pazpi/nix
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Nextcloud secrets file

Browse source
This commit is contained in:
pazpi 2025-08-20 23:42:06 +02:00
parent 8fe42ead92
commit 0d168690db
4 changed files with 27 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
hosts/nextcloud/default.nix
View file

@ -13,6 +13,12 @@
group = "nextcloud"; group = "nextcloud";
mode = "770"; mode = "770";
}; };
nextcloud-secrets = {
file = ../../secrets/nextcloud-secrets.age;
owner = "nextcloud";
group = "nextcloud";
mode = "770";
};
}; };
my = { my = {
@ -24,6 +30,7 @@
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
adminPasswordFile = config.age.secrets.nextcloud-admin-pwd.path; adminPasswordFile = config.age.secrets.nextcloud-admin-pwd.path;
secretFile = config.age.secrets.nextcloud-secrets.path;
proxy.domain = "pasetto.me"; proxy.domain = "pasetto.me";
}; };

21
modules/services/nextcloud.nix
View file

@ -20,6 +20,14 @@ in
''; '';
}; };
secretFile = lib.mkOption {
default = "";
type = lib.types.str;
description = ''
Path to the file containing extra secrets for Nextcloud
'';
};
proxy = { proxy = {
enable = lib.mkEnableOption "Set the proxy entry for this service"; enable = lib.mkEnableOption "Set the proxy entry for this service";
@ -70,12 +78,21 @@ in
https = true; https = true;
nginx.recommendedHttpHeaders = true; nginx.recommendedHttpHeaders = true;
secretFile = cfg.secretFile;
settings = { settings = {
overwriteProtocol = "https"; overwriteprotocol = "https";
defaultPhoneRegion = "IT"; default_phone_region = "IT";
trusted_proxies = [ "192.168.1.150" ]; trusted_proxies = [ "192.168.1.150" ];
trusted_domains = [ "cloud.${cfg.proxy.domain}" ]; trusted_domains = [ "cloud.${cfg.proxy.domain}" ];
maintenance_window_start = 1; maintenance_window_start = 1;
mail_smtpmode = "smtp";
mail_sendmailmode = "smtp";
mail_from_address = "cloud";
mail_domain = cfg.proxy.domain;
mail_smtphost = "smtp.tem.scaleway.com";
mail_smtpport = 465;
mail_smtpauth = "true";
enabledPreviewProviders = [ enabledPreviewProviders = [
"OC\\Preview\\BMP" "OC\\Preview\\BMP"
"OC\\Preview\\GIF" "OC\\Preview\\GIF"

1
secrets.nix
View file

@ -15,6 +15,7 @@ let
grafana-admin-pwd = [ machines.metrics ]; grafana-admin-pwd = [ machines.metrics ];
grafana-secret-auth = [ machines.metrics ]; grafana-secret-auth = [ machines.metrics ];
nextcloud-admin-pwd = [ machines.nextcloud ]; nextcloud-admin-pwd = [ machines.nextcloud ];
nextcloud-secrets = [ machines.nextcloud ];
vaultwarden-admin-pwd = [ machines.vaultwarden ]; vaultwarden-admin-pwd = [ machines.vaultwarden ];
searx-secret = [ machines.caddy ]; searx-secret = [ machines.caddy ];
searx-prometheus-secret = [ searx-prometheus-secret = [

BIN
secrets/nextcloud-secrets.age Normal file
View file

Binary file not shown.