systems/eldiron/websites/cloud/default.nix

   1 { lib, pkgs, config,  ... }:
   2 let
   3   ncfg = config.myServices.tools.cloud.farm.instances.immae;
   4   env = config.myEnv.tools.nextcloud;
   5   cfg = config.myServices.websites.tools.cloud;
   6 in {
   7   options.myServices.websites.tools.cloud = {
   8     enable = lib.mkEnableOption "enable cloud website";
   9   };
  10
  11   config = lib.mkIf cfg.enable {
  12     myServices.dns.zones."immae.eu".subdomains.cloud =
  13       with config.myServices.dns.helpers; ips servers.eldiron.ips.main;
  14
  15     myServices.chatonsProperties.hostings.nextcloud = {
  16       file.datetime = "2022-08-21T19:50:00";
  17       hosting = {
  18         name = "Nextcloud";
  19         description = "The self-hosted productivity platform that keeps you in control";
  20         website = "https://cloud.immae.eu/";
  21         logo = "https://cloud.immae.eu/core/img/favicon.ico";
  22         type = "INSTANCE";
  23         status.level = "OK";
  24         status.description = "OK";
  25         registration.load = "OPEN";
  26         install.type = "PACKAGE";
  27       };
  28     };
  29     myServices.chatonsProperties.services.nextcloud = {
  30       file.datetime = "2022-08-21T19:50:00";
  31       service = {
  32         name = "Nextcloud";
  33         description = "The self-hosted productivity platform that keeps you in control";
  34         website = "https://cloud.immae.eu/";
  35         logo = "https://cloud.immae.eu/core/img/favicon.ico";
  36         status.level = "OK";
  37         status.description = "OK";
  38         registration."" = ["MEMBER" "CLIENT"];
  39         registration.load = "OPEN";
  40         install.type = "PACKAGE";
  41         guide.user = "https://www.immae.eu/docs/nextcloud.html";
  42       };
  43       software = {
  44         name = "Nextcloud";
  45         website = "https://nextcloud.com/";
  46         license.url = "https://github.com/nextcloud/server/blob/master/COPYING";
  47         license.name = "GNU Affero General Public License v3.0";
  48         version = ncfg.rootDir.version;
  49         source.url = "https://github.com/nextcloud/server";
  50         modules = map (a: a.appName) ncfg.rootDir.apps;
  51       };
  52     };
  53
  54     myServices.tools.cloud.farm.instances.immae = {
  55       nextcloud = pkgs.webapps-nextcloud_27.override ({
  56         # Allow /index.php redirects
  57         postInstall = ''
  58           cd $out
  59           ${pkgs.php81}/bin/php ${./add-htaccess.php} /
  60         '';
  61       });
  62       apps = a: [
  63         a.side_menu a.audioplayer a.bookmarks a.calendar a.carnet a.contacts
  64         a.cookbook a.deck a.extract a.files_markdown a.files_mindmap
  65         a.gpxpod a.keeweb a.maps a.metadata a.music
  66         a.notes a.passman a.polls a.spreed a.tasks
  67       ];
  68       varDir = "/var/lib/nextcloud";
  69       secretsPath = "webapps/tools-nextcloud";
  70       phpPackage = pkgs.php81;
  71       # Be careful when editing that: config from here takes
  72       # precedence over the regular one, but if a key got removed, it my
  73       # still exist in the default config file
  74       config = let
  75         env = config.myEnv.tools.nextcloud;
  76       in {
  77         "dbtype" = "pgsql";
  78         "dbname" = env.postgresql.database;
  79         "dbhost" = env.postgresql.socket;
  80         "dbport" = "";
  81         "dbtableprefix" = "oc_";
  82         "dbuser" = env.postgresql.user;
  83         "dbpassword" = env.postgresql.password;
  84
  85         "instanceid" = env.instance_id;
  86         "passwordsalt" = env.password_salt;
  87         "secret" = env.secret;
  88
  89         "trusted_domains" = [ "cloud.immae.eu" ];
  90         "overwrite.cli.url" = "https://cloud.immae.eu";
  91
  92         "lost_password_link" = "disabled";
  93
  94         "remember_login_cookie_lifetime" = 60*60*24*30;
  95         "session_keepalive" = true;
  96         "session_lifefime" = 60*60*24*30;
  97
  98         "maxZipInputSize" = 0;
  99         "allowZipDownload" = true;
 100
 101         # set by Carnet
 102         "has_rebuilt_cache" = true;
 103
 104         "memcache.distributed" = "\\OC\\Memcache\\Redis";
 105         "memcache.locking" = "\\OC\\Memcache\\Redis";
 106         "filelocking.enabled" = true;
 107         "redis" = {
 108           "host" = env.redis.socket;
 109           "port" = 0;
 110           "dbindex" = env.redis.db;
 111         };
 112
 113         "ldapIgnoreNamingRules" = false;
 114         "ldapProviderFactory" = "\\OCA\\User_LDAP\\LDAPProviderFactory";
 115
 116         "mail_smtpmode" = "sendmail";
 117         "mail_smtphost" = "127.0.0.1";
 118         "mail_smtpname" = "";
 119         "mail_smtppassword" = "";
 120         "mail_from_address" = "nextcloud";
 121         "mail_smtpauth" = false;
 122         "mail_domain" = "tools.immae.eu";
 123       };
 124     };
 125     services.websites.env.tools.modules = [ "proxy_fcgi" ];
 126
 127     security.acme.certs.eldiron.extraDomainNames = [ "cloud.immae.eu" ];
 128     services.websites.env.tools.vhostConfs.cloud = {
 129       certName    = "eldiron";
 130       hosts       = ["cloud.immae.eu" ];
 131       root        = ncfg.rootDir;
 132       extraConfig = [
 133         ncfg.vhost
 134       ];
 135     };
 136
 137     myServices.monitoring.fromMasterActivatedPlugins = [ "http" ];
 138     myServices.monitoring.fromMasterObjects.service = [
 139       {
 140         service_description = "owncloud website is running on cloud.immae.eu";
 141         host_name = config.hostEnv.fqdn;
 142         use = "external-web-service";
 143         check_command = ["check_https" "cloud.immae.eu" "/" "a safe home for all your data"];
 144
 145         servicegroups = "webstatus-webapps";
 146         _webstatus_name = "Nextcloud";
 147         _webstatus_url = "https://cloud.immae.eu";
 148       }
 149     ];
 150   };
 151 }