From 2c1402a4ac21b4afc20ed917a00e05c66ba3a938 Mon Sep 17 00:00:00 2001 From: Emmanuel Beffara Date: Wed, 17 Mar 2021 10:46:20 +0100 Subject: [PATCH] Setup Nextcloud with NixOS, switch to PostgreSQL --- configuration.nix | 93 +++++++++++++++++++---------------------------- 1 file changed, 37 insertions(+), 56 deletions(-) diff --git a/configuration.nix b/configuration.nix index 151cb9e..9128045 100644 --- a/configuration.nix +++ b/configuration.nix @@ -48,83 +48,64 @@ # Nginx web server services.nginx = { enable = true; + virtualHosts."www.beffara.org" = { default = true; forceSSL = true; root = "/data/web/root"; enableACME = true; + }; - locations."/owncloud/" = { - alias = "/data/web/nextcloud/site/"; - extraConfig = '' - rewrite ^/owncloud/((cal|card|web)dav.*)$ /owncloud/remote.php/$1 redirect; - ''; - }; - - locations."~ ^/owncloud/.+\.php(/|$)" = { - alias = "/data/web/nextcloud/site/"; - extraConfig = '' - fastcgi_pass unix:${config.services.phpfpm.pools.nextcloud.socket}; - fastcgi_index index.php; - include ${config.services.nginx.package}/conf/fastcgi.conf; - fastcgi_split_path_info ^/owncloud/(.+\.php)(|/.*)$; - fastcgi_param SCRIPT_NAME /owncloud/$fastcgi_script_name; - ''; - }; - - extraConfig = '' - index index.php index.html; - add_header Strict-Transport-Security "max-age=15768000;"; - rewrite ^/.well-known/host-meta /owncloud/public.php?service=host-meta last; - rewrite ^/.well-known/host-meta.json /owncloud/public.php?service=host-meta-json last; - rewrite ^/.well-known/(cal|card)dav /owncloud/remote.php/$1dav/ redirect; - ''; + virtualHosts."cloud.beffara.org" = { + forceSSL = true; + enableACME = true; }; }; - # FastCGI server for PHP - services.phpfpm = { - phpOptions = '' - memory_limit = 512M - extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - extension=${pkgs.phpPackages.imagick}/lib/php/extensions/imagick.so - ''; - - pools.nextcloud = { - user = "nextcloud"; - settings = { - "listen.owner" = config.services.nginx.user; - "pm" = "dynamic"; - "pm.max_children" = 5; - "pm.start_servers" = 2; - "pm.min_spare_servers" = 1; - "pm.max_spare_servers" = 3; - "pm.max_requests" = 500; - }; + # Nextcloud + services.nextcloud = { + enable = true; + hostName = "cloud.beffara.org"; + https = true; + package = pkgs.nextcloud21; + home = "/data/web/nextcloud"; + + autoUpdateApps = { + enable = true; + startAt = "03:00:00"; }; + + config = { + overwriteProtocol = "https"; + dbtype = "pgsql"; + dbuser = "nextcloud"; + dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself + dbname = "nextcloud"; + dbpassFile = "/data/web/nextcloud/db-pass"; + defaultPhoneRegion = "FR"; + adminpassFile = "/data/web/nextcloud/admin-pass"; + adminuser = "admin"; + }; + }; + + # Ensure that postgres is running before setting up Nextcloud + systemd.services."nextcloud-setup" = { + requires = ["postgresql.service"]; + after = ["postgresql.service"]; }; - # MySQL database - services.mysql = { + # PostgreSQL database + services.postgresql = { enable = true; - package = pkgs.mariadb; ensureDatabases = [ "nextcloud" ]; ensureUsers = [ { name = "nextcloud"; - ensurePermissions = { "nextcloud.*" = "ALL PRIVILEGES"; }; + ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; } ]; }; - # System user accounts - users.users.nextcloud = { - isSystemUser = true; - home = "/data/web/nextcloud"; - group = "nextcloud"; - }; - users.groups.nextcloud = { }; - # Initial user account users.users.manu = { isNormalUser = true;