diff options
| author | sefidel <contact@sefidel.net> | 2024-02-03 04:09:42 +0900 |
|---|---|---|
| committer | sefidel <contact@sefidel.net> | 2024-02-03 04:11:27 +0900 |
| commit | 671bbbfa92348a1b5c05af2d7ba25dc37e590c5f (patch) | |
| tree | e69a2404e1bcecdd849fe9171cc8b7ac2c8740df | |
| parent | 6dfa8b17f424baf833034f344ea39393854b14a3 (diff) | |
| download | nixrc-671bbbfa92348a1b5c05af2d7ba25dc37e590c5f.zip | |
feat(modules/nextcloud): support ssl
| -rw-r--r-- | modules/services/nextcloud.nix | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix index 56fcb22..909fb30 100644 --- a/modules/services/nextcloud.nix +++ b/modules/services/nextcloud.nix @@ -6,7 +6,19 @@ let in { options.modules.services.nextcloud = { - enable = mkEnableOption ""; + enable = mkEnableOption "Nextcloud instance"; + + domain = mkOption { type = types.str; }; + realHost = mkOption { type = types.str; default = "nextcloud.${cfg.domain}"; }; + + ssl = { + enable = mkEnableOption "SSL for the instance"; + acmeHost = mkOption { + type = types.nullOr types.str; + default = null; + description = "ACMEHost for the certificate"; + }; + }; secrets = { admin-pass = mkOption { type = types.path; }; @@ -14,16 +26,23 @@ in }; config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.ssl.enable -> cfg.ssl.acmeHost != null; + message = "ssl.acmeHost must be set when enabling SSL"; + } + ]; + services.nextcloud = { enable = true; package = pkgs.nextcloud28; database.createLocally = true; - hostName = "nextcloud.internal"; + hostName = cfg.realHost; nginx.recommendedHttpHeaders = true; maxUploadSize = "512G"; - # https = false; + https = cfg.ssl.enable; home = "/smol/core/nextcloud"; enableImagemagick = true; @@ -86,6 +105,11 @@ in }; }; + services.nginx.virtualHosts.${cfg.realHost} = mkIf cfg.ssl.enable { + forceSSL = true; + useACMEHost = cfg.ssl.acmeHost; + }; + services.postgresqlBackup.enable = true; environment.persistence."/persist".directories = [ "/var/lib/postgresql" |