updates

Former-commit-id: d2d113fab5

hosts/server/configuration.nix

@@ -9,9 +9,10 @@
     ../../nixos/tailscale.nix
 
     ../../server-modules/ssh.nix
-    # ../../server-modules/bitwarden.nix
+    ../../server-modules/bitwarden.nix
     ../../server-modules/firewall.nix
     ../../server-modules/nginx.nix
+    ../../server-modules/nextcloud.nix
 
     # You should let those lines as is
     ./hardware-configuration.nix

hosts/server/secrets/default.nix

@@ -13,7 +13,8 @@
         path = "/home/hadi/.ssh/github";
         mode = "0600";
       };
-      # cloudflare-dns-token = { path = "/etc/cloudflare/dnskey.txt"; };
+      cloudflare-dns-token = { path = "/etc/cloudflare/dnskey.txt"; };
+      nextcloud-pwd = { path = "/etc/nextcloud/pwd.txt"; };
     };
   };
 }

server-modules/bitwarden.nix

@@ -1,7 +1,8 @@
 { config, ... }:
 let domain = "vault.hadi.diy";
 in {
-  services.vaultwarden = {
+  services = {
+    vaultwarden = {
       enable = true;
       config = {
         DOMAIN = "https://" + domain;
@@ -12,7 +13,7 @@ in {
       };
     };
 
-  services.nginx.virtualHosts."${domain}" = {
+    nginx.virtualHosts."${domain}" = {
       useACMEHost = "hadi.diy";
       forceSSL = true;
       locations."/" = {
@@ -21,14 +22,5 @@ in {
           }";
       };
     };
-
-  security.acme.certs."hadi.diy" = {
-    domain = "hadi.diy";
-    extraDomainNames = [ "*.hadi.diy" ];
-    group = "nginx";
-
-    dnsProvider = "cloudflare";
-    dnsPropagationCheck = true;
-    credentialsFile = config.sops.secrets.cloudflare-dns-token.path;
   };
 }

server-modules/nextcloud.nix

@@ -0,0 +1,50 @@
+{ pkgs, config, ... }:
+let domain = "cloud.hadi.diy";
+in {
+  services = {
+    nginx.virtualHosts = {
+      "${domain}" = {
+        # DNS-01 challenge
+        useACMEHost = "hadi.diy";
+        forceSSL = true;
+      };
+    };
+    nextcloud = {
+      enable = true;
+      hostName = domain;
+      package = pkgs.nextcloud31;
+      database.createLocally = true;
+      configureRedis = true;
+      maxUploadSize = "16G";
+      https = true;
+      autoUpdateApps.enable = true;
+      settings = {
+        trusted_domains = [ domain ];
+        default_phone_region = "FR";
+        overwriteprotocol = "https";
+      };
+      extraAppsEnable = true;
+      extraApps = with config.services.nextcloud.package.packages.apps; {
+        # List of apps we want to install and are already packaged in
+        # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
+        # inherit calendar contacts notes onlyoffice tasks cookbook qownnotesapi;
+        inherit cookbook;
+        # Custom app example.
+        #        socialsharing_telegram = pkgs.fetchNextcloudApp rec {
+        #          url =
+        #            "https://github.com/nextcloud-releases/socialsharing/releases/download/v3.0.1/socialsharing_telegram-v3.0.1.tar.gz";
+        #          license = "agpl3";
+        #          sha256 = "sha256-8XyOslMmzxmX2QsVzYzIJKNw6rVWJ7uDhU1jaKJ0Q8k=";
+        #        };
+      };
+      config = {
+        dbtype = "pgsql";
+        adminuser = "hadi";
+        adminpassFile = config.sops.secrets.nextcloud-pwd.path;
+      };
+      # Suggested by Nextcloud's health check.
+      phpOptions."opcache.interned_strings_buffer" = "16";
+    };
+
+  };
+}

server-modules/nginx.nix

@@ -6,5 +6,16 @@
     defaults.email = config.var.git.email;
   };
 
+  security.acme.certs."hadi.diy" = {
+    domain = "hadi.diy";
+    extraDomainNames = [ "*.hadi.diy" ];
+    group = "nginx";
+
+    dnsProvider = "cloudflare";
+    dnsPropagationCheck = true;
+    credentialsFile = config.sops.secrets.cloudflare-dns-token.path;
+  };
+
   networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedUDPPorts = [ 80 443 ];
 }