From a4a41b4d48f8052be9c0be79e2fb2ae6fa3e58f6 Mon Sep 17 00:00:00 2001
From: Gene Liverman <gene@technicalissues.us>
Date: Wed, 21 May 2025 00:34:42 -0400
Subject: [PATCH] Setup Nextcloud for our pack

---
 .../hetznix01/hardware-configuration.nix      | 10 ++++
 .../nixos/hetznix01/post-install/default.nix  | 50 ++++++++++++++++++-
 .../nixos/hetznix01/post-install/nginx.nix    |  5 ++
 modules/hosts/nixos/hetznix01/secrets.yaml    |  7 +--
 4 files changed, 68 insertions(+), 4 deletions(-)

diff --git a/modules/hosts/nixos/hetznix01/hardware-configuration.nix b/modules/hosts/nixos/hetznix01/hardware-configuration.nix
index c2cbb3b..67a3557 100644
--- a/modules/hosts/nixos/hetznix01/hardware-configuration.nix
+++ b/modules/hosts/nixos/hetznix01/hardware-configuration.nix
@@ -13,6 +13,16 @@
   boot.kernelModules = [ ];
   boot.extraModulePackages = [ ];
 
+  fileSystems."pack1828" = {
+    device = "/dev/disk/by-id/scsi-0HC_Volume_102600992";
+    fsType = "ext4";
+    options = [
+      "discard"
+      "nofail"
+      "defaults"
+    ];
+  };
+
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }
 
diff --git a/modules/hosts/nixos/hetznix01/post-install/default.nix b/modules/hosts/nixos/hetznix01/post-install/default.nix
index 57430f2..74cf303 100644
--- a/modules/hosts/nixos/hetznix01/post-install/default.nix
+++ b/modules/hosts/nixos/hetznix01/post-install/default.nix
@@ -1,4 +1,4 @@
-{ config, username, ... }: let
+{ config, pkgs, username, ... }: let
   domain = "technicalissues.us";
 in {
   imports = [
@@ -31,6 +31,53 @@ in {
   };
 
   services = {
+    nextcloud = {
+      enable = true;
+      hostName = "cloud.pack1828.org";
+      package = pkgs.nextcloud31; # Need to manually increment with every major upgrade.
+      appstoreEnable = true;
+      autoUpdateApps.enable = true;
+      config = {
+        adminuser = username;
+        adminpassFile = config.sops.secrets.nextcloud_admin_pass.path;
+        dbtype = "pgsql";
+      };
+      configureRedis = true;
+      database.createLocally = true;
+      #extraApps = with config.services.nextcloud.package.packages.apps; {
+      #  # List of apps we want to install and are already packaged in
+      #  # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
+      #  inherit calendar contacts cookbook maps notes tasks;
+      #};
+      #extraAppsEnable = true;
+      home = "/pack1828/nextcloud";
+      https = true;
+      maxUploadSize = "3G"; # Increase the PHP maximum file upload size
+      phpOptions."opcache.interned_strings_buffer" = "16"; # Suggested by Nextcloud's health check.
+      settings = {
+        default_phone_region = "US";
+        # https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#enabledpreviewproviders
+        enabledPreviewProviders = [
+          "OC\\Preview\\BMP"
+          "OC\\Preview\\GIF"
+          "OC\\Preview\\JPEG"
+          "OC\\Preview\\Krita"
+          "OC\\Preview\\MarkDown"
+          "OC\\Preview\\MP3"
+          "OC\\Preview\\OpenDocument"
+          "OC\\Preview\\PNG"
+          "OC\\Preview\\TXT"
+          "OC\\Preview\\XBitmap"
+
+          "OC\\Preview\\HEIC"
+          "OC\\Preview\\Movie"
+        ];
+        log_type = "file";
+        maintenance_window_start = 5;
+        overwriteProtocol = "https";
+        "profile.enabled" = true;
+      };
+    };
     plausible = {
       enable = true;
       adminUser = {
@@ -93,6 +140,7 @@ in {
       };
       matrix_homeserver_signing_key.owner = config.users.users.matrix-synapse.name;
       mqtt_recorder_pass.restartUnits = ["mosquitto.service"];
+      nextcloud_admin_pass.owner = config.users.users.nextcloud.name;
       owntracks_basic_auth = {
         owner = config.users.users.nginx.name;
         restartUnits = ["nginx.service"];
diff --git a/modules/hosts/nixos/hetznix01/post-install/nginx.nix b/modules/hosts/nixos/hetznix01/post-install/nginx.nix
index 40083e9..b52d6d7 100644
--- a/modules/hosts/nixos/hetznix01/post-install/nginx.nix
+++ b/modules/hosts/nixos/hetznix01/post-install/nginx.nix
@@ -99,6 +99,11 @@ in {
           proxyWebsockets = true;
         };
       };
+      "cloud.pack1828.org" = {
+        enableACME = true;
+        acmeRoot = null;
+        forceSSL = true;
+      };
       "location.${domain}" = {
         enableACME = true;
         acmeRoot = null;
diff --git a/modules/hosts/nixos/hetznix01/secrets.yaml b/modules/hosts/nixos/hetznix01/secrets.yaml
index c5f194c..a640089 100644
--- a/modules/hosts/nixos/hetznix01/secrets.yaml
+++ b/modules/hosts/nixos/hetznix01/secrets.yaml
@@ -3,6 +3,7 @@ local_private_env: ENC[AES256_GCM,data:OFcCaE9/hpd6JIoUTTxg0pEFL3rkUE3G+JzP/wjFX
 matrix_secrets_yaml: ENC[AES256_GCM,data:6DLtAZIYBlL7iQVS/FBeUEhHyAOFZ5JRNqFBqi59GVh7cP0Hp8RBWxKpWAH2eUPYqUqUGCKrSSH3sJqzV+vasSR62tcltV7+13+q+rZVCZNCEf21EwQ5aaxgR3yG4n3YUPqLsCQB6UnWn0tF5HO0ofjYkya0pQ/nX9TBiiqIcPcd4NovbTtf+S0G0VptqyXAuRvJoKCx42ft9IBfV9tF1QsXLemKYlI10hN5l/MgJHwVbwH5xXR2kLKvnlpAyIoST/uJhswQV9DyK9cnl09ZM9ztcXhveBzv6uDW+pme8lFL99SMtMJcbSzxYW/pt+GJgYd1NiaoPbayWM72jdpH0hf2zWchxnIJIyL3H6EzIjD8BE9GnMP7ujQwBZGNZITRSg==,iv:cDtuOhv2v6CZcwiMM3oqjmajIl7D8Im+LkfarcjTM/w=,tag:e7zRQBYslJqESOGN3c4/aw==,type:str]
 matrix_homeserver_signing_key: ENC[AES256_GCM,data:+RflNxFfS2w9LbavT7YnCQIhJWI49kN7pOa9/dH0BpDWxKQaLE4ZYBYq0ikAgcHaF3+rBL3f6KxUacw=,iv:6+nZzuxBUwjM74XHCD89YWfyuMRcoIwQlHLiNN4NWdc=,tag:91yigynRz6QdEd4rF7d/9g==,type:str]
 mqtt_recorder_pass: ENC[AES256_GCM,data:N44nv2mk5zguWXNHdKsxhoKUjiduD1hzsAb6,iv:aLudKuUBTPXgtAF33exELH/PESD0CqoDaydeqdhcmbA=,tag:3lhrqO8jxJiRHWZjWSRa0g==,type:str]
+nextcloud_admin_pass: ENC[AES256_GCM,data:dite1z9lAQg4geuoDvXnveJP0iI/ouEe,iv:VT17WjQdS8T1qIxwyjdLy2VNpP5tv7KXhY+twpotiaQ=,tag:5DQLvRI87BamUutSUnvncA==,type:str]
 owntracks_basic_auth: ENC[AES256_GCM,data:GX1U1uf7+erE+g9GzhXK5ED2QicfcbpRCwpJDw6Zr9X2FtdMYleH5mhLxw==,iv:PflRq+P50+oFf4wv5wwlY6V9bApGuJ3tlYTvJZ5mg0E=,tag:VHBY5qv7rX74DGURsYaWpw==,type:str]
 plausible_admin_pass: ENC[AES256_GCM,data:nMGHMTp3YsDGP3YA9qmZqRCBA5BonS7SaLo=,iv:gN9qu+35DHiJVKh8vHF6KAwrFqgfdNNCC0+q3L/mBGg=,tag:XKlzT4Bp9IIKTSAmjDhd1Q==,type:str]
 plausible_secret_key_base: ENC[AES256_GCM,data:6Co3VO9Ocmd6cppRpm763jjpRE9yCb75FnrrvCD5XtQPoq6c7ZnCPfSPzWF7jOv6e0g+ghao015myEe3pmNlPcx55KE4LpPwNGHdGbFHmNsGiIDrDUC3Hw==,iv:0FXSF//7FAGrQKiMOfHFoWE539MzCnz7xUTHxxatTCI=,tag:cKMFwyLYScKVM3v+6hvwzg==,type:str]
@@ -22,8 +23,8 @@ sops:
             WkI4ejBaODI0d0tjWHpTT3VWTXNyaXcKMDtvHN4gcZqBNslyC+NwYW05zgs8QuPV
             W6EktAz+xu6kx5BJbli5GkUFmj52AtEGIqZ1Sr4a0pKQACC87XcTQA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-29T04:40:44Z"
-    mac: ENC[AES256_GCM,data:94kylK+CFinvS2tjvu9vIanSjyVGkzu4IfDWvXvzxazR2U61IXuuaykPF3iDFKA9bC2cV4symPLmx7hAHFdN87mycOvkprUQzJTXORLdPjW90piaMvlETOH/lrjDq7R0TeIFfwj1hOrj0HrCg8tR6g49agl8uO/HoZQUtarZAf0=,iv:azMsvPUrR95r+dEWlBFilTdh+Zx26FNVcECX315njkI=,tag:DFZSHW3zq7ZD2KliTjL31A==,type:str]
+    lastmodified: "2025-05-21T02:47:26Z"
+    mac: ENC[AES256_GCM,data:j8SrPIwZCVS+YrJOZt/S/UfiYKMFEYdjy5aNlJbmq+wK6OBoyRnOsuIbD+lSERhru47k4sSd+3g6r+ygSuF9vXz+sqvuizkqLM39k0+zz771UaBiYTy/06mwIBsHVh99TskWH2ByKSQ47vyzkLPi26YAUmom6omX4Asplizhu9w=,iv:6ryKJnRJXlW6cyBj+Aseno636dAWESG8ImFL3KwKApM=,tag:KymKRDQv0kfzJdv/0xvDHQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.9.4