rework nextcloud service

This commit is contained in:
2025-07-29 14:38:22 +07:00
parent 99c3ee6ffe
commit 49ed4d78c3
15 changed files with 177 additions and 68 deletions

View File

@@ -17,6 +17,8 @@
global.excludes = [
"sops/*"
"vars/*"
"*/sops/*"
"*/vars/*"
"*/.gitignore"
"LICENSE"

View File

@@ -9,7 +9,6 @@
clan = {
modules = {
pocket-id = ../modules/clan/pocket-id;
nextcloud = ../modules/clan/nextcloud;
stirling-pdf = ../modules/clan/stirling-pdf;
actual-budget = ../modules/clan/actual-budget;
victoria-metrics = ../modules/clan/victoria-metrics;

View File

@@ -0,0 +1,35 @@
{ config, pkgs, ... }:
let
ncDomain = "${config.clan.core.vars.generators.nextcloud.files.subdomain.value}.${config.networking.fqdn}";
in
{
clan.core.vars.generators.nextcloud = {
files.subdomain.secret = false;
prompts = {
subdomain = {
persist = true;
type = "line";
description = "Sub-domain for Nextcloud app. Default:(cloud)";
};
};
script = ''cat $prompts/subdomain | echo -n "cloud" > $out/subdomain'';
};
services.nextcloud = {
hostName = ncDomain;
package = pkgs.nextcloud31;
settings = {
overwriteprotocol = "https";
trusted_domains = [ ];
trusted_proxies = [ ];
};
};
services.nginx.virtualHosts."${ncDomain}" = {
useACMEHost = "${config.networking.fqdn}";
forceSSL = true;
};
}

View File

@@ -1,3 +1,4 @@
{ ... }:
{
_class = "clan.service";
manifest.name = "nextcloud";
@@ -5,44 +6,20 @@
manifest.categories = [ "System" ];
roles.default = {
interface =
{ lib, pkgs, ... }:
{
options = {
domain = lib.mkOption {
type = lib.types.str;
default = "cloud";
description = "Sub domain for Nextcloud to run.";
};
package = lib.mkOption {
type = lib.types.package;
description = "Which package to use for the Nextcloud instance.";
};
};
};
perInstance =
{
settings,
...
}:
{
nixosModule =
perInstance.nixosModule =
{
config,
pkgs,
lib,
...
}:
let
domain = "${settings.domain}.${config.networking.fqdn}";
nextcloudUser = "nextcloud";
in
{
clan.core.vars.generators.nextcloud = {
files = {
adminpassFile = {
owner = nextcloudUser;
group = nextcloudUser;
owner = "nextcloud";
group = "nextcloud";
secret = true;
};
};
@@ -53,30 +30,20 @@
pkgs.xkcdpass
];
};
services.nextcloud = {
enable = true;
hostName = domain;
package = pkgs.nextcloud31;
database.createLocally = true;
enable = lib.mkDefault true;
hostName = lib.mkDefault "localhost";
database.createLocally = lib.mkDefault true;
config = {
dbtype = "pgsql";
dbhost = "/run/postgresql";
dbuser = nextcloudUser;
dbname = nextcloudUser;
adminuser = "admin";
adminpassFile = config.clan.core.vars.generators.nextcloud.files.adminpassFile.path;
dbtype = lib.mkDefault "pgsql";
dbhost = lib.mkDefault "/run/postgresql";
dbuser = lib.mkDefault "nextcloud";
dbname = lib.mkDefault "nextcloud";
adminuser = lib.mkDefault "admin";
adminpassFile = lib.mkDefault config.clan.core.vars.generators.nextcloud.files.adminpassFile.path;
};
settings = {
overwriteprotocol = "https";
trusted_domains = [ ];
trusted_proxies = [ ];
};
};
services.nginx.virtualHosts."${domain}" = {
useACMEHost = "${config.networking.fqdn}";
forceSSL = true;
};
};
};
};

View File

@@ -0,0 +1,19 @@
{ lib, ... }:
let
module = lib.modules.importApply ./default.nix { };
in
{
clan.modules = {
nextcloud = module;
};
perSystem =
{ ... }:
{
clan.nixosTests.nextcloud = {
imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/nextcloud" = module;
};
};
}

View File

@@ -0,0 +1,36 @@
{
...
}:
{
name = "service-nextcloud";
clan = {
directory = ./.;
inventory = {
machines.server = { };
instances = {
nextcloud-test = {
module.name = "@clan/nextcloud";
module.input = "self";
roles.default.machines."server" = { };
};
};
};
};
nodes = {
server = {
services.nextcloud = { };
};
};
testScript = ''
start_all()
server.wait_for_unit("phpfpm-nextcloud.service")
# Check that garage is running
server.succeed("systemctl status phpfpm-nextcloud.service")
'';
}

View File

@@ -0,0 +1,6 @@
[
{
"publickey": "age15md5wyqzn4jwc7pgyjkjhcd6nfuct9gxgrl7x5qxdzgvrh32ruvqmk3wfq",
"type": "age"
}
]

