diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 01:35:06 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 02:11:48 +0200 |
commit | 1a64deeb894dc95e2645a75771732c6cc53a79ad (patch) | |
tree | 1b9df4838f894577a09b9b260151756272efeb53 /systems/eldiron/websites/cloud/default.nix | |
parent | fa25ffd4583cc362075cd5e1b4130f33306103f0 (diff) | |
download | Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip |
Squash changes containing private information
There were a lot of changes since the previous commit, but a lot of them
contained personnal information about users. All thos changes got
stashed into a single commit (history is kept in a different place) and
private information was moved in a separate private repository
Diffstat (limited to 'systems/eldiron/websites/cloud/default.nix')
-rw-r--r-- | systems/eldiron/websites/cloud/default.nix | 151 |
1 files changed, 151 insertions, 0 deletions
diff --git a/systems/eldiron/websites/cloud/default.nix b/systems/eldiron/websites/cloud/default.nix new file mode 100644 index 0000000..e1df883 --- /dev/null +++ b/systems/eldiron/websites/cloud/default.nix | |||
@@ -0,0 +1,151 @@ | |||
1 | { lib, pkgs, config, ... }: | ||
2 | let | ||
3 | ncfg = config.myServices.tools.cloud.farm.instances.immae; | ||
4 | env = config.myEnv.tools.nextcloud; | ||
5 | cfg = config.myServices.websites.tools.cloud; | ||
6 | in { | ||
7 | options.myServices.websites.tools.cloud = { | ||
8 | enable = lib.mkEnableOption "enable cloud website"; | ||
9 | }; | ||
10 | |||
11 | config = lib.mkIf cfg.enable { | ||
12 | myServices.dns.zones."immae.eu".subdomains.cloud = | ||
13 | with config.myServices.dns.helpers; ips servers.eldiron.ips.main; | ||
14 | |||
15 | myServices.chatonsProperties.hostings.nextcloud = { | ||
16 | file.datetime = "2022-08-21T19:50:00"; | ||
17 | hosting = { | ||
18 | name = "Nextcloud"; | ||
19 | description = "The self-hosted productivity platform that keeps you in control"; | ||
20 | website = "https://cloud.immae.eu/"; | ||
21 | logo = "https://cloud.immae.eu/core/img/favicon.ico"; | ||
22 | type = "INSTANCE"; | ||
23 | status.level = "OK"; | ||
24 | status.description = "OK"; | ||
25 | registration.load = "OPEN"; | ||
26 | install.type = "PACKAGE"; | ||
27 | }; | ||
28 | }; | ||
29 | myServices.chatonsProperties.services.nextcloud = { | ||
30 | file.datetime = "2022-08-21T19:50:00"; | ||
31 | service = { | ||
32 | name = "Nextcloud"; | ||
33 | description = "The self-hosted productivity platform that keeps you in control"; | ||
34 | website = "https://cloud.immae.eu/"; | ||
35 | logo = "https://cloud.immae.eu/core/img/favicon.ico"; | ||
36 | status.level = "OK"; | ||
37 | status.description = "OK"; | ||
38 | registration."" = ["MEMBER" "CLIENT"]; | ||
39 | registration.load = "OPEN"; | ||
40 | install.type = "PACKAGE"; | ||
41 | guide.user = "https://www.immae.eu/docs/nextcloud.html"; | ||
42 | }; | ||
43 | software = { | ||
44 | name = "Nextcloud"; | ||
45 | website = "https://nextcloud.com/"; | ||
46 | license.url = "https://github.com/nextcloud/server/blob/master/COPYING"; | ||
47 | license.name = "GNU Affero General Public License v3.0"; | ||
48 | version = ncfg.rootDir.version; | ||
49 | source.url = "https://github.com/nextcloud/server"; | ||
50 | modules = map (a: a.appName) ncfg.rootDir.apps; | ||
51 | }; | ||
52 | }; | ||
53 | |||
54 | myServices.tools.cloud.farm.instances.immae = { | ||
55 | nextcloud = pkgs.webapps-nextcloud_27.override ({ | ||
56 | # Allow /index.php redirects | ||
