Merge pull request #431 from genebean/nextcloud

Setting up Nextcloud

flake.nix

@@ -207,7 +207,9 @@
         system = "x86_64-linux";
         hostname = "nixnuc";
         username = "gene";
-        additionalModules = [];
+        additionalModules = [
+          simple-nixos-mailserver.nixosModule
+        ];
         additionalSpecialArgs = {};
       };
       rainbow-planet = nixosHostConfig {

modules/hosts/nixos/nixnuc/default.nix

@@ -52,6 +52,24 @@ in {
       intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
     ];
   };
+  
+  mailserver = {
+    enable = true;
+    enableImap = false;
+    enableImapSsl = false;
+    fqdn = "mail.${home_domain}";
+    domains = [
+      home_domain
+    ];
+    forwards = {
+      "${username}@localhost" = "${username}@technicalissues.us";
+      "root@localhost" = "root@technicalissues.us";
+      "root@${config.networking.hostName}" = "root@technicalissues.us";
+    };
+
+    # Use Let's Encrypt certificates from Nginx
+    certificateScheme = "acme";
+  };
 
   networking = {
     # Open ports in the firewall.
@@ -138,6 +156,53 @@ in {
       openFirewall = true;
     };
     lldpd.enable = true;
+    nextcloud = {
+      enable = true;
+      hostName = "nextcloud.home.technicalissues.us";
+      package = pkgs.nextcloud29; # Need to manually increment with every major upgrade.
+      appstoreEnable = true;
+      autoUpdateApps.enable = true;
+      config = {
+        adminuser = username;
+        adminpassFile = config.sops.secrets.nextcloud_admin_pass.path;
+        dbtype = "pgsql";
+      };
+      configureRedis = true;
+      database.createLocally = true;
+      #extraApps = with config.services.nextcloud.package.packages.apps; {
+      #  # List of apps we want to install and are already packaged in
+      #  # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
+      #  inherit calendar contacts cookbook maps notes tasks;
+      #};
+      #extraAppsEnable = true;
+      home = "/orico/nextcloud";
+      https = true;
+      maxUploadSize = "100G"; # Increase the PHP maximum file upload size
+      phpOptions."opcache.interned_strings_buffer" = "16"; # Suggested by Nextcloud's health check.
+      settings = {
+        default_phone_region = "US";
+        # https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#enabledpreviewproviders
+        enabledPreviewProviders = [
+          "OC\\Preview\\BMP"
+          "OC\\Preview\\GIF"
+          "OC\\Preview\\JPEG"
+          "OC\\Preview\\Krita"
+          "OC\\Preview\\MarkDown"
+          "OC\\Preview\\MP3"
+          "OC\\Preview\\OpenDocument"
+          "OC\\Preview\\PNG"
+          "OC\\Preview\\TXT"
+          "OC\\Preview\\XBitmap"
+
+          "OC\\Preview\\HEIC"
+          "OC\\Preview\\Movie"
+        ];
+        log_type = "file";
+        maintenance_window_start = 5;
+        overwriteProtocol = "https";
+        "profile.enabled" = true;
+      };
+    };
     nginx = {
       enable = true;
       recommendedGzipSettings = true;
@@ -183,15 +248,16 @@ in {
 
         "${home_domain}" = {
           default = true;
-          serverAliases = [ "nix-tester.${home_domain}" ];
+          serverAliases = [
+            "mail.${home_domain}"
+            "nix-tester.${home_domain}"
+          ];
           listen = [
-            { port = http_port; addr = "0.0.0.0"; }
             { port = https_port; addr = "0.0.0.0"; ssl = true; }
           ];
           enableACME = true;
           acmeRoot = null;
-          addSSL = true;
+          forceSSL = true;
-          forceSSL = false;
           locations."/" = {
             return = "200 '<h1>Hello world ;)</h1>'";
             extraConfig = ''
@@ -237,6 +303,11 @@ in {
             proxy_max_temp_file_size 0;
           '';
         };
+        "nextcloud.${home_domain}" = {
+          enableACME = true;
+          acmeRoot = null;
+          forceSSL = true;
+        };
         "onlyoffice.${home_domain}" = {
           listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
           enableACME = true;
@@ -261,12 +332,23 @@ in {
         };
       };
     };
+    postgresql = {
+      enable = true;
+      package = pkgs.postgresql_16;
+    };
+    postgresqlBackup = {
+      enable = true;
+      backupAll = true;
+      startAt = "*-*-* 23:00:00";
+    };
     resolved.enable = true;
     restic.backups.daily.paths = [
-      "/orico/jellyfin/data"
+      config.services.nextcloud.home
-      "/orico/jellyfin/staging/downloaded-files"
       "${config.users.users.${username}.home}/compose-files/tandoor"
       "${config.users.users.${username}.home}/compose-files/wallabag"
+      "/orico/jellyfin/data"
+      "/orico/jellyfin/staging/downloaded-files"
+      "/var/backup/postgresql"
     ];
     zfs.autoScrub.enable = true;
   };
@@ -283,6 +365,14 @@ in {
         owner = "${username}";
         path = "/home/${username}/.private-env";
       };
+      nextcloud_admin_pass.owner = config.users.users.nextcloud.name;
+    };
+  };
+
+  systemd.services = {
+    "nextcloud-setup" = {
+      requires = ["postgresql.service"];
+      after = ["postgresql.service"];
     };
   };
 

