batteredbunny/server.nix
1
0
Fork 0
Code Issues 11 Pull requests Projects Releases Packages Wiki Activity Actions
server.nix/services/nextcloud.nix

105 lines
2.7 KiB
Nix
Raw Blame History

{ config, pkgs, lib, ... }:
let
port = 4008;
in
{
environment.systemPackages = with pkgs; [
ffmpeg # needed for thumbnails iirc
];
services = {
caddy.virtualHosts."cloud.catnip.ee".extraConfig = ''
tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
resolvers 1.1.1.1
}
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains"
Referrer-Policy no-referrer
Referrer-Policy same-origin
Referrer-Policy strict-origin
Referrer-Policy strict-origin-when-cross-origin
Referrer-Policy no-referrer-when-downgrade
}
reverse_proxy 127.0.0.1:${toString port}
'';
# /var/lib/nextcloud
nextcloud = {
enable = true;
package = pkgs.nextcloud30;
hostName = "cloud.catnip.ee";
https = true;
configureRedis = true; # /var/lib/redis-nextcloud
config = {
adminuser = "admin";
adminpassFile = "/etc/secrets/nextcloud";
dbtype = "mysql";
};
autoUpdateApps.enable = true;
database.createLocally = true;
extraApps = with config.services.nextcloud.package.packages.apps; {
inherit contacts calendar tasks mail;
integration_github = pkgs.fetchNextcloudApp {
url = "https://github.com/nextcloud-releases/integration_github/releases/download/v3.1.1/integration_github-v3.1.1.tar.gz";
sha256 = "sha256-nm463H33WyXTJkb7+OSsunARNuSl5nc3uGClgwkVvhM=";
license = "agpl3Only";
};
};
extraAppsEnable = true;
settings = {
enable_previews = true;
enabledPreviewProviders = [
"OC\\Preview\\OpenDocument"
"OC\\Preview\\PDF"
"OC\\Preview\\MSOffice2003"
"OC\\Preview\\MSOfficeDoc"
"OC\\Preview\\Image"
"OC\\Preview\\Photoshop"
"OC\\Preview\\TIFF"
"OC\\Preview\\SVG"
"OC\\Preview\\Font"
"OC\\Preview\\MP3"
"OC\\Preview\\Movie"
"OC\\Preview\\MKV"
"OC\\Preview\\MP4"
"OC\\Preview\\AVI"
];
};
};
# /var/lib/mysql
mysql = {
enable = true;
ensureDatabases = [
"nextcloud"
];
ensureUsers = [
{
name = "nextcloud";
ensurePermissions = {
"nextcloud.*" = "ALL PRIVILEGES";
};
}
];
};
nginx.virtualHosts.${config.services.nextcloud.hostName} = {
listen = [
{
addr = "127.0.0.1";
inherit port;
}
];
};
borgbackup.jobs."borgbase".paths = [
"/var/lib/nextcloud"
"/var/lib/redis-nextcloud"
];
};
}
Reference in a new issue View git blame Copy permalink