Nextcloud: enable deployment

2023-07-10 12:09:49 +01:00 · 2023-07-10 12:09:49 +01:00 · 4fbdfd9761
commit 4fbdfd9761
parent db063ba40a
3 changed files with 16 additions and 12 deletions
--- a/baldur/configuration.nix
+++ b/baldur/configuration.nix
@ -83,7 +83,8 @@
            enableACME = true;
            forceSSL = true;
          };
-          loki = "172.23.254.55";
+          loki_ipv4 = "172.23.254.55";
+          freya_ipv4 = "172.23.18.147";
        in
        {
          "unimi.bertof.net" = ssl // {
@ -92,7 +93,7 @@
          };
          "home-assistant.bertof.net" = ssl // {
            locations."/" = {
-              proxyPass = "http://${loki}:8123/";
+              proxyPass = "http://${loki_ipv4}:8123/";
              proxyWebsockets = true;
            };
            extraConfig = ''
@ -102,25 +103,25 @@
          };
          "radarr.bertof.net" = ssl // {
            locations."/" = {
-              proxyPass = "http://${loki}:7878/";
+              proxyPass = "http://${loki_ipv4}:7878/";
              proxyWebsockets = true;
            };
          };
          "sonarr.bertof.net" = ssl // {
            locations."/" = {
-              proxyPass = "http://${loki}:8989/";
+              proxyPass = "http://${loki_ipv4}:8989/";
              proxyWebsockets = true;
            };
          };
          "jellyfin.bertof.net" = ssl // {
            locations."/" = {
-              proxyPass = "http://${loki}:8096/";
+              proxyPass = "http://${loki_ipv4}:8096/";
              proxyWebsockets = true;
            };
          };
          "my-nextcloud.bertof.net" = ssl // {
            locations."/" = {
-              proxyPass = "http://freya.local:80/";
+              proxyPass = "http://${freya_ipv4}:80/";
              proxyWebsockets = true;
            };
          };
--- a/flake.nix
+++ b/flake.nix
@ -209,7 +209,7 @@
              ./freya/configuration.nix

              ./nixos_modules/garage.nix
-              # ./nixos_modules/nextcloud.nix
+              ./nixos_modules/nextcloud.nix
            ] ++ homeManagerModules ++ [
              { home-manager.users.bertof = import ./freya/hm.nix; }
            ];
--- a/nixos_modules/nextcloud.nix
+++ b/nixos_modules/nextcloud.nix
@ -1,4 +1,4 @@
-{ config, ... }: {
+{ pkgs, config, ... }: {

  age.secrets = {
    nextcloud_admin_secret = { file = ../secrets/nextcloud_admin_secret.age; owner = "nextcloud"; };
@ -12,16 +12,17 @@

  services.nextcloud = {
    enable = true;
-    # package = pkgs.unstable_pkgs.nextcloud26;
+    package = pkgs.nextcloud26;

    hostName = "my-nextcloud.bertof.net";
-    maxUploadSize = "32G";
-    config.trustedProxies = [ "172.23.4.159" ];
+    maxUploadSize = "24G";
+    config.trustedProxies = [ "172.23.4.159" "fd80:56c2:e21c:f9c7:5399:93be:21a9:9fa0" "fe80::3079:d8ff:feb5:7d62" ];
    config.extraTrustedDomains = [ config.services.nextcloud.hostName "freya.local" ];
    config.adminpassFile = config.age.secrets.nextcloud_admin_secret.path;
+    config.overwriteProtocol = "https";
    config.objectstore.s3 = {
      enable = true;
-      bucket = "nextcloud";
+      bucket = "nextcloud-storage";
      autocreate = false;
      key = "GK622e38479552cbbbba48fd04";
      secretFile = config.age.secrets.nextcloud_bucket_secret.path;
@ -32,4 +33,6 @@
      usePathStyle = true;
    };
  };
+
+  networking.firewall.allowedTCPPorts = [ 80 ];
 }