darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

add nextcloud

Browse source
This commit is contained in:
Charlotte 🦝 Delenk 2023-04-18 08:55:45 +01:00
parent 75195b4113
commit 9784b6ef92
Signed by: darkkirb
GPG key ID: AB2BD8DAF2E37122
4 changed files with 114 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
config/instance-20221213-1915.nix
View file

@ -19,6 +19,7 @@
./users/remote-build.nix
./services/atticd.nix
./services/minecraft.nix
./services/postgresql.nix
];
boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "usbhid"];
@ -77,6 +78,7 @@
"L /var/lib/acme - - - - /persist/var/lib/acme"
"L /var/lib/tailscale/tailscaled.state - - - - /persist/var/lib/tailscale/tailscaled.state"
"D /build - - - - -"
"L /var/lib/postgresql - - - - /persist/var/lib/postgresql"
];
networking.wireguard.interfaces."wg0".ips = ["fd0d:a262:1fa6:e621:746d:4523:5c04:1453/64"];
@ -114,4 +116,22 @@
boot.loader.systemd-boot.configurationLimit = lib.mkForce 1;
system.autoUpgrade.allowReboot = true;
services.tailscale.useRoutingFeatures = "server";
services.postgresql.settings = {
max_connections = 200;
shared_buffers = "6GB";
effective_cache_size = "18GB";
maintenance_work_mem = "1536MB";
checkpoint_completion_target = 0.9;
wal_buffers = "16MB";
default_statistics_target = 100;
random_page_cost = 1.1;
effective_io_concurrency = 200;
work_mem = "15728kB";
min_wal_size = "1GB";
max_wal_size = "4GB";
max_worker_processes = 4;
max_parallel_workers_per_gather = 2;
max_parallel_workers = 4;
max_parallel_maintenance_workers = 2;
};
}

87
config/services/nextcloud.nix Normal file
View file

@ -0,0 +1,87 @@
{
pkgs,
config,
...
}: {
services.nextcloud = {
cache.redis = true;
adminpassFile = config.sops.secrets."services/nextcloud/adminpass".path;
adminuser = "darkkirb";
dbhost = "/run/postgresql";
dbname = "nextcloud";
dbtype = "pgsql";
dbuser = "nextcloud";
defaultPhoneRegion = "DE";
objectstore.s3 = {
bucket = "nextcloud-chir-rs";
enable = true;
hostname = "s3.us-west-000.backblazeb2.com";
key = "000decd694f9e7d0000000021";
secretFile = config.sops.secrets."services/nextcloud/s3".path;
usePathStyle = true;
useSsl = true;
};
overwriteProtocol = "https";
enable = true;
enableImagemagick = true;
extraAppsEnable = true;
extraConfig = {
redis = {
host = config.services.redis.servers.nextcloud.unixSocket;
port = 0;
dbindex = 0;
};
};
hostname = "cloud.chir.rs";
https = true;
package = pkgs.nextcloud26;
phpOptions = {
"opcache.save_comments" = 1;
"opcache.validate_timestamps" = 0;
"opcache.jit" = 1255;
"opcache.jit_buffer_size" = "128M";
};
poolSettings = {
"pm.max_children" = 460;
};
webfinger = true;
extraApps = with pkgs.nextclouud26Packages.apps; {
inherit bookmarks calendar contacts deck files_texteditor forms groupfolders mail news notes notify_push onlyoffice polls previewgenerator spreed taskks twofactor_webauthn unsplash;
};
};
sops.secrets."services/nextcloud/adminpass".owner = "nextcloud";
sops.secrets."services/nextcloud/s3".owner = "nextcloud";
services.redis.servers.nextcloud = {
enable = true;
user = "nextcloud";
};
services.postgresql.ensureDatabases = ["nextcloud"];
services.postgresql.ensureUsers = [
{
name = "nextcloud";
ensurePermissions = {
"DATABASE attic" = "ALL PRIVILEGES";
};
}
];
services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
listen = [
{
host = "127.0.0.1";
port = 13286;
}
];
};
services.caddy.virtualHosts."cloud.chir.rs" = {
useACMEHost = "chir.rs";
logFormat = pkgs.lib.mkForce "";
extraConfig = ''
import baseConfig
reverse_proxy {
to http://127.0.0.1:13286
header_up Host {upstream_hostport}
}
'';
};
}

