initial working setup for nextcloud

needs more setup
2024-09-04 00:05:23 -04:00 · 2024-09-04 00:05:23 -04:00 · 99fe50f4fe
commit 99fe50f4fe
parent 4ec6ff40e1
3 changed files with 62 additions and 14 deletions
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@ -1,7 +1,7 @@
 { modulesPath, config, pkgs, ... }:
 let
  hostname = "cloud";
-  user = "toph";
+  admin = "toph";
  password = "[REDACTED]";
  timeZone = "America/New_York";
  defaultLocale = "en_US.UTF-8";
@ -19,6 +19,9 @@ in {
  
  # NETWORKING
  networking = {
+    firewall = {
+      allowedTCPPorts = [ 80 443 ];
+    };
    dhcpcd.enable = false;
    hostName = hostname;
    networkmanager.enable = true;
@ -38,6 +41,11 @@ in {
    };
  };

+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "chris@toph.cc";
+  };
+
  # LOCALE
  time.timeZone = timeZone;
  i18n.defaultLocale = defaultLocale;
@ -45,8 +53,12 @@ in {
  # USERS
  users = {
    mutableUsers = false;
-    users."${user}" = {
+    users ={
+      "${admin}" = {
        isNormalUser = true;
+        createHome = true;
+        homeMode = "750";
+        home = "/home/${admin}";
        password = password;
        extraGroups = [ "wheel" ];
        shell = pkgs.fish;
@ -54,11 +66,15 @@ in {
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE"
          ];
      };
+
+      nextcloud.extraGroups = [ "users" "root" "wheel" ];
+      nextcloud.homeMode = "750";
+    };
  };

  # Enable passwordless sudo.
  security.sudo.extraRules= [
-    {  users = [ user ];
+    {  users = [ admin ];
      commands = [
        { command = "ALL" ;
          options= [ "NOPASSWD" ];
@ -79,7 +95,13 @@ in {

  # PROGRAMS & SERVICES
  programs.ssh.startAgent = true;
-  services.nextcloud = import ../nextcloud/nextcloud.nix { inherit pkgs config; }; 
+
+  # Nextcloud
+  environment.etc."nextcloud-admin-pass".text = "snYBkSxkFZ6a7Y";
+  services.nextcloud = import ./imports/nextcloud.nix { inherit pkgs config; };
+  
+  # Nginx
+  services.nginx = import ./imports/nginx.nix;

  # Shells
  environment.shells = with pkgs; [ bash fish ];
--- a/nixos/imports/nextcloud.nix
+++ b/nixos/imports/nextcloud.nix
@ -32,11 +32,14 @@
    # };
  };

-  config = {
-    overwriteprotocol = "https";
+  settings = {
+    overwriteProtocol = "https";
    default_phone_region = "US";
+  };
+
+  config = {
    dbtype = "pgsql";
    adminuser = "admin";
-    adminpassFile = "./adminpass";
+    adminpassFile = "/etc/nextcloud-admin-pass";
  };
 }
--- a/nixos/imports/nginx.nix
+++ b/nixos/imports/nginx.nix
@ -0,0 +1,23 @@
+{
+    enable = true;
+
+    # Use recommended settings
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    # Only allow PFS-enabled ciphers with AES256
+    sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
+
+    # Setup Nextcloud virtual host to listen on ports
+    virtualHosts = {
+
+    "cloud.ryot.foo" = {
+        ## Force HTTP redirect to HTTPS
+        forceSSL = true;
+        ## LetsEncrypt
+        enableACME = true;
+        };
+    };
+}