Setting up Nextcloud

2026-03-27 09:27:44 -04:00 · 2024-07-01 10:37:02 -04:00 · 2024-07-01 10:37:02 -04:00 · ed741faf7f
commit ed741faf7f
parent d1e94f60c3
3 changed files with 102 additions and 9 deletions
--- a/flake.nix
+++ b/flake.nix
@ -207,7 +207,9 @@
        system = "x86_64-linux";
        hostname = "nixnuc";
        username = "gene";
-        additionalModules = [];
+        additionalModules = [
+          simple-nixos-mailserver.nixosModule
+        ];
        additionalSpecialArgs = {};
      };
      rainbow-planet = nixosHostConfig {
--- a/modules/hosts/nixos/nixnuc/default.nix
+++ b/modules/hosts/nixos/nixnuc/default.nix
@ -53,6 +53,24 @@ in {
    ];
  };
  
+  mailserver = {
+    enable = true;
+    enableImap = false;
+    enableImapSsl = false;
+    fqdn = "mail.${home_domain}";
+    domains = [
+      home_domain
+    ];
+    forwards = {
+      "${username}@localhost" = "${username}@technicalissues.us";
+      "root@localhost" = "root@technicalissues.us";
+      "root@${config.networking.hostName}" = "root@technicalissues.us";
+    };
+
+    # Use Let's Encrypt certificates from Nginx
+    certificateScheme = "acme";
+  };
+
  networking = {
    # Open ports in the firewall.
    firewall.allowedTCPPorts = [
@ -138,6 +156,53 @@ in {
      openFirewall = true;
    };
    lldpd.enable = true;
+    nextcloud = {
+      enable = true;
+      hostName = "nextcloud.home.technicalissues.us";
+      package = pkgs.nextcloud29; # Need to manually increment with every major upgrade.
+      appstoreEnable = true;
+      autoUpdateApps.enable = true;
+      config = {
+        adminuser = username;
+        adminpassFile = config.sops.secrets.nextcloud_admin_pass.path;
+        dbtype = "pgsql";
+      };
+      configureRedis = true;
+      database.createLocally = true;
+      #extraApps = with config.services.nextcloud.package.packages.apps; {
+      #  # List of apps we want to install and are already packaged in
+      #  # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
+      #  inherit calendar contacts cookbook maps notes tasks;
+      #};
+      #extraAppsEnable = true;
+      home = "/orico/nextcloud";
+      https = true;
+      maxUploadSize = "100G"; # Increase the PHP maximum file upload size
+      phpOptions."opcache.interned_strings_buffer" = "16"; # Suggested by Nextcloud's health check.
+      settings = {
+        default_phone_region = "US";
+        # https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#enabledpreviewproviders
+        enabledPreviewProviders = [
+          "OC\\Preview\\BMP"
+          "OC\\Preview\\GIF"
+          "OC\\Preview\\JPEG"
+          "OC\\Preview\\Krita"
+          "OC\\Preview\\MarkDown"
+          "OC\\Preview\\MP3"
+          "OC\\Preview\\OpenDocument"
+          "OC\\Preview\\PNG"
+          "OC\\Preview\\TXT"
+          "OC\\Preview\\XBitmap"
+
+          "OC\\Preview\\HEIC"
+          "OC\\Preview\\Movie"
+        ];
+        log_type = "file";
+        maintenance_window_start = 5;
+        overwriteProtocol = "https";
+        "profile.enabled" = true;
+      };
+    };
    nginx = {
      enable = true;
      recommendedGzipSettings = true;
@ -183,15 +248,16 @@ in {

        "${home_domain}" = {
          default = true;
-          serverAliases = [ "nix-tester.${home_domain}" ];
+          serverAliases = [
+            "mail.${home_domain}"
+            "nix-tester.${home_domain}"
+          ];
          listen = [
-            { port = http_port; addr = "0.0.0.0"; }
            { port = https_port; addr = "0.0.0.0"; ssl = true; }
          ];
          enableACME = true;
          acmeRoot = null;
-          addSSL = true;
-          forceSSL = false;
+          forceSSL = true;
          locations."/" = {
            return = "200 '<h1>Hello world ;)</h1>'";
            extraConfig = ''
@ -237,6 +303,11 @@ in {
            proxy_max_temp_file_size 0;
          '';
        };
+        "nextcloud.${home_domain}" = {
+          enableACME = true;
+          acmeRoot = null;
+          forceSSL = true;
+        };
        "onlyoffice.${home_domain}" = {
          listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
          enableACME = true;
@ -261,12 +332,23 @@ in {
        };
      };
    };
+    postgresql = {
+      enable = true;
+      package = pkgs.postgresql_16;
+    };
+    postgresqlBackup = {
+      enable = true;
+      backupAll = true;
+      startAt = "*-*-* 23:00:00";
+    };
    resolved.enable = true;
    restic.backups.daily.paths = [
-      "/orico/jellyfin/data"
-      "/orico/jellyfin/staging/downloaded-files"
+      config.services.nextcloud.home
      "${config.users.users.${username}.home}/compose-files/tandoor"
      "${config.users.users.${username}.home}/compose-files/wallabag"
+      "/orico/jellyfin/data"
+      "/orico/jellyfin/staging/downloaded-files"
+      "/var/backup/postgresql"
    ];
    zfs.autoScrub.enable = true;
  };
@ -283,6 +365,14 @@ in {
        owner = "${username}";
        path = "/home/${username}/.private-env";
      };
+      nextcloud_admin_pass.owner = config.users.users.nextcloud.name;
+    };
+  };
+
+  systemd.services = {
+    "nextcloud-setup" = {
+      requires = ["postgresql.service"];
+      after = ["postgresql.service"];
    };
  };

