SelfPrivacy
/
selfprivacy-nixos-config
6
3
Fork 6
Code Issues 19 Pull Requests 1 Projects Releases Wiki Activity

add PoC SP module for nextcloud

pull/55/head
Alexander Tomokhov 2023-11-15 22:26:04 +04:00
parent d281f51775
commit 41c3a0fc00
8 changed files with 94 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
configuration.nix
View File

@ -14,7 +14,6 @@
./passmgr/bitwarden.nix
./webserver/nginx.nix
./webserver/memcached.nix
./nextcloud/nextcloud.nix
./resources/limits.nix
./videomeet/jitsi.nix
./git/gitea.nix

15
files.nix
View File

@ -32,21 +32,6 @@ in
sed = "${pkgs.gnused}/bin/sed";
in
{
nextcloudSecrets =
if cfg.nextcloud.enable then ''
mkdir -p /var/lib/nextcloud
cat /etc/nixos/userdata/userdata.json | ${jq} -r '.nextcloud.databasePassword' > /var/lib/nextcloud/db-pass
chmod 0440 /var/lib/nextcloud/db-pass
chown nextcloud:nextcloud /var/lib/nextcloud/db-pass
cat /etc/nixos/userdata/userdata.json | ${jq} -r '.nextcloud.adminPassword' > /var/lib/nextcloud/admin-pass
chmod 0440 /var/lib/nextcloud/admin-pass
chown nextcloud:nextcloud /var/lib/nextcloud/admin-pass
''
else ''
rm -f /var/lib/nextcloud/db-pass
rm -f /var/lib/nextcloud/admin-pass
'';
cloudflareCredentials = ''
mkdir -p /var/lib/cloudflare
chmod 0440 /var/lib/cloudflare

40
nextcloud/nextcloud.nix
View File

@ -1,40 +0,0 @@
{ pkgs, lib, config, ... }:
let
cfg = config.selfprivacy.userdata;
in
{
fileSystems = lib.mkIf cfg.useBinds {
"/var/lib/nextcloud" = {
device = "/volumes/${cfg.nextcloud.location}/nextcloud";
options = [ "bind" ];
};
};
services.nextcloud = {
enable = cfg.nextcloud.enable;
package = pkgs.nextcloud25;
hostName = "cloud.${cfg.domain}";
# Use HTTPS for links
https = false;
# Auto-update Nextcloud Apps
autoUpdateApps.enable = true;
# Set what time makes sense for you
autoUpdateApps.startAt = "05:00:00";
config = {
# Further forces Nextcloud to use HTTPS
overwriteProtocol = "https";
# Nextcloud PostegreSQL database configuration, recommended over using SQLite
dbtype = "sqlite";
dbuser = "nextcloud";
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
dbname = "nextcloud";
dbpassFile = "/var/lib/nextcloud/db-pass";
adminpassFile = "/var/lib/nextcloud/admin-pass";
adminuser = "admin";
};
};
}

5
sp-modules/nextcloud/config-paths-needed.json Normal file
View File

@ -0,0 +1,5 @@
[
[ "selfprivacy", "userdata", "domain" ],
[ "selfprivacy", "userdata", "nextcloud" ],
[ "selfprivacy", "userdata", "useBinds" ]
]

9
sp-modules/nextcloud/flake.nix Normal file
View File

@ -0,0 +1,9 @@
{
description = "PoC SP module for nextcloud";
outputs = { self }: {
nixosModules.default = import ./module.nix;
configPathsNeeded =
builtins.fromJSON (builtins.readFile ./config-paths-needed.json);
};
}

80
sp-modules/nextcloud/module.nix Normal file
View File

@ -0,0 +1,80 @@
{ config, lib, pkgs, ... }:
{
options.selfprivacy.userdata.nextcloud = with lib; {
enable = mkOption {
type = types.nullOr types.bool;
default = false;
};
location = mkOption {
type = types.nullOr types.str;
default = "sda1";
};
};
config =
let
cfg = config.selfprivacy.userdata;
secrets-filepath = "/etc/nixos/userdata/userdata.json";
db-pass-filepath = "/var/lib/nextcloud/db-pass";
admin-pass-filepath = "/var/lib/nextcloud/admin-pass";
in
lib.mkIf cfg.nextcloud.enable
{
system.activationScripts.nextcloudSecrets = ''
mkdir -p /var/lib/nextcloud
${pkgs.jq}/bin/jq < ${secrets-filepath} -r '.nextcloud.databasePassword' > ${db-pass-filepath}
chmod 0440 ${db-pass-filepath}
chown nextcloud:nextcloud ${db-pass-filepath}
${pkgs.jq}/bin/jq < ${secrets-filepath} -r '.nextcloud.adminPassword' > ${admin-pass-filepath}
chmod 0440 ${admin-pass-filepath}
chown nextcloud:nextcloud ${admin-pass-filepath}
'';
fileSystems = lib.mkIf cfg.useBinds {
"/var/lib/nextcloud" = {
device = "/volumes/${cfg.nextcloud.location}/nextcloud";
options = [ "bind" ];
};
};
services.nextcloud = {
enable = true;
package = pkgs.nextcloud25;
hostName = "cloud.${cfg.domain}";
# Use HTTPS for links
https = false;
# auto-update Nextcloud Apps
autoUpdateApps.enable = true;
# set what time makes sense for you
autoUpdateApps.startAt = "05:00:00";
config = {
# further forces Nextcloud to use HTTPS
overwriteProtocol = "https";
dbtype = "sqlite";
dbuser = "nextcloud";
dbhost = "/run/postgresql"; # nextcloud adds .s.PGSQL.5432 by itself
dbname = "nextcloud";
dbpassFile = db-pass-filepath;
adminpassFile = admin-pass-filepath;
adminuser = "admin";
};
};
}
# FIXME do we really want to delete passwords on module deactivation!?
//
lib.mkIf (!cfg.nextcloud.enable) {
system.activationScripts.nextcloudSecrets =
lib.trivial.warn
(
"nextcloud service is disabled, " +
"${db-pass-filepath} and ${admin-pass-filepath} will be removed!"
)
''
rm -f ${db-pass-filepath}
rm -f ${admin-pass-filepath}
'';
};
}

4
userdata-variables.nix
View File

@ -34,10 +34,6 @@ jsonData: { lib, ... }:
enable = lib.attrsets.attrByPath [ "gitea" "enable" ] false jsonData;
location = lib.attrsets.attrByPath [ "gitea" "location" ] "sda1" jsonData;
};
nextcloud = {
enable = lib.attrsets.attrByPath [ "nextcloud" "enable" ] false jsonData;
location = lib.attrsets.attrByPath [ "nextcloud" "location" ] "sda1" jsonData;
};
pleroma = {
enable = lib.attrsets.attrByPath [ "pleroma" "enable" ] false jsonData;
location = lib.attrsets.attrByPath [ "pleroma" "location" ] "sda1" jsonData;

10
variables-module.nix
View File

@ -135,16 +135,6 @@ with lib;
type = types.nullOr types.str;
};
};
nextcloud = {
enable = mkOption {
default = true;
type = types.nullOr types.bool;
};
location = mkOption {
default = "sda1";
type = types.nullOr types.str;
};
};
pleroma = {
enable = mkOption {
default = false;