diff options
| author | Valentin <valentin@fricklerhandwerk.de> | 2025-11-11 13:34:09 +0100 |
|---|---|---|
| committer | Valentin <valentin@fricklerhandwerk.de> | 2025-11-11 16:21:51 +0100 |
| commit | 293b48f4946cb1e88f21abe665dcd18106b48e11 (patch) | |
| tree | ee46989d138de3d97815f418e6a935c4d2b0f988 /nextcloud.nix | |
| parent | 2c599720401012630cd633ee311404e2ccfcef91 (diff) | |
Konfiguration klarer nach Aspekten unterteilt
Insbesondere behandelt das Modul für die Website nur noch dieses spezifische Anliegen.
Diffstat (limited to 'nextcloud.nix')
| -rw-r--r-- | nextcloud.nix | 106 |
1 files changed, 0 insertions, 106 deletions
diff --git a/nextcloud.nix b/nextcloud.nix deleted file mode 100644 index eedb507..0000000 --- a/nextcloud.nix +++ /dev/null @@ -1,106 +0,0 @@ -{ self, ... }: -{ - flake.machines.tharos = { - nixos = - { config, lib, ... }: - let - apps = config.services.nextcloud.package.packages.apps; - nextcloud = config.services.nextcloud.hostName; - nginx = lib.head config.services.nginx.virtualHosts.${nextcloud}.listen; - in - { - services.nextcloud = { - enable = true; - hostName = "nextcloud.${self.domain}"; - database.createLocally = true; - config.dbtype = "pgsql"; - extraAppsEnable = true; - extraApps = { - inherit (apps) - contacts - calendar - tables - spreed # Videokonferenzen - # cospend # Rudimentäre Buchhaltung - # deck # Issue-Tracker - ; - }; - settings = { - trusted_proxies = [ nginx.addr ]; - mail_smtpmode = "smtp"; - mail_smtphost = "smtp.tharos-net.de"; - mail_smtpport = 587; - mail_smtpauth = true; - mail_smtptimeout = 30; - mail_smtpname = "nextcloud@${self.domain}"; - mail_from_address = "nextcloud"; - mail_domain = self.domain; - mail_smtpstreamoptions = { - /* - ACHTUNG: Hier ist Angriffsfläche! - Dringend den Mailserver ordentlich einrichten! - */ - ssl = { - allow_self_signed = true; - verify_peer = false; - verify_peer_name = false; - }; - }; - }; - /* - Vor erstmaligem Anwenden der Konfiguration: - - echo $PASSWORT | ssh tharos 'sudo install -m 600 /dev/stdin /var/lib/nextcloud/initialrootpassword' - cat $SECRETS | ssh tharos 'sudo install -m 600 -o nextcloud -g nextcloud /dev/stdin /var/lib/nextcloud/secrets.json' - - Die Dateien bleiben auf dem System! - Das einmalige Root-Passwort wird nicht wieder verwendet. - - Besser wäre natürlich zentralisiertes Management von geheimen Daten. - */ - secretFile = "/var/lib/nextcloud/secrets.json"; - config.adminpassFile = "/var/lib/nextcloud/initialrootpassword"; - }; - services.nginx.virtualHosts.${nextcloud} = { - listen = [ - { - addr = "127.0.0.1"; - port = 8080; - } - ]; - }; - services.caddy = { - virtualHosts.${nextcloud}.extraConfig = '' - reverse_proxy http://${nginx.addr}:${toString nginx.port} - ''; - }; - }; - vm = - { config, lib, ... }: - - let - nextcloud = config.services.nextcloud.hostName; - in - { - services.nextcloud = { - https = lib.mkForce false; - hostName = lib.mkForce "nextcloud.localhost"; - }; - - systemd.tmpfiles.rules = [ - "f /var/lib/nextcloud/secrets.json 0600 nextcloud nextcloud - {}" - "f /var/lib/nextcloud/initialrootpassword 0600 nextcloud nextcloud - root" - ]; - - services.caddy.virtualHosts = { - "http://${nextcloud}:${toString config.virtualisation.exposedPorts.http.port}".extraConfig = - config.services.caddy.virtualHosts.${nextcloud}.extraConfig; - }; - services.getty.helpLine = lib.mkBefore '' - Nextcloud: http://${nextcloud}:${ - with config.virtualisation; toString (portOffset + exposedPorts.http.port) - } - ''; - }; - }; -} |