diff --git a/hosts/cube/nextcloud.nix b/hosts/cube/nextcloud.nix index 56d5fd1..db1340a 100644 --- a/hosts/cube/nextcloud.nix +++ b/hosts/cube/nextcloud.nix @@ -10,6 +10,11 @@ in serverSystemConfiguration { group = "nextcloud"; }; + age.secrets."cube/password.mail.nextcloud" = { + owner = "nextcloud"; + group = "nextcloud"; + }; + services.nextcloud = enabled { package = pkgs.nextcloud28; @@ -21,16 +26,19 @@ in serverSystemConfiguration { config.adminuser = "admin"; config.adminpassFile = config.age.secrets."cube/password.nextcloud".path; - config.dbtype = "pgsql"; + config.dbhost = "/run/postgresql"; + config.dbtype = "pgsql"; - extraAppsEnable = true; - extraApps = { - inherit (config.services.nextcloud.package.packages.apps) - bookmarks calendar contacts deck - forms groupfolders impersonate - mail maps notes phonetrack - polls previewgenerator tasks; - # Add: files_markdown files_texteditor memories news + secretFile = config.age.secrets."cube/password.mail.nextcloud".path; + extraOptions = { + mail_domain = domain; + mail_smtphost = domain; + + mail_from_address = "cloud"; + mail_smtpname = "contact"; + + mail_smtpauth = true; + mail_smtpsecure = "ssl"; }; extraOptions.enabledPreviewProviders = [ @@ -47,6 +55,16 @@ in serverSystemConfiguration { "OC\\Preview\\HEIC" ]; + extraAppsEnable = true; + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) + bookmarks calendar contacts deck + forms groupfolders impersonate + mail maps notes phonetrack + polls previewgenerator tasks; + # Add: files_markdown files_texteditor memories news + }; + nginx.recommendedHttpHeaders = true; }; diff --git a/secrets/cube/password.mail.nextcloud.age b/secrets/cube/password.mail.nextcloud.age new file mode 100644 index 0000000..edeeb8b --- /dev/null +++ b/secrets/cube/password.mail.nextcloud.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 +rZ0Tw Sum+2HU7J6lXA4gbBl+mYj2L+D4tqtjHGdMl2RHiNGY +8Kw+f0Fzl0jhhkm6EuLqVQNGpyRjZL3xK9ldXugOMZs +--- wGiZJTQeisiVaEClE23WnfnkHOf9tV56KbQks/2JrOs +_ͣ6 J/d :c {n)M7As1XQqx_*] ' \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 19dbc2f..c6c04f4 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -4,16 +4,19 @@ rec { cube = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINMkCJeHcD0SIOZ4HkyF6rqUmbvlKhSha3HWMZ0hbIjp rgb@cube"; }; - "cube/id.age".publicKeys = [ keys.rgbcube ]; + "cube/id.age".publicKeys = [ keys.rgbcube ]; - "cube/password.hash.mail.age".publicKeys = [ keys.cube ]; - "cube/password.hash.rgb.age".publicKeys = [ keys.cube ]; + "cube/password.hash.mail.age".publicKeys = [ keys.cube ]; + "cube/password.hash.rgb.age".publicKeys = [ keys.cube ]; - "cube/password.acme.age".publicKeys = [ keys.cube ]; - "cube/password.grafana.age".publicKeys = [ keys.cube ]; - "cube/password.mail.grafana.age".publicKeys = [ keys.cube ]; - "cube/password.nextcloud.age".publicKeys = [ keys.cube ]; + "cube/password.acme.age".publicKeys = [ keys.cube ]; - "enka/password.hash.orhan.age".publicKeys = [ keys.rgbcube ]; - "enka/password.hash.said.age".publicKeys = [ keys.rgbcube ]; + "cube/password.mail.grafana.age".publicKeys = [ keys.cube ]; + "cube/password.mail.nextcloud.age".publicKeys = [ keys.cube ]; + + "cube/password.grafana.age".publicKeys = [ keys.cube ]; + "cube/password.nextcloud.age".publicKeys = [ keys.cube ]; + + "enka/password.hash.orhan.age".publicKeys = [ keys.rgbcube ]; + "enka/password.hash.said.age".publicKeys = [ keys.rgbcube ]; }