78 lines
2.6 KiB
Nix
78 lines
2.6 KiB
Nix
{ lib, config, pkgs, ... }:
|
|
let
|
|
cfg = config.services.vm_nextcloud;
|
|
in
|
|
{
|
|
options.services.vm_nextcloud = {
|
|
enable = lib.mkEnableOption "Enable minimal config";
|
|
proxy_ip = lib.mkOption {
|
|
type = lib.types.str;
|
|
description = "The Nginx proxy IP address";
|
|
};
|
|
db_ip = lib.mkOption {
|
|
type = lib.types.str;
|
|
description = "Gitea database IP address";
|
|
};
|
|
};
|
|
config = lib.mkIf cfg.enable {
|
|
environment.etc = {
|
|
"fail2ban/filter.d/nextcloud.conf".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
|
|
[Definition]
|
|
_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
|
|
failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
|
|
^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Two-factor challenge failed:
|
|
^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
|
|
datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
|
|
'');
|
|
};
|
|
services = {
|
|
fail2ban = {
|
|
jails = {
|
|
nextcloud = ''
|
|
backend = auto
|
|
enabled = true
|
|
port = http,https
|
|
filter = nextcloud
|
|
maxretry = 3
|
|
bantime = 86400
|
|
findtime = 43200
|
|
logpath = /var/lib/nextcloud/data/nextcloud.log
|
|
'';
|
|
};
|
|
};
|
|
nextcloud = {
|
|
enable = true;
|
|
hostName = "${config.services.vm.vm_ip}";
|
|
home = "/var/lib/nextcloud";
|
|
maxUploadSize = "10240M";
|
|
caching.redis = true;
|
|
configureRedis = true;
|
|
database.createLocally = false;
|
|
phpOptions = {
|
|
"opcache.interned_strings_buffer" = "16";
|
|
"opcache.memory_consumption" = "512";
|
|
};
|
|
settings = {
|
|
trusted_proxies = [ "${cfg.proxy_ip}" ];
|
|
trusted_domains = [ "${cfg.proxy_ip}" ];
|
|
overwriteprotocol = "http";
|
|
overwrite.cli.url = "http://${cfg.proxy_ip}/cloud/";
|
|
"overwritehost" = "${cfg.proxy_ip}";
|
|
"overwritewebroot" = "/cloud";
|
|
htaccess.RewriteBase = "/cloud";
|
|
log_type = "file";
|
|
};
|
|
config = {
|
|
dbhost = "${cfg.db_ip}:5432";
|
|
dbname = "nextcloud";
|
|
dbuser = "nextcloud";
|
|
dbtype = "pgsql";
|
|
dbpassFile = "/run/secrets/nextcloud/nextcloud-dbpass";
|
|
adminuser = "tbarnouin";
|
|
adminpassFile = "/run/secrets/nextcloud/nextcloud-adminpass";
|
|
};
|
|
};
|
|
};
|
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
|
};
|
|
}
|