about summary refs log tree commit diff
path: root/modules
diff options
context:
space:
mode:
authorsefidel <contact@sefidel.net>2024-02-03 04:09:42 +0900
committersefidel <contact@sefidel.net>2024-02-03 04:11:27 +0900
commit671bbbfa92348a1b5c05af2d7ba25dc37e590c5f (patch)
treee69a2404e1bcecdd849fe9171cc8b7ac2c8740df /modules
parent6dfa8b17f424baf833034f344ea39393854b14a3 (diff)
downloadnixrc-671bbbfa92348a1b5c05af2d7ba25dc37e590c5f.tar.gz
nixrc-671bbbfa92348a1b5c05af2d7ba25dc37e590c5f.zip
feat(modules/nextcloud): support ssl
Diffstat (limited to 'modules')
-rw-r--r--modules/services/nextcloud.nix30
1 files changed, 27 insertions, 3 deletions
diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix
index 56fcb22..909fb30 100644
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@@ -6,7 +6,19 @@ let
 in
 {
   options.modules.services.nextcloud = {
-    enable = mkEnableOption "";
+    enable = mkEnableOption "Nextcloud instance";
+
+    domain = mkOption { type = types.str; };
+    realHost = mkOption { type = types.str; default = "nextcloud.${cfg.domain}"; };
+
+    ssl = {
+      enable = mkEnableOption "SSL for the instance";
+      acmeHost = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        description = "ACMEHost for the certificate";
+      };
+    };
 
     secrets = {
       admin-pass = mkOption { type = types.path; };
@@ -14,16 +26,23 @@ in
   };
 
   config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.ssl.enable -> cfg.ssl.acmeHost != null;
+        message = "ssl.acmeHost must be set when enabling SSL";
+      }
+    ];
+
     services.nextcloud = {
       enable = true;
 
       package = pkgs.nextcloud28;
       database.createLocally = true;
-      hostName = "nextcloud.internal";
+      hostName = cfg.realHost;
 
       nginx.recommendedHttpHeaders = true;
       maxUploadSize = "512G";
-      # https = false;
+      https = cfg.ssl.enable;
 
       home = "/smol/core/nextcloud";
       enableImagemagick = true;
@@ -86,6 +105,11 @@ in
       };
     };
 
+    services.nginx.virtualHosts.${cfg.realHost} = mkIf cfg.ssl.enable {
+      forceSSL = true;
+      useACMEHost = cfg.ssl.acmeHost;
+    };
+
     services.postgresqlBackup.enable = true;
     environment.persistence."/persist".directories = [
       "/var/lib/postgresql"