From 74dddaaa1de165469bcaca5de470a01848c6ebd2 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Fri, 18 Aug 2023 19:02:49 +0200 Subject: [PATCH] add nextcloud --- .sops.yaml | 5 ++++ hosts/web-01.cloonar.com/configuration.nix | 1 + utils/modules/nextcloud/default.nix | 27 +++++++++++++++++++ utils/modules/nextcloud/secrets.yaml | 30 ++++++++++++++++++++++ 4 files changed, 63 insertions(+) create mode 100644 utils/modules/nextcloud/default.nix create mode 100644 utils/modules/nextcloud/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index 27e265d..99f6e10 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -83,3 +83,8 @@ creation_rules: - age: - *dominik - *web-01-server + - path_regex: utils/modules/nextcloud/[^/]+\.yaml$ + key_groups: + - age: + - *dominik + - *web-01-server diff --git a/hosts/web-01.cloonar.com/configuration.nix b/hosts/web-01.cloonar.com/configuration.nix index ab27afe..563a315 100644 --- a/hosts/web-01.cloonar.com/configuration.nix +++ b/hosts/web-01.cloonar.com/configuration.nix @@ -10,6 +10,7 @@ ./utils/modules/zammad/default.nix ./utils/modules/authelia/default.nix ./utils/modules/autoupgrade.nix + ./utils/modules/nextcloud ./utils/modules/borgbackup.nix ./utils/modules/netdata.nix diff --git a/utils/modules/nextcloud/default.nix b/utils/modules/nextcloud/default.nix new file mode 100644 index 0000000..a80eff4 --- /dev/null +++ b/utils/modules/nextcloud/default.nix @@ -0,0 +1,27 @@ +{ pkgs, ... }: +{ + sops.secrets.nextcloud-adminpass = { + owner = "nextcloud"; + sopsFile = ./secrets.yaml; + }; + + services.nextcloud = { + enable = true; + hostName = "nextcloud.cloonar.com"; + https = true; + package = pkgs.nextcloud27; + # Instead of using pkgs.nextcloud27Packages.apps, + # we'll reference the package version specified above + extraApps = with config.services.nextcloud.package.packages.apps; { + inherit news contacts calendar tasks; + }; + extraAppsEnable = true; + config.adminpassFile = config.sops.secrets.nextcloud-adminpass.path; + }; + + services.nginx.virtualHosts.${config.services.nextcloud.hostName} = { + forceSSL = true; + enableACME = true; + acmeRoot = null; + }; +} diff --git a/utils/modules/nextcloud/secrets.yaml b/utils/modules/nextcloud/secrets.yaml new file mode 100644 index 0000000..b7a0e8e --- /dev/null +++ b/utils/modules/nextcloud/secrets.yaml @@ -0,0 +1,30 @@ +nextcloud-adminpass: ENC[AES256_GCM,data:NaPVWpyJ6bQWyOX/r32NxduTMfUzIMDck+4x1JGWwEBN6DC4YktgMHmW3Lq8P5NyQ6P5zoQf9LIN1xPXBstOVSmY0JcB7PUkkR5G/6ZD8sJ/6tsIfs4NEPTcvbFIVmXCEQBTOUn8GofhfirV9GK0AKhyz3xHRk3zwRb7UKvHPu8=,iv:Ct89SCXVe/HBkmRM3/DDL1uM1P8AGMTJUQ151zeEoMA=,tag:2ttaVSfQYe7lp8RLXHtJew==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5TzlPR0VIZUY1SERna1Zp + YzJTajVBTy91U21FQ0w4RHp5cTA0MlBDWGtZCjc4L2Ywd1V6RGtYQzVRdlozQ0tn + OFl6MXpXODNlM0RZNkpsYXlYVHJvWlEKLS0tIFRzUU50RngvZXoyV2JKakMzZTg3 + ZTJsWE5pcEZhRmc4dzYzNlNBdnVnQlEKQZflKTufLJ5bdZgdfuGG7kjgojUWHQBF + RX/ne7/S90bzEm1ZFdnJWVo4UHTWgoSuLLW4o3ekDhzvrZGycat8ow== + -----END AGE ENCRYPTED FILE----- + - recipient: age1y6lvl5jkwc47p5ae9yz9j9kuwhy7rtttua5xhygrgmr7ehd49svsszyt42 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQRnY3TVJPbTc0ckhacDBZ + cHpOZU9NaUluMnpTNlBPZTRLaUVBSGZkMjJVCkVKcFBnZ0xrcFZIM3ZyZCs5aEVZ + QW5QYTN0SHp2SHNYT2dXWFhxYWw4RmMKLS0tIG9XUjcrTlprd0orU0dnMzU1UnRa + ajYyZDhDd1ovUGViY3FuMkdoKzRWMUEKjyqCz9OezOymL/Em4dOyHQNPFRUjP8+b + cxrImPeXqfepSUQ+fPHOjXkfvK28nJP92HQoJ7eNEqccsI/okJU9cw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-08-18T16:24:49Z" + mac: ENC[AES256_GCM,data:rMbj98FB62nvngsc5IyNFfXwYHnbQOKHqnCdM/spumX4aRw+29TrJGB9x++4E3LYB9uk5Cil+PeB3e01FOukw2Jc460JGtwB6XdXCuojhv63PEimeZOfNkGZBRT1PwhnH6AIct1ivffp9vLaCD0ZtHOynA+RjaNDOcgHNSXhPyk=,iv:8vAyv3BbA/lxh7PW3wRZfMV0n9N/tk/4w2udhlQ/Zg8=,tag:dqcfmK7UnwhUXYxnNDeNTg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3