Initial setup for vps, no tests done

2023-11-19 23:20:16 +01:00 · 2023-11-19 23:20:16 +01:00 · 0694fad67b
commit 0694fad67b
parent dc741a02fd
2 changed files with 91 additions and 0 deletions
--- a/nixos/queen/configuration.nix
+++ b/nixos/queen/configuration.nix
@ -45,6 +45,8 @@
  # Enable networking
  networking.networkmanager.enable = true;

+  networking.firewall.allowedTCPPorts = [80 443];
+
  # Set your time zone.
  time.timeZone = "Europe/Amsterdam";

@ -67,6 +69,12 @@
    enable = true;
  };

+  security.acme = {
+    acceptTerms = true;
+    # Replace the email here!
+    email = "letsencrypt@gladtherescake.eu";
+  };
+
  users.users = {
    lillian = {
      isNormalUser = true;
--- a/nixos/queen/nextcloud.nix
+++ b/nixos/queen/nextcloud.nix
@ -0,0 +1,83 @@
+{
+  inputs,
+  outputs,
+  lib,
+  config,
+  pkgs,
+  ...
+}: {
+  #this came from https://jacobneplokh.com/how-to-setup-nextcloud-on-nixos/
+  services.nginx = {
+    enable = true;
+
+    # Use recommended settings
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    # Only allow PFS-enabled ciphers with AES256
+    sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
+
+    # Setup Nextcloud virtual host to listen on ports
+    virtualHosts = {
+      "nextcloud.gladtherescake.eu" = {
+        ## Force HTTP redirect to HTTPS
+        forceSSL = true;
+        ## LetsEncrypt
+        enableACME = true;
+      };
+    };
+  };
+
+  services.nextcloud = {
+    enable = true;
+    hostName = "nextcloud.gladtherescake.eu";
+    # Enable built-in virtual host management
+    # Takes care of somewhat complicated setup
+    # See here: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/web-apps/nextcloud.nix#L529
+    nginx.enable = true;
+
+    # Use HTTPS for links
+    https = true;
+
+    # Auto-update Nextcloud Apps
+    autoUpdateApps.enable = true;
+    # Set what time makes sense for you
+    autoUpdateApps.startAt = "05:00:00";
+
+    config = {
+      # Further forces Nextcloud to use HTTPS
+      overwriteProtocol = "https";
+
+      # Nextcloud PostegreSQL database configuration, recommended over using SQLite
+      dbtype = "pgsql";
+      dbuser = "nextcloud";
+      dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
+      dbname = "nextcloud";
+      dbpassFile = "/var/nextcloud-db-pass";
+
+      #TODO: work with sops to set this instead of a file & make sure the db setup is the same as on the previous server for easy migration
+      adminpassFile = "/var/nextcloud-admin-pass";
+      adminuser = "admin";
+    };
+  };
+
+  services.postgresql = {
+    enable = true;
+
+    # Ensure the database, user, and permissions always exist
+    ensureDatabases = ["nextcloud"];
+    ensureUsers = [
+      {
+        name = "nextcloud";
+        ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
+      }
+    ];
+  };
+
+  systemd.services."nextcloud-setup" = {
+    requires = ["postgresql.service"];
+    after = ["postgresql.service"];
+  };
+}