add PoC SP module for nextcloud
parent
d281f51775
commit
41c3a0fc00
|
@ -14,7 +14,6 @@
|
||||||
./passmgr/bitwarden.nix
|
./passmgr/bitwarden.nix
|
||||||
./webserver/nginx.nix
|
./webserver/nginx.nix
|
||||||
./webserver/memcached.nix
|
./webserver/memcached.nix
|
||||||
./nextcloud/nextcloud.nix
|
|
||||||
./resources/limits.nix
|
./resources/limits.nix
|
||||||
./videomeet/jitsi.nix
|
./videomeet/jitsi.nix
|
||||||
./git/gitea.nix
|
./git/gitea.nix
|
||||||
|
|
15
files.nix
15
files.nix
|
@ -32,21 +32,6 @@ in
|
||||||
sed = "${pkgs.gnused}/bin/sed";
|
sed = "${pkgs.gnused}/bin/sed";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
nextcloudSecrets =
|
|
||||||
if cfg.nextcloud.enable then ''
|
|
||||||
mkdir -p /var/lib/nextcloud
|
|
||||||
cat /etc/nixos/userdata/userdata.json | ${jq} -r '.nextcloud.databasePassword' > /var/lib/nextcloud/db-pass
|
|
||||||
chmod 0440 /var/lib/nextcloud/db-pass
|
|
||||||
chown nextcloud:nextcloud /var/lib/nextcloud/db-pass
|
|
||||||
|
|
||||||
cat /etc/nixos/userdata/userdata.json | ${jq} -r '.nextcloud.adminPassword' > /var/lib/nextcloud/admin-pass
|
|
||||||
chmod 0440 /var/lib/nextcloud/admin-pass
|
|
||||||
chown nextcloud:nextcloud /var/lib/nextcloud/admin-pass
|
|
||||||
''
|
|
||||||
else ''
|
|
||||||
rm -f /var/lib/nextcloud/db-pass
|
|
||||||
rm -f /var/lib/nextcloud/admin-pass
|
|
||||||
'';
|
|
||||||
cloudflareCredentials = ''
|
cloudflareCredentials = ''
|
||||||
mkdir -p /var/lib/cloudflare
|
mkdir -p /var/lib/cloudflare
|
||||||
chmod 0440 /var/lib/cloudflare
|
chmod 0440 /var/lib/cloudflare
|
||||||
|
|
|
@ -1,40 +0,0 @@
|
||||||
{ pkgs, lib, config, ... }:
|
|
||||||
let
|
|
||||||
cfg = config.selfprivacy.userdata;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
fileSystems = lib.mkIf cfg.useBinds {
|
|
||||||
"/var/lib/nextcloud" = {
|
|
||||||
device = "/volumes/${cfg.nextcloud.location}/nextcloud";
|
|
||||||
options = [ "bind" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
services.nextcloud = {
|
|
||||||
enable = cfg.nextcloud.enable;
|
|
||||||
package = pkgs.nextcloud25;
|
|
||||||
hostName = "cloud.${cfg.domain}";
|
|
||||||
|
|
||||||
# Use HTTPS for links
|
|
||||||
https = false;
|
|
||||||
|
|
||||||
# Auto-update Nextcloud Apps
|
|
||||||
autoUpdateApps.enable = true;
|
|
||||||
# Set what time makes sense for you
|
|
||||||
autoUpdateApps.startAt = "05:00:00";
|
|
||||||
|
|
||||||
config = {
|
|
||||||
# Further forces Nextcloud to use HTTPS
|
|
||||||
overwriteProtocol = "https";
|
|
||||||
|
|
||||||
# Nextcloud PostegreSQL database configuration, recommended over using SQLite
|
|
||||||
dbtype = "sqlite";
|
|
||||||
dbuser = "nextcloud";
|
|
||||||
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
|
|
||||||
dbname = "nextcloud";
|
|
||||||
dbpassFile = "/var/lib/nextcloud/db-pass";
|
|
||||||
|
|
||||||
adminpassFile = "/var/lib/nextcloud/admin-pass";
|
|
||||||
adminuser = "admin";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
[
|
||||||
|
[ "selfprivacy", "userdata", "domain" ],
|
||||||
|
[ "selfprivacy", "userdata", "nextcloud" ],
|
||||||
|
[ "selfprivacy", "userdata", "useBinds" ]
|
||||||
|
]
|
|
@ -0,0 +1,9 @@
|
||||||
|
{
|
||||||
|
description = "PoC SP module for nextcloud";
|
||||||
|
|
||||||
|
outputs = { self }: {
|
||||||
|
nixosModules.default = import ./module.nix;
|
||||||
|
configPathsNeeded =
|
||||||
|
builtins.fromJSON (builtins.readFile ./config-paths-needed.json);
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,80 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
options.selfprivacy.userdata.nextcloud = with lib; {
|
||||||
|
enable = mkOption {
|
||||||
|
type = types.nullOr types.bool;
|
||||||
|
default = false;
|
||||||
|
};
|
||||||
|
location = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = "sda1";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config =
|
||||||
|
let
|
||||||
|
cfg = config.selfprivacy.userdata;
|
||||||
|
