Configure nextcloud for montalin

2020-10-23 17:35:24 +00:00 · 2020-10-23 17:35:24 +00:00 · f9c7e0ed0c
commit f9c7e0ed0c
parent d5cb513227
6 changed files with 58 additions and 17 deletions
--- a/host/montalin/applications/cloud.nix
+++ b/host/montalin/applications/cloud.nix
@ -1,4 +1,6 @@
-{ config, pkgs, ... }: {
+{ config, pkgs, ... }: let
+  host = "chur.fh2.ch";
+in {

  imports = [

@ -6,7 +8,13 @@
  ];

  services.nextcloud = {
-    hostName = "cloud.qo.is";
+    #hostName = "cloud.qo.is";
+    hostName = host;
    package = pkgs.nextcloud19;
  };
+  services.nginx.virtualHosts."${host}" = {
+    forceSSL = true;
+    enableACME = true;
+  };
+  
 }
--- a/host/montalin/database.nix
+++ b/host/montalin/database.nix
@ -2,10 +2,15 @@

 {

+  imports = [
+    ../../role/database
+  ];
  services.postgresql = {
-    #enable = true; # Required? Better in role?
-    package = pkgs.postgresql_12;
+    ensureDatabases = [ "nextcloud" ];
+    ensureUsers = [
+     { name = "nextcloud";
+       ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
+     }
+    ];
  };
-
-  services.postgresqlBackup.enable = true; # TODO: Role?
 }
--- a/host/montalin/networking.nix
+++ b/host/montalin/networking.nix
@ -18,4 +18,6 @@
  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }
--- a/role/base/default.nix
+++ b/role/base/default.nix
@ -8,12 +8,13 @@
  boot.loader.timeout = 2;
  boot.tmpOnTmpfs = true;

-  i18n = {
-    consoleFont = "Lat2-Terminus16";
-    consoleKeyMap = "sg-latin1";
-    defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "sg-latin1";
  };

+  i18n.defaultLocale = "en_US.UTF-8";
+
  environment.systemPackages = with pkgs; [
    wget
    curl
@ -89,4 +90,10 @@
    gitconfig.source = ./etc/gitconfig;
    vimrc.source = ./etc/vimrc;
  };
+
+  security.acme = {
+    acceptTerms = true;
+    email = "sysadmin@qo.is";
+  };
+
 }
--- a/role/database/default.nix
+++ b/role/database/default.nix
@ -0,0 +1,11 @@
+{ config, pkgs, ... }:
+
+{
+
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_12;
+  };
+
+  services.postgresqlBackup.enable = true;
+}
--- a/role/nextcloud/default.nix
+++ b/role/nextcloud/default.nix
@ -2,15 +2,23 @@
 { config, lib, pkgs, ... }:

 {
-  services.nextcloud.config = {
+  services.nextcloud = {
+    enable = true;
+    https = true;
+    webfinger = true;
+    nginx.enable = true;
+    maxUploadSize = "1G";
+
+    config = {
      adminpassFile = "/secrets/nextcloud-admin"; # TODO
      adminuser = "root";
      dbtype = "pgsql";
      dbhost = "/run/postgresql";
-    enable = true;
-    https = true;
-    maxUploadSize = "1G";
-    nginx.enable = true;
-    webfinger = true;
+    };
+  };
+
+  systemd.services."nextcloud-setup" = {
+    requires = ["postgresql.service"];
+    after = ["postgresql.service"];
  };
 }