From 671bbbfa92348a1b5c05af2d7ba25dc37e590c5f Mon Sep 17 00:00:00 2001 From: sefidel Date: Sat, 3 Feb 2024 04:09:42 +0900 Subject: feat(modules/nextcloud): support ssl --- modules/services/nextcloud.nix | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) (limited to 'modules/services') diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix index 56fcb22..909fb30 100644 --- a/modules/services/nextcloud.nix +++ b/modules/services/nextcloud.nix @@ -6,7 +6,19 @@ let in { options.modules.services.nextcloud = { - enable = mkEnableOption ""; + enable = mkEnableOption "Nextcloud instance"; + + domain = mkOption { type = types.str; }; + realHost = mkOption { type = types.str; default = "nextcloud.${cfg.domain}"; }; + + ssl = { + enable = mkEnableOption "SSL for the instance"; + acmeHost = mkOption { + type = types.nullOr types.str; + default = null; + description = "ACMEHost for the certificate"; + }; + }; secrets = { admin-pass = mkOption { type = types.path; }; @@ -14,16 +26,23 @@ in }; config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.ssl.enable -> cfg.ssl.acmeHost != null; + message = "ssl.acmeHost must be set when enabling SSL"; + } + ]; + services.nextcloud = { enable = true; package = pkgs.nextcloud28; database.createLocally = true; - hostName = "nextcloud.internal"; + hostName = cfg.realHost; nginx.recommendedHttpHeaders = true; maxUploadSize = "512G"; - # https = false; + https = cfg.ssl.enable; home = "/smol/core/nextcloud"; enableImagemagick = true; @@ -86,6 +105,11 @@ in }; }; + services.nginx.virtualHosts.${cfg.realHost} = mkIf cfg.ssl.enable { + forceSSL = true; + useACMEHost = cfg.ssl.acmeHost; + }; + services.postgresqlBackup.enable = true; environment.persistence."/persist".directories = [ "/var/lib/postgresql" -- cgit 1.4.1