Initial setup for vps, no tests done
This commit is contained in:
parent
dc741a02fd
commit
0694fad67b
|
@ -45,6 +45,8 @@
|
|||
# Enable networking
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
networking.firewall.allowedTCPPorts = [80 443];
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Amsterdam";
|
||||
|
||||
|
@ -67,6 +69,12 @@
|
|||
enable = true;
|
||||
};
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
# Replace the email here!
|
||||
email = "letsencrypt@gladtherescake.eu";
|
||||
};
|
||||
|
||||
users.users = {
|
||||
lillian = {
|
||||
isNormalUser = true;
|
||||
|
|
83
nixos/queen/nextcloud.nix
Normal file
83
nixos/queen/nextcloud.nix
Normal file
|
@ -0,0 +1,83 @@
|
|||
{
|
||||
inputs,
|
||||
outputs,
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
#this came from https://jacobneplokh.com/how-to-setup-nextcloud-on-nixos/
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
||||
# Use recommended settings
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
|
||||
# Only allow PFS-enabled ciphers with AES256
|
||||
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
|
||||
|
||||
# Setup Nextcloud virtual host to listen on ports
|
||||
virtualHosts = {
|
||||
"nextcloud.gladtherescake.eu" = {
|
||||
## Force HTTP redirect to HTTPS
|
||||
forceSSL = true;
|
||||
## LetsEncrypt
|
||||
enableACME = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.nextcloud = {
|
||||
enable = true;
|
||||
hostName = "nextcloud.gladtherescake.eu";
|
||||
# Enable built-in virtual host management
|
||||
# Takes care of somewhat complicated setup
|
||||
# See here: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/web-apps/nextcloud.nix#L529
|
||||
nginx.enable = true;
|
||||
|
||||
# Use HTTPS for links
|
||||
https = true;
|
||||
|
||||
# Auto-update Nextcloud Apps
|
||||
autoUpdateApps.enable = true;
|
||||
# Set what time makes sense for you
|
||||
autoUpdateApps.startAt = "05:00:00";
|
||||
|
||||
config = {
|
||||
# Further forces Nextcloud to use HTTPS
|
||||
overwriteProtocol = "https";
|
||||
|
||||
# Nextcloud PostegreSQL database configuration, recommended over using SQLite
|
||||
dbtype = "pgsql";
|
||||
dbuser = "nextcloud";
|
||||
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
|
||||
dbname = "nextcloud";
|
||||
dbpassFile = "/var/nextcloud-db-pass";
|
||||
|
||||
#TODO: work with sops to set this instead of a file & make sure the db setup is the same as on the previous server for easy migration
|
||||
adminpassFile = "/var/nextcloud-admin-pass";
|
||||
adminuser = "admin";
|
||||
};
|
||||
};
|
||||
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
|
||||
# Ensure the database, user, and permissions always exist
|
||||
ensureDatabases = ["nextcloud"];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "nextcloud";
|
||||
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
systemd.services."nextcloud-setup" = {
|
||||
requires = ["postgresql.service"];
|
||||
after = ["postgresql.service"];
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue