updates

Former-commit-id: d2d113fab5

server-modules/bitwarden.nix

@@ -1,34 +1,26 @@
 { config, ... }:
 let domain = "vault.hadi.diy";
 in {
-  services.vaultwarden = {
-    enable = true;
-    config = {
-      DOMAIN = "https://" + domain;
-      SIGNUPS_ALLOWED = true;
-      ROCKET_ADDRESS = "127.0.0.1";
-      ROCKET_PORT = 8222;
-      ROCKET_LOG = "critical";
+  services = {
+    vaultwarden = {
+      enable = true;
+      config = {
+        DOMAIN = "https://" + domain;
+        SIGNUPS_ALLOWED = true;
+        ROCKET_ADDRESS = "127.0.0.1";
+        ROCKET_PORT = 8222;
+        ROCKET_LOG = "critical";
+      };
     };
-  };
 
-  services.nginx.virtualHosts."${domain}" = {
-    useACMEHost = "hadi.diy";
-    forceSSL = true;
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:${
-          toString config.services.vaultwarden.config.ROCKET_PORT
-        }";
+    nginx.virtualHosts."${domain}" = {
+      useACMEHost = "hadi.diy";
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${
+            toString config.services.vaultwarden.config.ROCKET_PORT
+          }";
+      };
     };
   };
-
-  security.acme.certs."hadi.diy" = {
-    domain = "hadi.diy";
-    extraDomainNames = [ "*.hadi.diy" ];
-    group = "nginx";
-
-    dnsProvider = "cloudflare";
-    dnsPropagationCheck = true;
-    credentialsFile = config.sops.secrets.cloudflare-dns-token.path;
-  };
 }

server-modules/nextcloud.nix

@@ -0,0 +1,50 @@
+{ pkgs, config, ... }:
+let domain = "cloud.hadi.diy";
+in {
+  services = {
+    nginx.virtualHosts = {
+      "${domain}" = {
+        # DNS-01 challenge
+        useACMEHost = "hadi.diy";
+        forceSSL = true;
+      };
+    };
+    nextcloud = {
+      enable = true;
+      hostName = domain;
+      package = pkgs.nextcloud31;
+      database.createLocally = true;
+      configureRedis = true;
+      maxUploadSize = "16G";
+      https = true;
+      autoUpdateApps.enable = true;
+      settings = {
+        trusted_domains = [ domain ];
+        default_phone_region = "FR";
+        overwriteprotocol = "https";
+      };
+      extraAppsEnable = true;
+      extraApps = with config.services.nextcloud.package.packages.apps; {
+        # List of apps we want to install and are already packaged in
+        # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
+        # inherit calendar contacts notes onlyoffice tasks cookbook qownnotesapi;
+        inherit cookbook;
+        # Custom app example.
+        #        socialsharing_telegram = pkgs.fetchNextcloudApp rec {
+        #          url =
+        #            "https://github.com/nextcloud-releases/socialsharing/releases/download/v3.0.1/socialsharing_telegram-v3.0.1.tar.gz";
+        #          license = "agpl3";
+        #          sha256 = "sha256-8XyOslMmzxmX2QsVzYzIJKNw6rVWJ7uDhU1jaKJ0Q8k=";
+        #        };
+      };
+      config = {
+        dbtype = "pgsql";
+        adminuser = "hadi";
+        adminpassFile = config.sops.secrets.nextcloud-pwd.path;
+      };
+      # Suggested by Nextcloud's health check.
+      phpOptions."opcache.interned_strings_buffer" = "16";
+    };
+
+  };
+}

server-modules/nginx.nix

@@ -6,5 +6,16 @@
     defaults.email = config.var.git.email;
   };
 
+  security.acme.certs."hadi.diy" = {
+    domain = "hadi.diy";
+    extraDomainNames = [ "*.hadi.diy" ];
+    group = "nginx";
+
+    dnsProvider = "cloudflare";
+    dnsPropagationCheck = true;
+    credentialsFile = config.sops.secrets.cloudflare-dns-token.path;
+  };
+
   networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedUDPPorts = [ 80 443 ];
 }