refactor: get rid of config folder

2026-02-10 04:49:19 -08:00 · 2022-07-08 17:53:16 -07:00 · 2022-07-08 17:53:16 -07:00 · cb3ae5f434
commit cb3ae5f434
parent 2606e1d874
254 changed files with 79 additions and 101 deletions
--- a/services/nextcloud.nix
+++ b/services/nextcloud.nix
@ -0,0 +1,79 @@
+{ config, pkgs, lib, tf, kw, ... }: with lib; let
+  cfg = config.services.nextcloud;
+in {
+  deploy.tf.dns.records.services_internal_cloud = {
+    inherit (config.network.dns) zone;
+    domain = "cloud.int";
+    cname = { inherit (config.network.addresses.yggdrasil) target; };
+  };
+
+  kw.secrets.variables =
+    mapListToAttrs
+      (field:
+        nameValuePair "nextcloud-${field}" {
+          path = "secrets/nextcloud";
+          inherit field;
+        }) [ "adminpass" "dbpass" ];
+
+  secrets.files.nextcloud-adminpass = {
+    text = ''
+      ${tf.variables.nextcloud-adminpass.ref}
+    '';
+    owner = "nextcloud";
+    group = "nextcloud";
+  };
+
+  services.postgresql = {
+    enable = true;
+    ensureDatabases = [ "nextcloud" ];
+    ensureUsers = [{
+      name = "nextcloud";
+      ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
+    }];
+  };
+
+  services.nextcloud = {
+    enable = true;
+    package = pkgs.nextcloud24;
+    config = {
+      dbtype = "pgsql";
+      dbhost = "/run/postgresql";
+      defaultPhoneRegion = "GB";
+      adminpassFile = config.secrets.files.nextcloud-adminpass.path;
+      extraTrustedDomains = [
+        "cloud.kittywit.ch"
+      ];
+    };
+    https = true;
+    enableImagemagick = true;
+    home = "/mnt/zenc/nextcloud";
+    hostName = "cloud.kittywit.ch";
+    autoUpdateApps = {
+      enable = true;
+    };
+  };
+
+  services.nginx.virtualHosts."cloud.kittywit.ch".extraConfig = mkForce ''
+          index index.php index.html /index.php$request_uri;
+          add_header X-Content-Type-Options nosniff;
+          add_header X-XSS-Protection "1; mode=block";
+          add_header X-Robots-Tag none;
+          add_header X-Download-Options noopen;
+          add_header X-Permitted-Cross-Domain-Policies none;
+          add_header X-Frame-Options sameorigin;
+          add_header Referrer-Policy no-referrer;
+          client_max_body_size ${cfg.maxUploadSize};
+          fastcgi_buffers 64 4K;
+          fastcgi_hide_header X-Powered-By;
+          gzip on;
+          gzip_vary on;
+          gzip_comp_level 4;
+          gzip_min_length 256;
+          gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+          gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+          ${optionalString cfg.webfinger ''
+            rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+            rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
+          ''}
+        '';
+}