Add other services

2024-09-09 15:19:57 +02:00 · 2024-09-09 15:19:57 +02:00 · ff8a4d23a9
commit ff8a4d23a9
parent 0bbb49efee
10 changed files with 377 additions and 7 deletions
--- a/services/nextcloud/default.nix
+++ b/services/nextcloud/default.nix
@ -0,0 +1,78 @@
+{ lib, config, pkgs, ... }:
+let
+  cfg = config.services.vm_nextcloud;
+in
+{
+  options.services.vm_nextcloud = {
+    enable = lib.mkEnableOption "Enable minimal config";
+    proxy_ip = lib.mkOption {
+      type = lib.types.str;
+      description = "The Nginx proxy IP address";
+    };
+    db_ip = lib.mkOption {
+      type = lib.types.str;
+      description = "Gitea database IP address";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    environment.etc = {
+      "fail2ban/filter.d/nextcloud.conf".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
+        [Definition]
+        _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
+        failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
+                    ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Two-factor challenge failed:
+                    ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
+        datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
+      '');
+    };
+    services = {
+      fail2ban = {
+        jails = {
+          nextcloud = ''
+            backend  = auto
+            enabled  = true
+            port     = http,https
+            filter   = nextcloud
+            maxretry = 3
+            bantime = 86400
+            findtime = 43200
+            logpath  = /var/lib/nextcloud/data/nextcloud.log
+          '';
+        };
+      };
+      nextcloud = {
+        enable = true;
+        hostName = "${config.services.vm.vm_ip}";
+        home = "/var/lib/nextcloud";
+        maxUploadSize = "10240M";
+        caching.redis = true;
+        configureRedis = true;
+        database.createLocally = false;
+        phpOptions = {
+          "opcache.interned_strings_buffer" = "16";
+          "opcache.memory_consumption" = "512";
+        };
+        settings = {
+          trusted_proxies = [ "${cfg.proxy_ip}" ];
+          trusted_domains = [ "${cfg.proxy_ip}" ];
+          overwriteprotocol = "http";
+          overwrite.cli.url = "http://${cfg.proxy_ip}/cloud/";
+          "overwritehost" = "${cfg.proxy_ip}";
+          "overwritewebroot" = "/cloud";
+          htaccess.RewriteBase = "/cloud";
+          log_type = "file";
+        };
+        config = {
+          dbhost = "${cfg.db_ip}:5432";
+          dbname = "nextcloud";
+          dbuser = "nextcloud";
+          dbtype = "pgsql";
+          dbpassFile = "/run/secrets/nextcloud/nextcloud-dbpass";
+  		    adminuser = "tbarnouin";
+          adminpassFile = "/run/secrets/nextcloud/nextcloud-adminpass";
+        };
+      };
+    };
+    networking.firewall.allowedTCPPorts = [ 80 ];
+  };
+}