caddy support multi domain

2025-01-06 18:24:12 +01:00 · 2025-01-06 18:24:12 +01:00 · fdcc829acf
commit fdcc829acf
parent f15e521895
13 changed files with 344 additions and 141 deletions
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@ -12,6 +12,14 @@ in
  options.my.services.nextcloud = {
    enable = lib.mkEnableOption "Enable Nextcloud module";

+    adminPasswordFile = lib.mkOption {
+      default = "";
+      type = lib.types.str;
+      description = ''
+        Path to the file containing the admin password for Nextcloud
+      '';
+    };
+
    proxy = {
      enable = lib.mkEnableOption "Set the proxy entry for this service";

@ -23,6 +31,22 @@ in
        '';
      };

+      subdomain = lib.mkOption {
+        default = "nextcloud";
+        type = lib.types.str;
+        description = ''
+          The subdomain where Nextcloud is reachable
+        '';
+      };
+
+      officeSubdomain = lib.mkOption {
+        default = "office";
+        type = lib.types.str;
+        description = ''
+          The subdomain where Collabora Online is reachable
+        '';
+      };
+
      host = lib.mkOption {
        default = "localhost";
        type = lib.types.str;
@ -37,15 +61,6 @@ in
  config = lib.mkMerge [
    (lib.mkIf cfg.enable {

-      age.secrets = {
-        nextcloud-admin-pwd = {
-          file = ../../secrets/nextcloud-admin-pwd.age;
-          owner = "nextcloud";
-          group = "nextcloud";
-          mode = "770";
-        };
-      };
-
      services = {

        nextcloud = {
@ -90,7 +105,7 @@ in
          config = {
            dbtype = "pgsql";
            adminuser = "admin";
-            adminpassFile = config.age.secrets.nextcloud-admin-pwd.path;
+            adminpassFile = cfg.adminPasswordFile;
          };

          # Let NixOS install and configure the database automatically.
@ -160,12 +175,12 @@ in

    (lib.mkIf cfg.proxy.enable {
      services.caddy = with cfg.proxy; {
-        virtualHosts."cloud.${domain}".extraConfig = ''
+        virtualHosts."${subdomain}.${domain}".extraConfig = ''
          reverse_proxy http://${host}:80
-          import cloudflare
+          import cloudflare_${domain}
        '';
-        virtualHosts."office.${domain}".extraConfig = ''
-          import cloudflare
+        virtualHosts."${officeSubdomain}.${domain}".extraConfig = ''
+          import cloudflare_${domain}
          reverse_proxy http://${host}:${toString config.services.collabora-online.port} {
            # Required to circumvent bug of Onlyoffice loading mixed non-https content
            header_up X-Forwarded-Proto https