mc-fucker/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos-config/modules/nextcloud.nix
mc-fucker ea2a19bece added flag for openssl 3
2022-11-24 15:18:57 +01:00

124 lines
3 KiB
Nix
Raw Blame History

{ pkgs, config, lib, ... }:
let
oo_domain = "onlyoffice.mc-fucker.cool";
domain = "nc.mc-fucker.cool";
in
{
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "corefonts" ]; #allow a single package from unfree
services.postgresql = {
ensureDatabases = [ "nextcloud" ];
ensureUsers = [
{
name = "nextcloud";
ensurePermissions = {
"DATABASE nextcloud" = "ALL PRIVILEGES";
};
}
];
};
services.postgresqlBackup.databases = [ "nextcloud" ];
services.nextcloud = {
autoUpdateApps.enable = true;
enable = true;
caching.redis = true;
hostName = "${domain}";
package = pkgs.nextcloud25;
https = true;
config = {
dbtype = "pgsql";
#dbhost = "postgres";
dbhost = "/run/postgresql";
#dbpassFile = "/etc/nixos/keys/nextcloud-dbpassword";
extraTrustedDomains = [ "mc4" ];
adminpassFile = "/etc/nixos/keys/nextcloud-adminpassword";
adminuser = "Superadmin";
defaultPhoneRegion = "DE";
};
enableBrokenCiphersForSSE = false;
#poolSettings = {
# "pm" = "dynamic";
# "pm.max_children" = "256";
# "pm.max_requests" = "1000";
# "pm.max_spare_servers" = "64";
# "pm.min_spare_servers" = "24";
# "pm.start_servers" = "32";
#};
};
services.nginx = {
#package = pkgs.nginxMainline;
package = pkgs.nginxQuic;
virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
#http3 = true;
extraConfig = ''
access_log /var/log/nginx/${domain}_access.log;
error_log /var/log/nginx/${domain}_error.log;
'';
};
};
services.redis = {
enable = true;
unixSocket = "/run/redis/redis.sock";
unixSocketPerm = 770;
};
services.onlyoffice = {
enable = true;
hostname = oo_domain;
};
services.nginx.virtualHosts."${oo_domain}" = {
forceSSL = true;
enableACME = true;
};
users.users = {
nginx = {
extraGroups = [ "onlyoffice" ];
};
};
users.groups.redis.members = [ "nextcloud" ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
security.acme = {
acceptTerms = true;
defaults.email = "dev@mc-fucker.cool";
};
systemd.services.nextcloud-redis-setup = let
redisConfig = pkgs.writeText "nextcloud-redis-config.php" ''
<?php
$CONFIG = [
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => [
'host' => '${config.services.redis.unixSocket}',
'port' => 0,
'dbindex' => 0,
'timeout' => 1.5,
],
'allow_local_remote_servers' => true,
];
'';
in {
wantedBy = [ "multi-user.target" ];
before = [ "phpfpm-nextcloud.service" ];
script = ''
ln -sf ${redisConfig} ${config.services.nextcloud.datadir}/config/redis.config.php
'';
serviceConfig.Type = "oneshot";
serviceConfig.User = "nextcloud";
};
}
# vim: set et ts=2 sw=2 ai:
Reference in a new issue View git blame Copy permalink