first working nc setup

2025-04-03 14:52:56 +02:00 · 2025-04-03 14:52:56 +02:00 · 2257a6dff8
commit 2257a6dff8
parent 77fbd2f0b4
2 changed files with 58 additions and 11 deletions
--- a/hosts/harbor/configuration.nix
+++ b/hosts/harbor/configuration.nix
@ -36,7 +36,8 @@
  };

  services.nextcloud-instance.enable = true;
-  services.nextcloud-instance.instanceFQDN = "replace.me";
+  services.nextcloud-instance.ssl = false;
+  services.nextcloud-instance.instanceFQDN = "replace-me";

  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;
--- a/modules/services/nextcloud-instance.nix
+++ b/modules/services/nextcloud-instance.nix
@ -14,29 +14,75 @@ in {
      example = "nextcloud.example.com";
      description = "Fully qualified domain name of the Nextcloud instance";
    };
+
+    ssl = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "Use SSL and auto-update certificates";
+    };
  };

  config = lib.mkIf cfg.enable {
    environment.etc."nc-admin-pass.txt".text = "replace-me-with-a-sops-secret";

    services.nextcloud = {
+      # Instance
      enable = true;
      hostName = cfg.instanceFQDN;
-      https = false;
-      config.dbtype = "mysql";
+      https = cfg.ssl;
+      configureRedis = true;
+
+      # DB
+      config.dbtype = "pgsql";
+      config.dbhost = "/run/postgresql";
      config.adminpassFile = "/etc/nc-admin-pass.txt"; # FIXME: sops
+
+      #Mail
+      settings = {
+        mail_smtpmode = "sendmail";
+        mail_sendmailmode = "pipe";
+      };
+
+      # Apps
+      extraAppsEnable = true;
+      extraApps = {
+        inherit
+          (config.services.nextcloud.package.packages.apps)
+          calendar
+          contacts
+          maps
+          tasks
+          ;
+        drop_account = pkgs.fetchNextcloudApp {
+          sha256 = "sha256-AAWAR5i8moGlyGMaNqJwQPqPAHqWvIf4mvZ4U0dfg/A=";
+          url = "https://packages.framasoft.org/projects/nextcloud-apps/drop-account/drop_account-2.7.1.tar.gz";
+          license = "agpl3Only";
+        };
+      };
    };

-    services.nginx.virtualHosts.${cfg.instanceFQDN}.listen = [
-      {
-        port = 8080;
-        addr = "0.0.0.0";
-      }
-    ];
+    # SSL setup
+    services.nginx.virtualHosts.${cfg.instanceFQDN} = lib.mkIf cfg.ssl {
+      forceSSL = true;
+      enableACME = true;
+    };
+    security.acme = lib.mkIf cfg.ssl {
+      acceptTerms = true;
+      certs = {
+        ${cfg.instanceFQDN}.email = "jonas.roeger+acme@gmail.com";
+      };
+    };

-    services.mysql = {
+    # DB setup
+    services.postgresql = {
      enable = true;
-      package = pkgs.mariadb;
+      ensureDatabases = ["nextcloud"];
+      ensureUsers = [
+        {
+          name = "nextcloud";
+          ensureDBOwnership = true;
+        }
+      ];
    };
  };
 }