmjc4bfDn+BqtpYSmmspF10EW+jUVINO3rLwnx01jrUMoqVZQnxZ3d62ra+afhKAKUtInYxsJLb1uC+EUdKMzz5AFZTMJ4QDoPO7X2JAGqoS15B5k/Tr+PGTSVNINWjWMNQTHS3NDvIKGDyjxxv19sefJ9WY=,iv:L+r1jlmN5yuSu0pQBvF4tvX92Qnmbsn1GGjQnB9CnjE=,tag:gaxNp/RzTOkR/guFjm8lHA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
|
Loading…
Reference in a new issue