View File

@@ -0,0 +1,15 @@
{
"data": "ENC[AES256_GCM,data:LtzjjbqrzdiFqw5sEI6nYAjLuWJOqiEcO9T8POnjDHK0l55RAxLLzlc1w2DTRPd46vAFy04IYgPiwwQJj8WuYdgjymXTyVqGvNA=,iv:q/L8DpR9E/NNIW2cNFft/e65xGHK9HN19W8ISd6lgdA=,tag:7XFi8VgfG40I0wSHqasXSQ==,type:str]",
"sops": {
"age": [
{
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMGF5Q3V5T29ub09XL0Mx\nUVBlSUc2TnRkaGxoQW5uMzUzd04xOWFYRkNBClZ3eVU3dEovWDVZSkR0bnRRY3Bn\nOFNQWDFRckFxVlpvTVRsa01ad0NkRDAKLS0tIGd2UDV3cWZTTkF6V3p4Y3ZKOXdo\nY1doTFoyT2dSaG93b0lGb01YaExDTXMKe4wjgOysbF+NKlnmQgard1N6Xhazex7y\nCuvGnbcy2TLxDNhjdgjoOxUV1xQWnwoYOF1QDbL7l2k59iE3lzUG8Q==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-07-29T03:24:54Z",
"mac": "ENC[AES256_GCM,data:s6W/U0FekNcDdKk9/L54Q0V/XZhrDQwP/moNFbxbucD0sAXzEYMWbWTDNCz6/NVtqr3A++Vk65LFr8bgWuh4uxekXrLDN0Pyb7AJpDkp7IlE6ijT3cQk+OVpcpTt+FgFt3JZLyrmOL/H638sg4c0bptN+Fj8LrNXFdauWCDBlkA=,iv:oiEPi/zvH0m312ezyT0SnUavlX47pduzyz8NIwuCaNs=,tag:e6KkwWAJSZbiliKm4VT6yw==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}

View File

@@ -0,0 +1 @@
../../../users/admin

View File

@@ -0,0 +1,4 @@
{
"publickey": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
"type": "age"
}

View File

@@ -0,0 +1 @@
../../../../../../sops/machines/server

View File

@@ -0,0 +1,19 @@
{
"data": "ENC[AES256_GCM,data:NVuUW3KNwUUs/Cwswvi4kDo8GZM453y/TRlHWut3OA==,iv:7rSqlQxgJCRecmpNrmGZeT03f1eOuO+W8O2QBkoKdXc=,tag:F9WkMVBV8zh4L86sBA4LVQ==,type:str]",
"sops": {
"age": [
{
"recipient": "age15md5wyqzn4jwc7pgyjkjhcd6nfuct9gxgrl7x5qxdzgvrh32ruvqmk3wfq",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBic1hPNFdyYzE5UndKNEtj\neDdJc2RuN0Y5WTB2d1h0ZFVJRUpnTnA3TW5JCklqUzFucVNKU3JLeG5JVG1KR05q\ncVg2OFBRNW1RZ0pwWnc2eFlmYzEzZ2MKLS0tIEJod0QvMHBZVlpxMldGdTRmRTNB\nQmVOQ2U2bDd0WTQvRFJnZ2NybFJoTFEKiimfshCLluicTeVyLbFQDm+8JMXBx/n0\n9NwAb4mJwQ8B0qlFsdiXZU4pP02aw7f/NH4hX6BvBBw+SP42plkmfw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFV3FmNlJHeEhKT3NUVG9K\nNXNGdDlsVmtnWng5dGlIaVNRdXlaWVdNdmhrCi9KLzZYVWxpanlLUzJKVDlRSHlM\nRFFtditYZ1lXY3pFeUNXTk9OVitSd3MKLS0tIERVWHFNZitETlRuNEpDS1FxVS9C\nMk5UNlBjTkNRTFc5T0J1TTlZZm1ZOG8KWwGkEKK8nEWib4Va9lrVFnHU0m0zPjFE\n/3eMObt62ngwrmbAq0bNe2gFiC/OhLDf5BixldSgSeu9AenRz3Mdjg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-07-29T03:24:55Z",
"mac": "ENC[AES256_GCM,data:B3LUWx3g6P5R006NrsFMZNc466qFadfnlXS5hitToZrNEf9VN3NlINwi2liYf9JjgSXXVV6IybVoW7LYDFRNRrG2QXfvWEfozVr/JtjvufcmuyM96PbzURUfOKndau1GbJagUO4MH3l3AEvkZnSRR3nIKWGYZDiJTNo8yRIK7nw=,iv:IXdWo8y9jPYgII5HRJ6sRxb3WOcKdifDsZoU4tusDuQ=,tag:xdqph+Y2nMYNDD3hbxCcXA==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}

View File

@@ -0,0 +1 @@
../../../../../../sops/users/admin

View File

@@ -8,7 +8,10 @@
{
devshells.default = {
devshell = {
packages = [ inputs.clan-core.packages.${system}.clan-cli ];
packages = [
inputs.clan-core.packages.${system}.clan-cli
inputs.clan-core.packages.${system}.generate-test-vars
];
};
};
};

View File

@@ -0,0 +1 @@
cloud