7
secrets/instance-20221213-1915.yaml
View file

@ -14,6 +14,9 @@ services:
chir-rs:
auth:
password: ENC[AES256_GCM,data:9tJQIoCgquUkX+FeAT0+1tfyIF9YdNT26AOyd7hiS8BgLSa8WdG+v3H0zMt48ETc8duCMTDKII0sJTtgYxtaKQ==,iv:ZukeYF4yTf7fkrkTpbUsuNkpMOgjMDGbYtUcbvfu50g=,tag:HutgW+KyEVoePVZIO+uExg==,type:str]
nextcloud:
adminpass: ENC[AES256_GCM,data:XFN1Y2oKxjrl6xnrqyxEPWFgXx4bX+1745o8+lgcEy3CTCxc/vztib6QhMb0aVym2HLS7qYrfkwajQb6/hywfA==,iv:+kVTo2uu7VKuZHUy+woyXk6iDrWws6zvhp5ORA8YALk=,tag:9bu/p8dJiJKq8rpjbfc4dg==,type:str]
s3: ENC[AES256_GCM,data:6eaoosPsBl1K5W76/KPAkw58nMNhhMFS7b/3v3WCbg==,iv:C+JVjSN3MG4CzaYmBr6Lzh6jdFbwQsDJYJfBPfllZYw=,tag:YHie0LMPg2gahnGF+cEGZg==,type:str]
email:
lotte@chir.rs: ENC[AES256_GCM,data:YrJ/+VG6/ZSu8g+PQxYUqwd1RQ==,iv:IeFhCrMQ1+4KvenylyizbwmCvsCPGvTiZAw5VyZb3Zs=,tag:xoK+aBykGV2bLqHles1LMQ==,type:str]
mdelenk@hs-mittweida.de: ENC[AES256_GCM,data:l57AwqL90zV2BIn04ZhhEB3TE0WAFNJ7Bci1ljHgYvki0mZ5TrLP4PYZ681uKdzN7xlFsDjhCQN0C+iuz3Aj0g==,iv:qXNQq+03KFTazggckGRqHbnuOHo2enmQKCSzAw6mqsY=,tag:HE+tenPWwB8FIilV2r1wRQ==,type:str]
@ -38,8 +41,8 @@ sops:
bVJUcDZLWTk3MiszOWp4enRRQmNsajQKF8QJs/Wb0SqnvsQEkRKlS1Ms9xLIdyvZ
QCFAPclaOfaTLTiRJWXjDneBkMBduYKkRPiXCR+Bn7i4z8ixLXFmWw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-01-17T09:38:15Z"
mac: ENC[AES256_GCM,data:CNsQoD2BnsiXH/gc28/4idmaR8C2j8oIV/eoTh5VNrb0r15vDuw3XFWHSZ+6H+AM5gcuoqdo5qRcocHRc7mbp09sfOFefDmUYhPnfyx0PPIBNVH1g9QkRzsPHz8DNibgWetmVY0EGR/PhBnU/JVkaCDfl/9UJ50l9MQjtq6FC2A=,iv:jz/OVJdBhEi688B2VkFaypOUnWE6axUKJleb7TH3qO4=,tag:4pTYKMD5CvRcN8te1Bumqw==,type:str]
lastmodified: "2023-04-18T07:18:07Z"
mac: ENC[AES256_GCM,data:nQ4+XpQs+nqjUHtKU2jqROKDJTudAPGpmr6wyuXB99dDswpf0li3SsAyRGirA/leaL54Xng5kIIsT99r5xdOiYapL6vFA4wlHeiQebUGidjg1ADr7bH+AJuJvWCnBgYR9tEUtIX/JjFI0T1Naup3aeQUkX8/lYiwlSDbU4Q65yk=,iv:n8B3+/+yV0ulzvjk++Wu0UvfkkXqMl6R6PTRFWmPKkw=,tag:jHMYil/Y15ey9JGCREMRmA==,type:str]
pgp:
- created_at: "2022-12-14T15:34:13Z"
enc: |

3
zones/chir.rs.nix
View file

@ -144,7 +144,7 @@ with dns.lib.combinators; let
SOA = {
nameServer = "ns1.chir.rs.";
adminEmail = "lotte@chir.rs";
serial = 28;
serial = 29;
};
NS = [
"ns1.chir.rs."
@ -245,6 +245,7 @@ with dns.lib.combinators; let
auth = createFullZone {};
attic-nocdn = createFullZone {};
attic.CNAME = ["attic-chir-rs.b-cdn.net."];
cloud = createZone oracleBase;
int =
delegateTo [