toph/dot.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

initial working setup for nextcloud

Browse source 
needs more setup
This commit is contained in:
Chris Toph 2024-09-04 00:05:23 -04:00
parent 4ec6ff40e1
commit 99fe50f4fe
3 changed files with 62 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
nixos/configuration.nix
View file

@ -1,7 +1,7 @@
{ modulesPath, config, pkgs, ... }: { modulesPath, config, pkgs, ... }:
let let
hostname = "cloud"; hostname = "cloud";
user = "toph"; admin = "toph";
password = "[REDACTED]"; password = "[REDACTED]";
timeZone = "America/New_York"; timeZone = "America/New_York";
defaultLocale = "en_US.UTF-8"; defaultLocale = "en_US.UTF-8";
@ -19,6 +19,9 @@ in {
# NETWORKING # NETWORKING
networking = { networking = {
firewall = {
allowedTCPPorts = [ 80 443 ];
};
dhcpcd.enable = false; dhcpcd.enable = false;
hostName = hostname; hostName = hostname;
networkmanager.enable = true; networkmanager.enable = true;
@ -38,6 +41,11 @@ in {
}; };
}; };
security.acme = {
acceptTerms = true;
defaults.email = "chris@toph.cc";
};
# LOCALE # LOCALE
time.timeZone = timeZone; time.timeZone = timeZone;
i18n.defaultLocale = defaultLocale; i18n.defaultLocale = defaultLocale;
@ -45,8 +53,12 @@ in {
# USERS # USERS
users = { users = {
mutableUsers = false; mutableUsers = false;
users."${user}" = { users ={
"${admin}" = {
isNormalUser = true; isNormalUser = true;
createHome = true;
homeMode = "750";
home = "/home/${admin}";
password = password; password = password;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
shell = pkgs.fish; shell = pkgs.fish;
@ -54,11 +66,15 @@ in {
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE"
]; ];
}; };
nextcloud.extraGroups = [ "users" "root" "wheel" ];
nextcloud.homeMode = "750";
};
}; };
# Enable passwordless sudo. # Enable passwordless sudo.
security.sudo.extraRules= [ security.sudo.extraRules= [
{ users = [ user ]; { users = [ admin ];
commands = [ commands = [
{ command = "ALL" ; { command = "ALL" ;
options= [ "NOPASSWD" ]; options= [ "NOPASSWD" ];
@ -79,7 +95,13 @@ in {
# PROGRAMS & SERVICES # PROGRAMS & SERVICES
programs.ssh.startAgent = true; programs.ssh.startAgent = true;
services.nextcloud = import ../nextcloud/nextcloud.nix { inherit pkgs config; };
# Nextcloud
environment.etc."nextcloud-admin-pass".text = "snYBkSxkFZ6a7Y";
services.nextcloud = import ./imports/nextcloud.nix { inherit pkgs config; };
# Nginx
services.nginx = import ./imports/nginx.nix;
# Shells # Shells
environment.shells = with pkgs; [ bash fish ]; environment.shells = with pkgs; [ bash fish ];

9
nextcloud/nextcloud.nix → nixos/imports/nextcloud.nix
View file

@ -32,11 +32,14 @@
# }; # };
}; };
config = { settings = {
overwriteprotocol = "https"; overwriteProtocol = "https";
default_phone_region = "US"; default_phone_region = "US";
};
config = {
dbtype = "pgsql"; dbtype = "pgsql";
adminuser = "admin"; adminuser = "admin";
adminpassFile = "./adminpass"; adminpassFile = "/etc/nextcloud-admin-pass";
}; };
} }

23
nixos/imports/nginx.nix Normal file
View file

@ -0,0 +1,23 @@
{
enable = true;
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# Only allow PFS-enabled ciphers with AES256
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
# Setup Nextcloud virtual host to listen on ports
virtualHosts = {
"cloud.ryot.foo" = {
## Force HTTP redirect to HTTPS
forceSSL = true;
## LetsEncrypt
enableACME = true;
};
};
}