57 | postInstall = '' | ||
58 | cd $out | ||
59 | ${pkgs.php81}/bin/php ${./add-htaccess.php} / | ||
60 | ''; | ||
61 | }); | ||
62 | apps = a: [ | ||
63 | a.side_menu a.audioplayer a.bookmarks a.calendar a.carnet a.contacts | ||
64 | a.cookbook a.deck a.extract a.files_markdown a.files_mindmap | ||
65 | a.gpxpod a.keeweb a.maps a.metadata a.music | ||
66 | a.notes a.passman a.polls a.spreed a.tasks | ||
67 | ]; | ||
68 | varDir = "/var/lib/nextcloud"; | ||
69 | secretsPath = "webapps/tools-nextcloud"; | ||
70 | phpPackage = pkgs.php81; | ||
71 | # Be careful when editing that: config from here takes | ||
72 | # precedence over the regular one, but if a key got removed, it my | ||
73 | # still exist in the default config file | ||
74 | config = let | ||
75 | env = config.myEnv.tools.nextcloud; | ||
76 | in { | ||
77 | "dbtype" = "pgsql"; | ||
78 | "dbname" = env.postgresql.database; | ||
79 | "dbhost" = env.postgresql.socket; | ||
80 | "dbport" = ""; | ||
81 | "dbtableprefix" = "oc_"; | ||
82 | "dbuser" = env.postgresql.user; | ||
83 | "dbpassword" = env.postgresql.password; | ||
84 | |||
85 | "instanceid" = env.instance_id; | ||
86 | "passwordsalt" = env.password_salt; | ||
87 | "secret" = env.secret; | ||
88 | |||
89 | "trusted_domains" = [ "cloud.immae.eu" ]; | ||
90 | "overwrite.cli.url" = "https://cloud.immae.eu"; | ||
91 | |||
92 | "lost_password_link" = "disabled"; | ||
93 | |||
94 | "remember_login_cookie_lifetime" = 60*60*24*30; | ||
95 | "session_keepalive" = true; | ||
96 | "session_lifefime" = 60*60*24*30; | ||
97 | |||
98 | "maxZipInputSize" = 0; | ||
99 | "allowZipDownload" = true; | ||
100 | |||
101 | # set by Carnet | ||
102 | "has_rebuilt_cache" = true; | ||
103 | |||
104 | "memcache.distributed" = "\\OC\\Memcache\\Redis"; | ||
105 | "memcache.locking" = "\\OC\\Memcache\\Redis"; | ||
106 | "filelocking.enabled" = true; | ||
107 | "redis" = { | ||
108 | "host" = env.redis.socket; | ||
109 | "port" = 0; | ||
110 | "dbindex" = env.redis.db; | ||
111 | }; | ||
112 | |||
113 | "ldapIgnoreNamingRules" = false; | ||
114 | "ldapProviderFactory" = "\\OCA\\User_LDAP\\LDAPProviderFactory"; | ||
115 | |||
116 | "mail_smtpmode" = "sendmail"; | ||
117 | "mail_smtphost" = "127.0.0.1"; | ||
118 | "mail_smtpname" = ""; | ||
119 | "mail_smtppassword" = ""; | ||
120 | "mail_from_address" = "nextcloud"; | ||
121 | "mail_smtpauth" = false; | ||
122 | "mail_domain" = "tools.immae.eu"; | ||
123 | }; | ||
124 | }; | ||
125 | services.websites.env.tools.modules = [ "proxy_fcgi" ]; | ||
126 | |||
127 | security.acme.certs.eldiron.extraDomainNames = [ "cloud.immae.eu" ]; | ||
128 | services.websites.env.tools.vhostConfs.cloud = { | ||
129 | certName = "eldiron"; | ||
130 | hosts = ["cloud.immae.eu" ]; | ||
131 | root = ncfg.rootDir; | ||
132 | extraConfig = [ | ||
133 | ncfg.vhost | ||
134 | ]; | ||
135 | }; | ||
136 | |||
137 | myServices.monitoring.fromMasterActivatedPlugins = [ "http" ]; | ||
138 | myServices.monitoring.fromMasterObjects.service = [ | ||
139 | { | ||
140 | service_description = "owncloud website is running on cloud.immae.eu"; | ||
141 | host_name = config.hostEnv.fqdn; | ||
142 | use = "external-web-service"; | ||
143 | check_command = ["check_https" "cloud.immae.eu" "/" "a safe home for all your data"]; | ||
144 | |||
145 | servicegroups = "webstatus-webapps"; | ||
146 | _webstatus_name = "Nextcloud"; | ||
147 | _webstatus_url = "https://cloud.immae.eu"; | ||
148 | } | ||
149 | ]; | ||
150 | }; | ||
151 | } | ||