Move everyting to hel1 except emails

2025-12-25 05:36:59 +01:00 · 2024-12-10 11:39:55 +01:00 · 2024-12-10 11:39:55 +01:00 · f18644f8a1
commit f18644f8a1
parent 0d3f1b4afc
18 changed files with 476 additions and 448 deletions
--- a/modules/nextcloud.nix
+++ b/modules/nextcloud.nix
@ -1,20 +1,19 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 let
  cfg = config.custom.services.nextcloud;
-  uidFile = pkgs.writeText "uidfile" ''
-    nextcloud:993
-  '';
-  gidFile = pkgs.writeText "gidfile" ''
-    nextcloud:991
-  '';
-in {
+in
+{
  options.custom.services.nextcloud = {
    enable = lib.mkEnableOption "nextcloud";
  };

  config = lib.mkIf cfg.enable {
    sops.secrets = {
-      sshfsKey = { key = "sshfs_keys/private"; };
      nextcloudDbPassword = {
        owner = config.users.users.nextcloud.name;
        key = "nextcloud/db_password";
@ -29,31 +28,6 @@ in {

    environment.systemPackages = with pkgs; [ sshfs ];

-    systemd.services.nextcloud-data-sshfs = {
-      wantedBy = [ "multi-user.target" "nextcloud-setup.service" ];
-      before = [ "phpfpm-nextcloud.service" ];
-      restartIfChanged = false;
-      serviceConfig = {
-        ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /var/lib/nextcloud/data";
-        ExecStart = let
-          options = builtins.concatStringsSep "," [
-            "identityfile=${config.sops.secrets.sshfsKey.path}"
-            "ServerAliveInterval=15"
-            "idmap=file"
-            "uidfile=${uidFile}"
-            "gidfile=${gidFile}"
-            "allow_other"
-            "default_permissions"
-            "nomap=ignore"
-          ];
-        in "${pkgs.sshfs}/bin/mount.fuse.sshfs www-data@10.0.2.3:/nix/var/data/nextcloud/data "
-        + "/var/lib/nextcloud/data -o ${options}";
-        ExecStopPost =
-          "-${pkgs.fuse}/bin/fusermount -u /var/lib/nextcloud/data";
-        KillMode = "process";
-      };
-    };
-
    services.nginx.virtualHosts."${config.services.nextcloud.hostName}" = {
      enableACME = true;
      forceSSL = true;
@ -61,6 +35,9 @@ in {

    services.nextcloud = {
      enable = true;
+      # Can't be changed for now, could use a bind mount as workaround
+      # https://github.com/NixOS/nixpkgs/issues/356973
+      # home = "/nix/var/data/nextcloud";
      package = pkgs.nextcloud29;
      hostName = "cloud.${config.networking.domain}";
      https = true;
@ -69,7 +46,7 @@ in {
      config = {
        dbtype = "pgsql";
        dbuser = "nextcloud";
-        dbhost = "10.0.1.11";
+        dbhost = "127.0.0.1";
        dbname = "nextcloud";
        dbpassFile = "${config.sops.secrets.nextcloudDbPassword.path}";
        adminpassFile = "${config.sops.secrets.nextcloudAdminPassword.path}";