RGBCube/ncc
1
Fork 0
mirror of https://github.com/RGBCube/ncc synced 2025-07-29 19:17:45 +00:00
Code Issues Activity

Add Nextcloud

Browse source
This commit is contained in:
RGBCube 2024-01-13 14:12:17 +03:00
parent ac55e25005
commit bfe73a2b81
No known key found for this signature in database
5 changed files with 80 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hosts/cube/acme.nix
View file

@ -10,7 +10,7 @@ in serverSystemConfiguration {
environmentFile = config.age.secrets.acme.path;
dnsProvider = "cloudflare";
dnsResolver = "1.1.1.1";
email = "security@rgbcu.be";
email = "security@${domain}";
};
certs.${domain} = {

10
hosts/cube/grafana.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, ulib, ... }: with ulib;
{ config, ulib, ... }: with ulib;
let
inherit (config.networking) domain;
@ -10,14 +10,6 @@ in serverSystemConfiguration {
group = "grafana";
};
services.postgresql = {
ensureDatabases = [ "grafana" ];
initialScript = pkgs.writeText "postgresql-initial-script" ''
CREATE ROLE grafana WITH LOGIN PASSWORD NULL CREATEDB;
GRANT ALL PRIVILEGES ON DATABASE grafana TO grafana;
'';
};
services.grafana = enabled {
domain = fqdn;
port = 8999;

58
hosts/cube/nextcloud.nix Normal file
View file

@ -0,0 +1,58 @@
{ config, ulib, pkgs, ... }: with ulib;
let
inherit (config.networking) domain;
fqdn = "cloud.${domain}";
in serverSystemConfiguration {
age.secrets."cube.nextcloud.password" = {
owner = "nextcloud";
group = "nextcloud";
};
services.nextcloud = enabled {
package = pkgs.nextcloud28;
hostName = fqdn;
https = true;
configureRedis = true;
config.adminuser = "admin";
config.adminpassFile = config.age.secrets."cube.nextcloud.password".path;
config.dbtype = "pgsql";
database.createLocally = true;
extraAppsEnable = true;
extraApps = {
inherit (config.services.nextcloud.package.packages.apps)
bookmarks calendar contacts deck
forms groupfolders impersonate
mail maps notes phonetrack
polls previewgenerator tasks;
# Add: files_markdown files_texteditor memories news
};
extraOptions.enabledPreviewProviders = [
"OC\\Preview\\BMP"
"OC\\Preview\\GIF"
"OC\\Preview\\JPEG"
"OC\\Preview\\Krita"
"OC\\Preview\\MarkDown"
"OC\\Preview\\MP3"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\PNG"
"OC\\Preview\\TXT"
"OC\\Preview\\XBitmap"
"OC\\Preview\\HEIC"
];
nginx.recommendedHttpHeaders = true;
};
services.nginx.virtualHosts.${fqdn} = {
forceSSL = true;
useACMEHost = domain;
};
}

13
hosts/cube/nginx.nix
View file

@ -28,10 +28,13 @@ serverSystemConfiguration {
services.nginx = enabled {
statusPage = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedBrotliSettings = true;
recommendedGzipSettings = true;
recommendedZstdSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
commonHttpConfig = let
fileToList = file: lib.splitString "\n" (builtins.readFile file);
@ -58,7 +61,7 @@ serverSystemConfiguration {
}
add_header Strict-Transport-Security $hsts_header;
add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
# add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
add_header "Referrer-Policy" "no-referrer";

13
hosts/cube/postgresql.nix
View file

@ -1,4 +1,4 @@
{ config, lib, ulib, ... }: with ulib;
{ config, lib, ulib, pkgs, ... }: with ulib;
serverSystemConfiguration {
services.prometheus.exporters.postgres = enabled {
@ -29,5 +29,16 @@ serverSystemConfiguration {
superuser_map postgres postgres
superuser_map /^(.*)$ \1
'';
ensureDatabases = [ "grafana" "nextcloud" ];
initialScript = pkgs.writeText "postgresql-initial-script" ''
CREATE ROLE grafana WITH LOGIN PASSWORD NULL CREATEDB;
GRANT ALL PRIVILEGES ON DATABASE grafana TO grafana;
CREATE ROLE nextcloud WITH LOGIN PASSWORD NULL CREATEDB;
GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud;
'';
};
}