--- a/modules/hosts/nixos/nixnuc/secrets.yaml
+++ b/modules/hosts/nixos/nixnuc/secrets.yaml
@ -1,6 +1,7 @@
 tailscale_key: ENC[AES256_GCM,data:aB3KUD4QYm+ZDrjjLcU3gQ8kneVGkVYBsrkVcioOhxunal2FekLDrpKxJwNXuiwx2M5vipnGAEPO,iv:e+tPPfVYkv4U0KRGwspWb1O3ZQom/WFFGm9H9cd/KKE=,tag:ZG5z1C18bj1L7DcGzunQ0w==,type:str]
 local_git_config: ENC[AES256_GCM,data:Nqwog5C4wnRzNoS4oqaYQ4J1DIj7fUL1y/nXESquR0N7KQ+ebhvuJnM=,iv:Q6o45LZStS3k8iO7s2P6u7OrKFu5alplshZuGgeRKmk=,tag:NcLJrI9AK4eDroODX15lcA==,type:str]
 local_private_env: ENC[AES256_GCM,data:qOPXTS2uo/1jyVEKCtBvuK/dzZaPf1K5tHuSVF2hBg4fdPYIsDPkM108cGVxJviebB3xVZejn/JVOdUDXQj6,iv:TtyMTOJXaPUrbSaAdtMaGPBlwLl/Y/IBYVCzhhiZozY=,tag:hUyVL8xk3w1iMwNAZw5QUw==,type:str]
+nextcloud_admin_pass: ENC[AES256_GCM,data:KztB3Tkqlt73PEO41lthGYElrbwVdfqQgT6f,iv:kRwXqGJO4AUOMq+uYzndGhscaJiyvG4ANKabHHd78YM=,tag:dP3PgKafDTv8x7huKJGDqA==,type:str]
 psitransfer_dot_env: ENC[AES256_GCM,data:bhvU0AOCjecZ62BtLw4H1DdkLeatI+uUl6L7UkdDRkBF3sayO45Z1eR4q60tflXucyTGhT8WgKFz53I+C2dn265wzojIRc3Xr4TBLyWpfJ7/dct40SckgUiRvOnrefiriWQ=,iv:DGMhDkzgeupzzTJnCdVWDPUSo2wxI3MAypKQwVfHExE=,tag:KbteGqrkqgj2XB1lvlk/yQ==,type:str]
 sops:
    kms: []
@ -17,8 +18,8 @@ sops:
            bHZlNTZDV2NYU1hQQy9mem80SFF6TFkKfmjkJBfTdh0vTtGaVx1t3tHJvSsAwdYD
            PF025X9U+yG2oIopwXEVBkxcD70eyuJn3OqH0xoVLBkbhNM9i8LHrA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-04-12T12:45:07Z"
-    mac: ENC[AES256_GCM,data:SdLYmMEPe3UilHiSifRvLYFd9gJR7KlmcaGtkKB5X+Xj94KMALsfrU0NsRmrlMr5XGYSwhBIaJrgz9RPFUu5VmG1Lli2K8D8QNyc/qSr7AHTWU9uBFfmFJEau0VyD6oFmi/nJPObwJlTfoUn5H7BU0jCFjNnsf1BYHXS8Qafh4Y=,iv:vEwboA3iz/6tHpWh5ZQhkok9ZAOGXf1WHI+6VrR4fnA=,tag:lfTIRhg99Vs57hFQE/n84g==,type:str]
+    lastmodified: "2024-06-30T17:57:48Z"
+    mac: ENC[AES256_GCM,data:FqpNhClCyAjZvxt0bXOULwr9GqpR+vMg7l0wTdqGUllGUffsb/IO2rnP3J8KNhsnVVyHWndYwVTv3u7lzkKfgSIFJ1Qi5q05w6Hy1fPkPw5ycxz7H1Tq0Ck1mOmkQfM459+lue4QJAqPI0OOBZ/15MB2NH3++7rdltmBwlsRfSI=,iv:9mMKldTd5zhZX7iX/M2MRzHq7fbVPzRIbiMFLdjTowY=,tag:zKUsu9k72E+hmQ0TFC4cbw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1