From 0d168690db41e826d6a62a93f845a694a2f4606b Mon Sep 17 00:00:00 2001 From: pazpi Date: Wed, 20 Aug 2025 23:42:06 +0200 Subject: [PATCH] Nextcloud secrets file --- hosts/nextcloud/default.nix | 7 +++++++ modules/services/nextcloud.nix | 21 +++++++++++++++++++-- secrets.nix | 1 + secrets/nextcloud-secrets.age | Bin 0 -> 777 bytes 4 files changed, 27 insertions(+), 2 deletions(-) create mode 100644 secrets/nextcloud-secrets.age diff --git a/hosts/nextcloud/default.nix b/hosts/nextcloud/default.nix index 6014d04..5535eaa 100644 --- a/hosts/nextcloud/default.nix +++ b/hosts/nextcloud/default.nix @@ -13,6 +13,12 @@ group = "nextcloud"; mode = "770"; }; + nextcloud-secrets = { + file = ../../secrets/nextcloud-secrets.age; + owner = "nextcloud"; + group = "nextcloud"; + mode = "770"; + }; }; my = { @@ -24,6 +30,7 @@ services.nextcloud = { enable = true; adminPasswordFile = config.age.secrets.nextcloud-admin-pwd.path; + secretFile = config.age.secrets.nextcloud-secrets.path; proxy.domain = "pasetto.me"; }; diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix index 5e25206..fcdfc7a 100644 --- a/modules/services/nextcloud.nix +++ b/modules/services/nextcloud.nix @@ -20,6 +20,14 @@ in ''; }; + secretFile = lib.mkOption { + default = ""; + type = lib.types.str; + description = '' + Path to the file containing extra secrets for Nextcloud + ''; + }; + proxy = { enable = lib.mkEnableOption "Set the proxy entry for this service"; @@ -70,12 +78,21 @@ in https = true; nginx.recommendedHttpHeaders = true; + secretFile = cfg.secretFile; + settings = { - overwriteProtocol = "https"; - defaultPhoneRegion = "IT"; + overwriteprotocol = "https"; + default_phone_region = "IT"; trusted_proxies = [ "192.168.1.150" ]; trusted_domains = [ "cloud.${cfg.proxy.domain}" ]; maintenance_window_start = 1; + mail_smtpmode = "smtp"; + mail_sendmailmode = "smtp"; + mail_from_address = "cloud"; + mail_domain = cfg.proxy.domain; + mail_smtphost = "smtp.tem.scaleway.com"; + mail_smtpport = 465; + mail_smtpauth = "true"; enabledPreviewProviders = [ "OC\\Preview\\BMP" "OC\\Preview\\GIF" diff --git a/secrets.nix b/secrets.nix index e0a1813..97bc7c1 100644 --- a/secrets.nix +++ b/secrets.nix @@ -15,6 +15,7 @@ let grafana-admin-pwd = [ machines.metrics ]; grafana-secret-auth = [ machines.metrics ]; nextcloud-admin-pwd = [ machines.nextcloud ]; + nextcloud-secrets = [ machines.nextcloud ]; vaultwarden-admin-pwd = [ machines.vaultwarden ]; searx-secret = [ machines.caddy ]; searx-prometheus-secret = [ diff --git a/secrets/nextcloud-secrets.age b/secrets/nextcloud-secrets.age new file mode 100644 index 0000000000000000000000000000000000000000..c689f6b8ec5bae42bb2c9d26a4b40a040d6ce934 GIT binary patch literal 777 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Hca)la8wA3NUIF8 zG;%5^*G~;jx6BT4&G0NuEA;oM3NcQp3{SGGO!N2ka`Y`PH{nY62}&*V@=5YZaZM}p zcFHhJb<6T}P07m*3N=eNF84^S$O`lT<-T){8UBg?Ybv?|!!+pEGa z#l_jo&8afY$)vy_$0$5G(;~t=D5T1i0N)h!$f%^ah`LY@3l zEDFQYi_vW>ElfAcDpzpLE(+8Sau3Z&tx9&P&@Xlg@T&07Of@ktF-{J5bPO^w^eGAm zb#cteGU2i?4+`*h4-ZIj_wWdCw5T*m@e9c_@(2kp&rI=+^fPnPPb;m=H1SGt^W@Ui z)m3l~$Sn`AG!JogE%M084GJuA%TFsVH4i9uEi^C*&rit;$<6VNsxok|a^+I+Z4&vg zHUIpk>>mt?Iak8d@5i5g$u{3~qv9tg{qm!AEdBC^7m^i37CgJU@o@RBIGzVxVRc_~ z&X{FBPw6UZ4fb}nD)i>K{rjV}Q;^(KSsCFa-)5Wqdaz{w9oq{}-%r1^{uRr?E5ZNT zxHB44HOePcoUrY5WxersdW_%)=@h2Y$Cd7aj_G?s?xyt2p5%KeV)Nd^oZ{<$P2AL* I5F#oK0CkBH+5i9m literal 0 HcmV?d00001