martials/nixos-configuration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[pi4] Initial Nextcloud config

Browse Source
This commit is contained in:
Martin Berg Alstad
2025-05-27 20:01:07 +00:00
parent 96d57d34c1
commit e986f337bd
3 changed files with 77 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/pi4/default.nix
View File

@ -5,6 +5,7 @@
(relativeToBase "modules") (relativeToBase "modules")
./boot.nix ./boot.nix
./hardware.nix ./hardware.nix
./nextcloud.nix
./security ./security
]; ];
} }

72
hosts/pi4/nextcloud.nix Normal file
View File

@ -0,0 +1,72 @@
{ pkgs, config, ... }:
let
adminPass = "nextcloud/admin-pass";
domain = "beta.nextcloud.martials.no";
dbname = "nextcloud";
dbuser = dbname;
in
{
services = {
nextcloud = {
enable = true;
autoUpdateApps.enable = true;
config = {
adminpassFile = config.sops.secrets.${adminPass}.path;
dbtype = "pgsql";
dbname = dbname;
dbuser = dbuser;
# default directory for postgresql, ensures automatic setup of db
dbhost = "/run/postgresql";
adminuser = "admin";
defaultPhoneRegion = "NO";
};
extraApps = {
inherit (config.services.nextcloud.package.packages.apps)
contacts
tasks
deck
;
};
extraAppsEnable = true;
hostName = domain;
https = true;
package = pkgs.nextcloud31;
settings = {
trusted_domains = [
domain
];
};
};
postgresql = {
enable = true;
ensureDatabases = [ dbname ];
ensureUsers = [
{
name = dbuser;
ensureDBOwnership = true;
}
];
};
postgresqlBackup = {
enable = true;
location = "/data/backup/nextclouddb";
databases = [ dbname ];
# time to start backup in systemd.time format
startAt = "*-*-* 23:15:00";
};
};
sops.secrets.${adminPass}.neededForUsers = true;
# ensure postgresql db is started with nextcloud
systemd.services."nextcloud-setup" = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
}

6
shared/secrets/secrets.yaml
View File

@ -1,4 +1,6 @@
password-hash: ENC[AES256_GCM,data:FsGHBAw/z4tcBRObVlo//UotWHyHns0+vdJVgt2lfGiIfQG+1I60g2Tzgv/O+gz3oz41NIwAYf61SR9AfXhpnc1AxiZRlCBwMQ==,iv:oiJndSVZQ+00UPz0TuJXV+T8x9mtecrNDUaablOGffU=,tag:wQuow7C8KqelJOE9KqCxMA==,type:str] password-hash: ENC[AES256_GCM,data:FsGHBAw/z4tcBRObVlo//UotWHyHns0+vdJVgt2lfGiIfQG+1I60g2Tzgv/O+gz3oz41NIwAYf61SR9AfXhpnc1AxiZRlCBwMQ==,iv:oiJndSVZQ+00UPz0TuJXV+T8x9mtecrNDUaablOGffU=,tag:wQuow7C8KqelJOE9KqCxMA==,type:str]
nextcloud:
admin-pass: ENC[AES256_GCM,data:RBuuNc7J/CCJXG8n73B5cw==,iv:uKNj40SdJn6LbZoV1i9fq+5TGmRDPYVhCxAUghV4vqs=,tag:wUHBPo5T+2tyjsQFlUXDEQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -32,8 +34,8 @@ sops:
SGdNMnVlQlNEeVJkWmZEM1FRT2JJMGMKbZ/znJM6tFhzhHariRXMLgH/4CRZZKrb SGdNMnVlQlNEeVJkWmZEM1FRT2JJMGMKbZ/znJM6tFhzhHariRXMLgH/4CRZZKrb
YtmSdeL/Pd5YIecCpjDHDn4vQ0TBAmLaX+zVbNbRKmMZoY7777ywfA== YtmSdeL/Pd5YIecCpjDHDn4vQ0TBAmLaX+zVbNbRKmMZoY7777ywfA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-15T16:57:17Z" lastmodified: "2025-05-27T17:56:45Z"
mac: ENC[AES256_GCM,data:HE/liIsb/7RazR671Keo5nH9+qp3BMPGxJcm97fzXkeO8TnCk/lNy43InKu7ON316G375F2oTeiuz90JthUYV2wBQFZTVWR6pROhRSewT7T3pp3lRPtIIwmvOmvJd537OVN1iz2p+1EgW4+gERrgQ9wPHWyyeFB7a9SkTeLmmGA=,iv:bvL1WyUHnnXB7gWZyVdru+j8oAFD11lbQkMvgWkgm24=,tag:CKFt/UlRRImKYakUI44fWw==,type:str] mac: ENC[AES256_GCM,data:rXUdrKF4qcuKkk9QASAti2yk+mWLRPzqHPLV85P1nJBoqa6bnLaEoWwfclwr2riTeLjK8ASRHGzi9xiY9867+lhui7+nd0ISBPZlRKTxfXNddBNMqSh+MguJ9e02mTm6OpbSVlovT5NPLiJcQyTodtI5Cvkc0LU5v8yCwRF98jI=,iv:TCSHdf4Y9QPOFNOVjKL3vro65C9SEUhSSNFXNYchzmk=,tag:wGbBdQwPXO30ymyhtAguYg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.9.4