newedge/infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: newedge:4e7dcebd932f38bfb9d07faad1379efa06c51fcd
Branches Tags
newedge:main newedge:mob/asterisk newedge:mob/fax-machine-relay newedge:asterisk newedge:fax-machine-relay newedge:whitehouse-router newedge:mob/vega-backup newedge:mob/router-device newedge:router-device newedge:vega-backup newedge:mob/inventree-test newedge:inventree-test newedge:mob/noreply-mailer newedge:noreply-mailer newedge:mob/vega-ups newedge:b4l-vpn newedge:vega-ups newedge:mob/gitea newedge:gitea
...
compare: newedge:ba9b6868e4c59f3c0e623fbfbd34cd2bcf2deb9c
Branches Tags
newedge:mob/asterisk newedge:mob/fax-machine-relay newedge:asterisk newedge:fax-machine-relay newedge:main newedge:whitehouse-router newedge:mob/vega-backup newedge:mob/router-device newedge:router-device newedge:vega-backup newedge:mob/inventree-test newedge:inventree-test newedge:mob/noreply-mailer newedge:noreply-mailer newedge:mob/vega-ups newedge:b4l-vpn newedge:vega-ups newedge:mob/gitea newedge:gitea

2 Commits
4e7dcebd93 ... ba9b6868e4

Author SHA1 Message Date
kurogeek
ba9b6868e4 nextcloud service 2025-07-16 14:17:11 +07:00
kurogeek
0510e56534 enable ACME on main domain 2025-07-16 14:16:42 +07:00
6 changed files with 120 additions and 0 deletions
Expand all files Collapse all files

10
inventories/default.nix
View File

@@ -2,12 +2,14 @@
inputs,
self,
lib,
pkgs,
...
}:
{
clan = {
modules = {
pocket-id = ../modules/clan/pocket-id;
nextcloud = ../modules/clan/nextcloud;
};
inventory = {
@@ -27,6 +29,14 @@
};
roles.default.machines.b4l = { };
};
nextcloud = {
module = {
name = "nextcloud";
input = "self";
};
roles.default.machines.b4l = { };
};
};
services = {

6
machines/b4l/configuration.nix
View File

@@ -1,3 +1,4 @@
{ config, ... }:
{
imports = [
@@ -12,4 +13,9 @@
networking.fqdn = "b4l.co.th";
system.stateVersion = "25.11";
security.acme.defaults.email = "admin@b4l.co.th";
security.acme.acceptTerms = true;
services.nginx.virtualHosts."${config.networking.fqdn}" = {
enableACME = true;
};
}

83
modules/clan/nextcloud/default.nix Normal file
View File

@@ -0,0 +1,83 @@
{
_class = "clan.service";
manifest.name = "nextcloud";
manifest.description = "Nextcloud server, a safe home for all your data";
manifest.categories = [ "System" ];
roles.default = {
interface =
{ lib, pkgs, ... }:
{
options = {
domain = lib.mkOption {
type = lib.types.str;
default = "cloud";
description = "Sub domain for Nextcloud to run.";
};
package = lib.mkOption {
type = lib.types.package;
description = "Which package to use for the Nextcloud instance.";
};
};
};
perInstance =
{
settings,
...
}:
{
nixosModule =
{
config,
pkgs,
...
}:
let
domain = "${settings.domain}.${config.networking.fqdn}";
nextcloudUser = "nextcloud";
in
{
clan.core.vars.generators.nextcloud = {
files = {
adminpassFile = {
owner = nextcloudUser;
group = nextcloudUser;
secret = true;
};
};
script = ''
xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/adminpassFile
'';
runtimeInputs = [
pkgs.xkcdpass
];
};
services.nextcloud = {
enable = true;
hostName = domain;
package = pkgs.nextcloud31;
database.createLocally = true;
config = {
dbtype = "pgsql";
dbhost = "/run/postgresql";
dbuser = nextcloudUser;
dbname = nextcloudUser;
adminuser = "admin";
adminpassFile = config.clan.core.vars.generators.nextcloud.files.adminpassFile.path;
};
settings = {
overwriteprotocol = "https";
trusted_domains = [ ];
trusted_proxies = [ ];
};
};
services.nginx.virtualHosts."${domain}" = {
useACMEHost = "${config.networking.fqdn}";
forceSSL = true;
};
};
};
};
}

1
vars/per-machine/b4l/nextcloud/adminpassFile/machines/b4l Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/machines/b4l

19
vars/per-machine/b4l/nextcloud/adminpassFile/secret Normal file
View File

@@ -0,0 +1,19 @@
{
"data": "ENC[AES256_GCM,data:OgzVf3R/puWxEQ49D+Ex5Ldqh+WBFu/8dGnTEA9GY7Qm,iv:X1DFwWVkf5vqYpH6XxLCpN0LSqriaw2f0s1VDoNAMu4=,tag:V4Aic2ttraDvOiZDu5RcCw==,type:str]",
"sops": {
"age": [
{
"recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCcmJlZFVvTHZDdGtCV3ZV\ndys5TXJVbkFhcnhDZS9ESDBRc0FPV2NIaDEwClhJbzRENWtEdUoyOW9xTE1KNExD\neUdUNTZFcFFvZXZWNjlVNnJQZ3ZaOUEKLS0tIHFhNXpydS9HVVpGUGxxZWxZRjhx\nUEpUYVhPZkFVMEIydUtnNS8zNlplQTAKyONTjik4yiJHjIz4XlLCL8Pn6zQCWJ+8\nH16EvR2IKvfWIbOVghJCgIdzR98ilvbBAmfO4b0d/7BRBdcRsX5d1A==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1sg0rvgyetdcqw7j2x983fh69kdkvqsngpe5x36e5920qa7fze3cqhj4wgx",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCV1FQeWhpVm9FZzNtc3dh\ncXhsZnVVT09jTXFYZEw3bWFlbVhhemRhV2xZCm9SaVplN3lKQ2NlM2RGVUNGeE1N\nV1ZYRkExUDUwY3NnS0J6VmVCNkVHMUUKLS0tIHM4U3RqdUNDYzBNditIUTZLMGR2\nUHFGTnJ5K0hKaEZiTjdJMlF1MVB3d1UK9GwDc1dVTUpowFoiQvYJqXigHMRLNURY\n2D7UKQX5wwwKfAwFwP6HQdxX4WWsNefaxUSzW53zqnbJn0kkqi1Mhg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-07-14T09:48:21Z",
"mac": "ENC[AES256_GCM,data:2B/KG/5PW5GTuE0mr9eMz2jGex8d4ResWQ3LDPB0Cs7jAs/gALrxu0xGqndrONsLieNKa/1q1BQWmrpw6/MBdt8DF6t+d6zA1bhiV8orOKCp0uWGzSqM5f+i0fl1NoyxP+MFdzLYBJrHkMgC1YcJh8nfeoVKGuFxhIigU6H2Cys=,iv:AcsTRzYDqUDeFiP/pGqDiiSoajlUz4Y4U1fZF9W5EhA=,tag:QeiuQ6X2FVcGf90qmuYk8w==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}

1
vars/per-machine/b4l/nextcloud/adminpassFile/users/kurogeek Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/users/kurogeek