add nextcloud

.sops.yaml

@@ -83,3 +83,8 @@ creation_rules:
     - age:
       - *dominik
       - *web-01-server
+  - path_regex: utils/modules/nextcloud/[^/]+\.yaml$
+    key_groups:
+    - age:
+      - *dominik
+      - *web-01-server

hosts/web-01.cloonar.com/configuration.nix

@@ -10,6 +10,7 @@
     ./utils/modules/zammad/default.nix
     ./utils/modules/authelia/default.nix
     ./utils/modules/autoupgrade.nix
+    ./utils/modules/nextcloud
 
     ./utils/modules/borgbackup.nix
     ./utils/modules/netdata.nix

utils/modules/nextcloud/default.nix

@@ -0,0 +1,27 @@
+{ pkgs, ... }:
+{
+  sops.secrets.nextcloud-adminpass = {
+    owner = "nextcloud";
+    sopsFile = ./secrets.yaml;
+  };
+
+  services.nextcloud = {                
+    enable = true;                   
+    hostName = "nextcloud.cloonar.com";
+    https = true;
+    package = pkgs.nextcloud27;
+    # Instead of using pkgs.nextcloud27Packages.apps,
+    # we'll reference the package version specified above
+    extraApps = with config.services.nextcloud.package.packages.apps; {
+      inherit news contacts calendar tasks;
+    };
+    extraAppsEnable = true;
+    config.adminpassFile = config.sops.secrets.nextcloud-adminpass.path;
+  };
+
+  services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
+    forceSSL = true;
+    enableACME = true;
+    acmeRoot = null;
+  };
+}

utils/modules/nextcloud/secrets.yaml

@@ -0,0 +1,30 @@
+nextcloud-adminpass: ENC[AES256_GCM,data:NaPVWpyJ6bQWyOX/r32NxduTMfUzIMDck+4x1JGWwEBN6DC4YktgMHmW3Lq8P5NyQ6P5zoQf9LIN1xPXBstOVSmY0JcB7PUkkR5G/6ZD8sJ/6tsIfs4NEPTcvbFIVmXCEQBTOUn8GofhfirV9GK0AKhyz3xHRk3zwRb7UKvHPu8=,iv:Ct89SCXVe/HBkmRM3/DDL1uM1P8AGMTJUQ151zeEoMA=,tag:2ttaVSfQYe7lp8RLXHtJew==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5TzlPR0VIZUY1SERna1Zp
+            YzJTajVBTy91U21FQ0w4RHp5cTA0MlBDWGtZCjc4L2Ywd1V6RGtYQzVRdlozQ0tn
+            OFl6MXpXODNlM0RZNkpsYXlYVHJvWlEKLS0tIFRzUU50RngvZXoyV2JKakMzZTg3
+            ZTJsWE5pcEZhRmc4dzYzNlNBdnVnQlEKQZflKTufLJ5bdZgdfuGG7kjgojUWHQBF
+            RX/ne7/S90bzEm1ZFdnJWVo4UHTWgoSuLLW4o3ekDhzvrZGycat8ow==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1y6lvl5jkwc47p5ae9yz9j9kuwhy7rtttua5xhygrgmr7ehd49svsszyt42
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQRnY3TVJPbTc0ckhacDBZ
+            cHpOZU9NaUluMnpTNlBPZTRLaUVBSGZkMjJVCkVKcFBnZ0xrcFZIM3ZyZCs5aEVZ
+            QW5QYTN0SHp2SHNYT2dXWFhxYWw4RmMKLS0tIG9XUjcrTlprd0orU0dnMzU1UnRa
+            ajYyZDhDd1ovUGViY3FuMkdoKzRWMUEKjyqCz9OezOymL/Em4dOyHQNPFRUjP8+b
+            cxrImPeXqfepSUQ+fPHOjXkfvK28nJP92HQoJ7eNEqccsI/okJU9cw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-08-18T16:24:49Z"
+    mac: ENC[AES256_GCM,data:rMbj98FB62nvngsc5IyNFfXwYHnbQOKHqnCdM/spumX4aRw+29TrJGB9x++4E3LYB9uk5Cil+PeB3e01FOukw2Jc460JGtwB6XdXCuojhv63PEimeZOfNkGZBRT1PwhnH6AIct1ivffp9vLaCD0ZtHOynA+RjaNDOcgHNSXhPyk=,iv:8vAyv3BbA/lxh7PW3wRZfMV0n9N/tk/4w2udhlQ/Zg8=,tag:dqcfmK7UnwhUXYxnNDeNTg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3