2023-08-31 14:48:31 -07:00
|
|
|
{ config, lib, pkgs, ... }@toplevel:
|
|
|
|
|
|
|
|
|
|
with lib;
|
|
|
|
|
let
|
|
|
|
|
cfg = config.services.nextcloudContainer;
|
|
|
|
|
|
|
|
|
|
hostname = config.instance.hostname;
|
|
|
|
|
|
2023-08-31 15:16:38 -07:00
|
|
|
hostSecrets = config.fudo.secrets.host-secrets."${hostname}";
|
|
|
|
|
|
2023-08-31 14:48:31 -07:00
|
|
|
mkEnvFile = envVars:
|
|
|
|
|
let
|
|
|
|
|
envLines =
|
|
|
|
|
mapAttrsToList (var: val: ''${var}="${toString val}"'') envVars;
|
|
|
|
|
in pkgs.writeText "envFile" (concatStringsSep "\n" envLines);
|
|
|
|
|
|
|
|
|
|
postgresPasswdFile =
|
|
|
|
|
pkgs.lib.passwd.stablerandom-passwd-file "nextcloud-postgres-passwd"
|
|
|
|
|
config.instance.build-seed;
|
|
|
|
|
|
|
|
|
|
in {
|
|
|
|
|
options.services.nextcloudContainer = with types; {
|
|
|
|
|
enable = mkEnableOption "Enable Nextcloud running in an Arion container.";
|
|
|
|
|
|
|
|
|
|
state-directory = mkOption {
|
|
|
|
|
type = str;
|
|
|
|
|
description = "Directory at which to store server state data.";
|
|
|
|
|
};
|
|
|
|
|
|
2024-02-06 15:41:00 -08:00
|
|
|
store-directory = mkOption {
|
|
|
|
|
type = str;
|
|
|
|
|
description =
|
|
|
|
|
"Directory at which to store bulk cloud data (eg pictures).";
|
|
|
|
|
};
|
|
|
|
|
|
2023-09-04 10:44:01 -07:00
|
|
|
hostname = mkOption {
|
|
|
|
|
type = str;
|
|
|
|
|
description = "Hostname at which the server is available.";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
package = mkOption {
|
|
|
|
|
type = package;
|
|
|
|
|
description = "NextCloud package to use.";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
extra-apps = mkOption {
|
2023-09-04 18:18:26 -07:00
|
|
|
type = attrsOf package;
|
2023-09-04 10:44:01 -07:00
|
|
|
description = "List of other apps to enable.";
|
2023-09-04 18:18:26 -07:00
|
|
|
default = { };
|
2023-08-31 14:48:31 -07:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
port = mkOption {
|
|
|
|
|
type = port;
|
|
|
|
|
description = "Intenal port on which to listen for requests.";
|
|
|
|
|
default = 6093;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
timezone = mkOption {
|
|
|
|
|
type = str;
|
|
|
|
|
default = "America/Winnipeg";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
config = mkIf cfg.enable {
|
2024-02-06 15:41:00 -08:00
|
|
|
systemd.tmpfiles.rules = [
|
|
|
|
|
"d ${cfg.state-directory}/nextcloud 0750 root root - -"
|
|
|
|
|
"d ${cfg.state-directory}/postgres 0750 root root - -"
|
|
|
|
|
"d ${cfg.store-directory} 0750 root root - -"
|
|
|
|
|
];
|
|
|
|
|
|
2023-08-31 14:48:31 -07:00
|
|
|
fudo.secrets.host-secrets."${hostname}" = {
|
2023-09-04 10:44:01 -07:00
|
|
|
nextcloudAdminPasswd = {
|
|
|
|
|
source-file =
|
|
|
|
|
pkgs.lib.passwd.stablerandom-passwd-file "nextcloud-admin-passwd"
|
|
|
|
|
config.instance.build-seed;
|
|
|
|
|
target-file = "/run/nextcloud/admin.passwd";
|
2023-08-31 14:48:31 -07:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2023-08-31 14:53:44 -07:00
|
|
|
virtualisation.arion.projects.nextcloud.settings = let