secrets-filepath = "/etc/nixos/userdata/userdata.json";
|
||||||
|
db-pass-filepath = "/var/lib/nextcloud/db-pass";
|
||||||
|
admin-pass-filepath = "/var/lib/nextcloud/admin-pass";
|
||||||
|
in
|
||||||
|
lib.mkIf cfg.nextcloud.enable
|
||||||
|
{
|
||||||
|
system.activationScripts.nextcloudSecrets = ''
|
||||||
|
mkdir -p /var/lib/nextcloud
|
||||||
|
${pkgs.jq}/bin/jq < ${secrets-filepath} -r '.nextcloud.databasePassword' > ${db-pass-filepath}
|
||||||
|
chmod 0440 ${db-pass-filepath}
|
||||||
|
chown nextcloud:nextcloud ${db-pass-filepath}
|
||||||
|
|
||||||
|
${pkgs.jq}/bin/jq < ${secrets-filepath} -r '.nextcloud.adminPassword' > ${admin-pass-filepath}
|
||||||
|
chmod 0440 ${admin-pass-filepath}
|
||||||
|
chown nextcloud:nextcloud ${admin-pass-filepath}
|
||||||
|
'';
|
||||||
|
fileSystems = lib.mkIf cfg.useBinds {
|
||||||
|
"/var/lib/nextcloud" = {
|
||||||
|
device = "/volumes/${cfg.nextcloud.location}/nextcloud";
|
||||||
|
options = [ "bind" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
services.nextcloud = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.nextcloud25;
|
||||||
|
hostName = "cloud.${cfg.domain}";
|
||||||
|
|
||||||
|
# Use HTTPS for links
|
||||||
|
https = false;
|
||||||
|
|
||||||
|
# auto-update Nextcloud Apps
|
||||||
|
autoUpdateApps.enable = true;
|
||||||
|
# set what time makes sense for you
|
||||||
|
autoUpdateApps.startAt = "05:00:00";
|
||||||
|
|
||||||
|
config = {
|
||||||
|
# further forces Nextcloud to use HTTPS
|
||||||
|
overwriteProtocol = "https";
|
||||||
|
|
||||||
|
dbtype = "sqlite";
|
||||||
|
dbuser = "nextcloud";
|
||||||
|
dbhost = "/run/postgresql"; # nextcloud adds .s.PGSQL.5432 by itself
|
||||||
|
dbname = "nextcloud";
|
||||||
|
dbpassFile = db-pass-filepath;
|
||||||
|
adminpassFile = admin-pass-filepath;
|
||||||
|
adminuser = "admin";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
# FIXME do we really want to delete passwords on module deactivation!?
|
||||||
|
//
|
||||||
|
lib.mkIf (!cfg.nextcloud.enable) {
|
||||||
|
system.activationScripts.nextcloudSecrets =
|
||||||
|
lib.trivial.warn
|
||||||
|
(
|
||||||
|
"nextcloud service is disabled, " +
|
||||||
|
"${db-pass-filepath} and ${admin-pass-filepath} will be removed!"
|
||||||
|
)
|
||||||
|
''
|
||||||
|
rm -f ${db-pass-filepath}
|
||||||
|
rm -f ${admin-pass-filepath}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
|
@ -34,10 +34,6 @@ jsonData: { lib, ... }:
|
||||||
enable = lib.attrsets.attrByPath [ "gitea" "enable" ] false jsonData;
|
enable = lib.attrsets.attrByPath [ "gitea" "enable" ] false jsonData;
|
||||||
location = lib.attrsets.attrByPath [ "gitea" "location" ] "sda1" jsonData;
|
location = lib.attrsets.attrByPath [ "gitea" "location" ] "sda1" jsonData;
|
||||||
};
|
};
|
||||||
nextcloud = {
|
|
||||||
enable = lib.attrsets.attrByPath [ "nextcloud" "enable" ] false jsonData;
|
|
||||||
location = lib.attrsets.attrByPath [ "nextcloud" "location" ] "sda1" jsonData;
|
|
||||||
};
|
|
||||||
pleroma = {
|
pleroma = {
|
||||||
enable = lib.attrsets.attrByPath [ "pleroma" "enable" ] false jsonData;
|
enable = lib.attrsets.attrByPath [ "pleroma" "enable" ] false jsonData;
|
||||||
location = lib.attrsets.attrByPath [ "pleroma" "location" ] "sda1" jsonData;
|
location = lib.attrsets.attrByPath [ "pleroma" "location" ] "sda1" jsonData;
|
||||||
|
|
|
@ -135,16 +135,6 @@ with lib;
|
||||||
type = types.nullOr types.str;
|
type = types.nullOr types.str;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
nextcloud = {
|
|
||||||
enable = mkOption {
|
|
||||||
default = true;
|
|
||||||
type = types.nullOr types.bool;
|
|
||||||
};
|
|
||||||
location = mkOption {
|
|
||||||
default = "sda1";
|
|
||||||
type = types.nullOr types.str;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
pleroma = {
|
pleroma = {
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
default = false;
|
default = false;
|
||||||
|
|
Loading…
Reference in New Issue