diff options
Diffstat (limited to 'modules/private/system/quatresaisons/nextcloud.nix')
-rw-r--r-- | modules/private/system/quatresaisons/nextcloud.nix | 141 |
1 files changed, 0 insertions, 141 deletions
diff --git a/modules/private/system/quatresaisons/nextcloud.nix b/modules/private/system/quatresaisons/nextcloud.nix deleted file mode 100644 index 89d69d5..0000000 --- a/modules/private/system/quatresaisons/nextcloud.nix +++ /dev/null | |||
@@ -1,141 +0,0 @@ | |||
1 | { lib, pkgs, config, ... }: | ||
2 | let | ||
3 | nextcloud = pkgs.webapps.nextcloud.withApps (a: [ | ||
4 | a.apporder a.audioplayer a.bookmarks a.calendar a.carnet a.circles | ||
5 | a.contacts a.cookbook a.deck a.extract a.files_markdown | ||
6 | a.files_readmemd a.flowupload a.gpxedit a.gpxpod a.keeweb a.maps | ||
7 | a.metadata a.music a.notes a.ocsms a.passman a.polls a.spreed | ||
8 | a.social a.tasks | ||
9 | ]); | ||
10 | varDir = "/var/lib/nextcloud"; | ||
11 | phpFpm = rec { | ||
12 | basedir = builtins.concatStringsSep ":" ([ nextcloud varDir ] ++ nextcloud.apps); | ||
13 | pool = { | ||
14 | "listen.owner" = "wwwrun"; | ||
15 | "listen.group" = "wwwrun"; | ||
16 | "pm" = "ondemand"; | ||
17 | "pm.max_children" = "60"; | ||
18 | "pm.process_idle_timeout" = "60"; | ||
19 | |||
20 | "php_admin_value[output_buffering]" = "0"; | ||
21 | "php_admin_value[max_execution_time]" = "1800"; | ||
22 | "php_admin_value[zend_extension]" = "opcache"; | ||
23 | #already enabled by default? | ||
24 | #"php_value[opcache.enable]" = "1"; | ||
25 | "php_value[opcache.enable_cli]" = "1"; | ||
26 | "php_value[opcache.interned_strings_buffer]" = "8"; | ||
27 | "php_value[opcache.max_accelerated_files]" = "10000"; | ||
28 | "php_value[opcache.memory_consumption]" = "128"; | ||
29 | "php_value[opcache.save_comments]" = "1"; | ||
30 | "php_value[opcache.revalidate_freq]" = "1"; | ||
31 | "php_admin_value[memory_limit]" = "512M"; | ||
32 | |||
33 | "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${basedir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp"; | ||
34 | "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; | ||
35 | }; | ||
36 | }; | ||
37 | in { | ||
38 | config = { | ||
39 | services.postgresql.ensureDatabases = [ "nextcloud" ]; | ||
40 | services.postgresql.ensureUsers = [ | ||
41 | { name = "nextcloud"; ensurePermissions = { "DATABASE nextcloud" = "ALL PRIVILEGES"; }; } | ||
42 | ]; | ||
43 | services.websites.env.production.modules = [ "proxy_fcgi" ]; | ||
44 | |||
45 | services.websites.env.production.vhostConfs.cloud = { | ||
46 | certName = "quatresaisons"; | ||
47 | addToCerts = true; | ||
48 | hosts = ["nextcloud.4c.salle-s.org" ]; | ||
49 | root = nextcloud; | ||
50 | extraConfig = | ||
51 | [ | ||
52 | '' | ||
53 | SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 | ||
54 | <Directory ${nextcloud}> | ||
55 | AcceptPathInfo On | ||
56 | DirectoryIndex index.php | ||
57 | Options FollowSymlinks | ||
58 | Require all granted | ||
59 | AllowOverride all | ||
60 | |||
61 | <IfModule mod_headers.c> | ||
62 | Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" | ||
63 | </IfModule> | ||
64 | <FilesMatch "\.php$"> | ||
65 | CGIPassAuth on | ||
66 | SetHandler "proxy:unix:${config.services.phpfpm.pools.nextcloud.socket}|fcgi://localhost" | ||
67 | </FilesMatch> | ||
68 | |||
69 | </Directory> | ||
70 | '' | ||
71 | ]; | ||
72 | }; | ||
73 | services.websites.env.production.vhostConfs.cloud_wait = let | ||
74 | content = pkgs.writeText "contenu" '' | ||
75 | nextcloud est un service qui a besoin de pérennité du nom | ||
76 | "nextcloud.salle-s.org", on va peut-etre y arriver, c'est une | ||
77 | question de jours, voir le message informatique.internet:8017 | ||
78 | ''; | ||
79 | in { | ||
80 | certName = "quatresaisons"; | ||
81 | addToCerts = true; | ||
82 | hosts = ["nextcloud.salle-s.org" ]; | ||
83 | root = content; | ||
84 | extraConfig = | ||
85 | [ | ||
86 | '' | ||
87 | Alias / ${content} | ||
88 | '' | ||
89 | ]; | ||
90 | }; | ||
91 | |||
92 | users.users.root.packages = let | ||
93 | occ = pkgs.writeScriptBin "nextcloud-occ" '' | ||
94 | #! ${pkgs.stdenv.shell} | ||
95 | cd ${nextcloud} | ||
96 | NEXTCLOUD_CONFIG_DIR="${nextcloud}/config" \ | ||
97 | exec \ | ||
98 | sudo -E -u wwwrun ${pkgs.php74}/bin/php \ | ||
99 | -c ${pkgs.php74}/etc/php.ini \ | ||
100 | occ $* | ||
101 | ''; | ||
102 | in [ occ ]; | ||
103 | |||
104 | system.activationScripts.nextcloud = { | ||
105 | deps = [ "users" ]; | ||
106 | text = let | ||
107 | confs = lib.attrsets.mapAttrs (n: v: pkgs.writeText "${n}.json" (builtins.toJSON v)) nextcloud.otherConfig; | ||
108 | in | ||
109 | '' | ||
110 | install -m 0755 -o wwwrun -g wwwrun -d ${varDir} | ||
111 | install -m 0755 -o wwwrun -g wwwrun -d ${varDir}/config | ||
112 | install -m 0750 -o wwwrun -g wwwrun -d ${varDir}/phpSessions | ||
113 | ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: | ||
114 | "install -D -m 0644 -o wwwrun -g wwwrun -T ${v} ${varDir}/config/${n}.json" | ||
115 | ) confs)} | ||
116 | ''; | ||
117 | }; | ||
118 | services.phpfpm.pools.nextcloud = { | ||
119 | user = "wwwrun"; | ||
120 | group = "wwwrun"; | ||
121 | settings = phpFpm.pool; | ||
122 | phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [ all.redis all.apcu all.opcache all.imagick ]); | ||
123 | }; | ||
124 | |||
125 | services.cron = { | ||
126 | enable = true; | ||
127 | systemCronJobs = let | ||
128 | script = pkgs.writeScriptBin "nextcloud-cron" '' | ||
129 | #! ${pkgs.stdenv.shell} | ||
130 | export LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive | ||
131 | export PATH=/run/wrappers/bin:$PATH | ||
132 | ${pkgs.php74}/bin/php -d memory_limit=512M -f ${nextcloud}/cron.php | ||
133 | ''; | ||
134 | in [ | ||
135 | '' | ||
136 | */15 * * * * wwwrun ${script}/bin/nextcloud-cron | ||
137 | '' | ||
138 | ]; | ||
139 | }; | ||
140 | }; | ||
141 | } | ||