|
2023-08-31 14:48:31 -07:00
|
|
|
image = { ... }: {
|
|
|
|
|
project.name = "nextcloud";
|
|
|
|
|
services = {
|
2023-09-04 10:44:01 -07:00
|
|
|
nextcloud = { pkgs, lib, ... }: {
|
2023-08-31 14:48:31 -07:00
|
|
|
nixos = {
|
|
|
|
|
useSystemd = true;
|
|
|
|
|
configuration = {
|
|
|
|
|
boot.tmpOnTmpfs = true;
|
2023-08-31 15:24:24 -07:00
|
|
|
system.nssModules = lib.mkForce [ ];
|
2023-09-05 08:11:34 -07:00
|
|
|
environment.etc."nextcloud/admin.passwd" = {
|
|
|
|
|
source = "/run/nextcloud/admin.passwd";
|
|
|
|
|
mode = "0400";
|
|
|
|
|
user = "nextcloud";
|
|
|
|
|
};
|
2023-09-06 11:18:45 -07:00
|
|
|
systemd.tmpfiles.rules = [
|
|
|
|
|
"d /var/lib/nextcloud/data 0700 nextcloud root - -"
|
2023-09-06 11:51:17 -07:00
|
|
|
"d /var/lib/nextcloud/data/config 700 nextcloud root - -"
|
|
|
|
|
"d /var/lib/nextcloud/home 0755 nextcloud root - -"
|
2023-09-06 11:18:45 -07:00
|
|
|
];
|
2023-09-02 10:22:08 -07:00
|
|
|
services = {
|
|
|
|
|
nscd.enable = false;
|
2023-09-04 10:44:01 -07:00
|
|
|
postgresql.enable = true;
|
|
|
|
|
nextcloud = {
|
2023-09-02 10:22:08 -07:00
|
|
|
enable = true;
|
2023-09-04 10:44:01 -07:00
|
|
|
package = cfg.package;
|
|
|
|
|
hostName = cfg.hostname;
|
|
|
|
|
home = "/var/lib/nextcloud/home";
|
|
|
|
|
datadir = "/var/lib/nextcloud/data";
|
2023-09-06 12:15:04 -07:00
|
|
|
webfinger = true;
|
2023-09-04 10:44:01 -07:00
|
|
|
configureRedis = true;
|
|
|
|
|
extraAppsEnable = true;
|
|
|
|
|
extraApps = cfg.extra-apps;
|
2023-09-06 12:15:04 -07:00
|
|
|
autoUpdateApps.enable = true;
|
|
|
|
|
appstoreEnable = false;
|
2023-09-06 12:27:41 -07:00
|
|
|
enableImagemagick = true;
|
2023-09-04 10:44:01 -07:00
|
|
|
database.createLocally = true;
|
2023-09-06 12:15:04 -07:00
|
|
|
nginx.recommendedHttpHeaders = true;
|
|
|
|
|
maxUploadSize = "4G";
|
|
|
|
|
https = true;
|
2023-09-04 10:44:01 -07:00
|
|
|
config = {
|
|
|
|
|
dbtype = "pgsql";
|
2023-09-05 08:11:34 -07:00
|
|
|
adminpassFile = "/etc/nextcloud/admin.passwd";
|
2023-09-06 12:15:04 -07:00
|
|
|
overwriteProtocol = "https";
|
|
|
|
|
extraTrustedDomains = [ "nextcloud.fudo.org" ];
|
|
|
|
|
defaultPhoneRegion = "CA";
|
2023-09-06 12:20:04 -07:00
|
|
|
# TODO: is there a way to narrow this?
|
|
|
|
|
trustedProxies = [ "10.0.0.0/8" ];
|
2023-08-31 14:48:31 -07:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
service = {
|
2023-09-04 10:44:01 -07:00
|
|
|
restart = "always";
|
|
|
|
|
volumes = [
|
2024-02-06 16:20:54 -08:00
|
|
|
"${cfg.state-directory}/nextcloud:/var/lib/nextcloud/home"
|
|
|
|
|
"${cfg.store-directory}:/var/lib/nextcloud/data"
|
2023-09-04 10:44:01 -07:00
|
|
|
"${hostSecrets.nextcloudAdminPasswd.target-file}:/run/nextcloud/admin.passwd:ro,Z"
|
2024-02-06 16:20:54 -08:00
|
|
|
"${cfg.state-directory}/postgresql:/var/lib/postgresql"
|
2023-09-04 10:44:01 -07:00
|
|
|
];
|
2023-09-04 18:21:44 -07:00
|
|
|
ports = [ "${toString cfg.port}:80" ];
|
2023-08-31 14:48:31 -07:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
in { imports = [ image ]; };
|
|
|
|
|
};
|
|
|
|
|
}
|