modules/hosts/nixos/nixnuc/secrets.yaml

@@ -1,6 +1,7 @@
 tailscale_key: ENC[AES256_GCM,data:aB3KUD4QYm+ZDrjjLcU3gQ8kneVGkVYBsrkVcioOhxunal2FekLDrpKxJwNXuiwx2M5vipnGAEPO,iv:e+tPPfVYkv4U0KRGwspWb1O3ZQom/WFFGm9H9cd/KKE=,tag:ZG5z1C18bj1L7DcGzunQ0w==,type:str]
 local_git_config: ENC[AES256_GCM,data:Nqwog5C4wnRzNoS4oqaYQ4J1DIj7fUL1y/nXESquR0N7KQ+ebhvuJnM=,iv:Q6o45LZStS3k8iO7s2P6u7OrKFu5alplshZuGgeRKmk=,tag:NcLJrI9AK4eDroODX15lcA==,type:str]
 local_private_env: ENC[AES256_GCM,data:qOPXTS2uo/1jyVEKCtBvuK/dzZaPf1K5tHuSVF2hBg4fdPYIsDPkM108cGVxJviebB3xVZejn/JVOdUDXQj6,iv:TtyMTOJXaPUrbSaAdtMaGPBlwLl/Y/IBYVCzhhiZozY=,tag:hUyVL8xk3w1iMwNAZw5QUw==,type:str]
+nextcloud_admin_pass: ENC[AES256_GCM,data:KztB3Tkqlt73PEO41lthGYElrbwVdfqQgT6f,iv:kRwXqGJO4AUOMq+uYzndGhscaJiyvG4ANKabHHd78YM=,tag:dP3PgKafDTv8x7huKJGDqA==,type:str]
 psitransfer_dot_env: ENC[AES256_GCM,data:bhvU0AOCjecZ62BtLw4H1DdkLeatI+uUl6L7UkdDRkBF3sayO45Z1eR4q60tflXucyTGhT8WgKFz53I+C2dn265wzojIRc3Xr4TBLyWpfJ7/dct40SckgUiRvOnrefiriWQ=,iv:DGMhDkzgeupzzTJnCdVWDPUSo2wxI3MAypKQwVfHExE=,tag:KbteGqrkqgj2XB1lvlk/yQ==,type:str]
 sops:
     kms: []
@@ -17,8 +18,8 @@ sops:
             bHZlNTZDV2NYU1hQQy9mem80SFF6TFkKfmjkJBfTdh0vTtGaVx1t3tHJvSsAwdYD
             PF025X9U+yG2oIopwXEVBkxcD70eyuJn3OqH0xoVLBkbhNM9i8LHrA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-04-12T12:45:07Z"
+    lastmodified: "2024-06-30T17:57:48Z"
-    mac: ENC[AES256_GCM,data:SdLYmMEPe3UilHiSifRvLYFd9gJR7KlmcaGtkKB5X+Xj94KMALsfrU0NsRmrlMr5XGYSwhBIaJrgz9RPFUu5VmG1Lli2K8D8QNyc/qSr7AHTWU9uBFfmFJEau0VyD6oFmi/nJPObwJlTfoUn5H7BU0jCFjNnsf1BYHXS8Qafh4Y=,iv:vEwboA3iz/6tHpWh5ZQhkok9ZAOGXf1WHI+6VrR4fnA=,tag:lfTIRhg99Vs57hFQE/n84g==,type:str]
+    mac: ENC[AES256_GCM,data:FqpNhClCyAjZvxt0bXOULwr9GqpR+vMg7l0wTdqGUllGUffsb/IO2rnP3J8KNhsnVVyHWndYwVTv3u7lzkKfgSIFJ1Qi5q05w6Hy1fPkPw5ycxz7H1Tq0Ck1mOmkQfM459+lue4QJAqPI0OOBZ/15MB2NH3++7rdltmBwlsRfSI=,iv:9mMKldTd5zhZX7iX/M2MRzHq7fbVPzRIbiMFLdjTowY=,tag:zKUsu9k72E+hmQ0TFC4cbw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1