Enable nextcloud

Update secrets
Nextcloud LXC
2025-08-20 08:13:09 +08:00 · 2025-08-20 08:13:06 +08:00 · 2025-08-19 22:20:24 +08:00
5 changed files with 73 additions and 12 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -1,13 +1,11 @@
 keys:
-  - &admin_fern age1n9q3cspp4a6qvjv9xaf00e5d5za3d8upz4akj2fh6zt5ly3ahans3vpx5x
-  - &admin_ornithologist age1t4cmsp8ge42cftxne6vjxt255tsfe6aga4r35gev647f3yuvwvkqyetenv
-  - &server_firefox-syncserver age1hrvts2jkdclk3f9atjry7chuakt5n9qmlwfwsdlcnmc88ld3ysuqz6ejge
-  - &server_nextcloud age1fn3y3km7wuftvrc2ds78ceu2wfrya0l5up0gshhnyhrq7gyglu0s2j8mpm
+  - &muskduck age1f99k8ujf9gt9zhzyqquhuv38znwjtv2cf42s0sf3h0waa5gwxsvscd2rvw
+  - &firefox-syncserver age1hrvts2jkdclk3f9atjry7chuakt5n9qmlwfwsdlcnmc88ld3ysuqz6ejge
+  - &nextcloud age1vkup37w26905wzmjnjxryfzga7f72dzhuay45uuhqvntj3gajydsnukxv7
 creation_rules:
  - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - age:
-      - *admin_fern
-      - *admin_ornithologist
-      - *server_firefox-syncserver
-      - *server_nextcloud
+      - *muskduck
+      - *firefox-syncserver
+      - *nextcloud
--- a/flake.lock
+++ b/flake.lock
@ -412,11 +412,11 @@
    "secrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1753192971,
-        "narHash": "sha256-+Gg9j2Un6wEtut8uXtfiya+QeL+EMWzR+/xWXDR8fVg=",
+        "lastModified": 1755613196,
+        "narHash": "sha256-nHR8//I5cMjWbDvlBk4HNE3wb0l+M4y5Xx8cwehJlE0=",
        "ref": "main",
-        "rev": "3caaec2bd7cd7d1feb244e00ca4664dabb8a0495",
-        "revCount": 4,
+        "rev": "026300d70aff95c9b3514e9922979ae0340b6d6a",
+        "revCount": 5,
        "type": "git",
        "url": "ssh://git@docker.local:222/fern/secrets"
      },
--- a/flake.nix
+++ b/flake.nix
@ -98,5 +98,10 @@
      (mkHost "firefox-syncserver" {
        suite = "server/lxc";
      })
+
+      # Container running Nextcloud.
+      (mkHost "nextcloud" {
+        suite = "server/lxc";
+      })
    ];
 }
--- a/hosts/nextcloud/default.nix
+++ b/hosts/nextcloud/default.nix
@ -0,0 +1,57 @@
+{
+  config,
+  pkgs,
+  secrets,
+  ...
+}: {
+  # Import secrets.
+  sops = {
+    age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
+    defaultSopsFile = "${secrets}/sops.yaml";
+    secrets."nextcloud/admin_pass" = {};
+  };
+
+  # Enable Nextcloud.
+  services.nextcloud = {
+    enable = true;
+    package = pkgs.nextcloud31;
+    hostName = "localhost";
+    database.createLocally = true;
+    appstoreEnable = false;
+    autoUpdateApps.enable = true;
+
+    extraApps = with config.services.nextcloud.package.packages.apps; {
+      inherit calendar contacts dav_push gpoddersync notify_push user_oidc;
+    };
+
+    settings = {
+      trusted_domains = ["cloud.ferngarden.net" "10.0.1.107"];
+      trusted_proxies = [
+        "::1"
+        "127.0.0.1"
+        "10.0.1.102" # reverse proxy
+      ];
+      log_type = "file";
+      default_phone_region = "AU";
+      maintenance_window_start = 1;
+    };
+
+    config = {
+      dbtype = "pgsql";
+      adminuser = "fern";
+      adminpassFile = config.sops.secrets."nextcloud/admin_pass".path;
+    };
+
+    phpOptions."opcache.interned_strings_buffer" = "64";
+
+    notify_push = {
+      enable = true;
+    };
+  };
+
+  # Open required ports for Nextcloud.
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+}
--- a/suites/desktop/default.nix
+++ b/suites/desktop/default.nix
@ -265,6 +265,7 @@ with lib; {
    gnomeExtensions.color-picker
    gnomeExtensions.rounded-window-corners-reborn
    gnomeExtensions.smile-complementary-extension
+    inkscape
    jellyfin-media-player
    libreoffice
    minipro
Author	SHA1	Message	Date
Fern Garden	7ffe1dad52	Enable nextcloud	2025-08-20 08:13:09 +08:00
Fern Garden	dbdd5ba47d	Update secrets	2025-08-20 08:13:06 +08:00
Fern Garden	6347e2e620	Nextcloud LXC	2025-08-19 22:20:24 +08:00