From 446710c76619cb0f6d8476bca76ccb363a295141 Mon Sep 17 00:00:00 2001
From: Andreas Zweili <andreas@zweili.ch>
Date: Sat, 5 Nov 2022 14:35:26 +0100
Subject: [PATCH] Add a module for nextcloud

---
 modules/nextcloud/custom-php.ini |  5 +++
 modules/nextcloud/default.nix    | 62 ++++++++++++++++++++++++++++++++
 scrts/nextcloud_env.age          | 34 ++++++++++++++++++
 scrts/secrets.nix                |  1 +
 systems/nextcloud/default.nix    |  8 ++++-
 5 files changed, 109 insertions(+), 1 deletion(-)
 create mode 100644 modules/nextcloud/custom-php.ini
 create mode 100644 modules/nextcloud/default.nix
 create mode 100644 scrts/nextcloud_env.age

diff --git a/modules/nextcloud/custom-php.ini b/modules/nextcloud/custom-php.ini
new file mode 100644
index 0000000..c736dda
--- /dev/null
+++ b/modules/nextcloud/custom-php.ini
@@ -0,0 +1,5 @@
+upload_max_filesize=20G
+post_max_size=20G
+max_input_time=3600
+max_execution_time=3600
+memory_limit=2G
diff --git a/modules/nextcloud/default.nix b/modules/nextcloud/default.nix
new file mode 100644
index 0000000..2aab4a3
--- /dev/null
+++ b/modules/nextcloud/default.nix
@@ -0,0 +1,62 @@
+{ custom, domain }: { config, pkgs, ... }:
+let
+  nextcloudEnvironment = {
+    MYSQL_DATABASE = "nextcloud";
+    MYSQL_USER = "nextcloud";
+    MYSQL_HOST = "172.17.0.1";
+    NEXTCLOUD_TRUSTED_DOMAINS = "nextcloud.2li.ch nextcloud2.2li.local 10.7.89.103";
+    REDIS_HOST = "redis";
+    SMTP_HOST = "mail.infomaniak.com";
+    SMTP_SECURE = "ssl";
+    SMTP_PORT = "465";
+  };
+in
+{
+  age.secrets.nextcloudEnv.file = "${custom.inputs.self}/scrts/nextcloud_env.age";
+
+  virtualisation.oci-containers = {
+    backend = "docker";
+    containers."nextcloud" = {
+      image = "nextcloud:25.0.0-apache@sha256:c65b3a099746f9168a594adc84f586a6a40719f50889d7814a6b68f6e183b26b";
+      autoStart = true;
+      environment = nextcloudEnvironment;
+      environmentFiles = [ config.age.secrets.nextcloudEnv.path ];
+      ports = [
+        "8080:80"
+      ];
+      volumes = [
+        "${custom.inputs.self}/modules/nextcloud/custom-php.ini:/usr/local/etc/php/conf.d/zzz-custom.ini"
+      ];
+      dependsOn = [ "redis" ];
+      extraOptions = [
+        ''--mount=type=volume,source=heimdall,target=/var/www/html,volume-driver=local,volume-opt=type=nfs,volume-opt=device=:/server_data/nextcloud/data,"volume-opt=o=addr=10.7.89.108,rw,nfsvers=4.0,nolock,hard,noatime"''
+        "--add-host=host.docker.internal:host-gateway"
+        "--net=nextcloud"
+      ];
+    };
+    containers."cron" = {
+      image = "nextcloud:25.0.0-apache@sha256:c65b3a099746f9168a594adc84f586a6a40719f50889d7814a6b68f6e183b26b";
+      autoStart = true;
+      environment = nextcloudEnvironment;
+      environmentFiles = [ config.age.secrets.nextcloudEnv.path ];
+      entrypoint = "/cron.sh";
+      dependsOn = [ "redis" ];
+      extraOptions = [
+        ''--mount=type=volume,source=heimdall,target=/var/www/html,volume-driver=local,volume-opt=type=nfs,volume-opt=device=:/server_data/nextcloud/data,"volume-opt=o=addr=10.7.89.108,rw,nfsvers=4.0,nolock,hard,noatime"''
+        "--add-host=host.docker.internal:host-gateway"
+        "--net=nextcloud"
+      ];
+    };
+    containers."redis" = {
+      image = "redis:alpine";
+      autoStart = true;
+      extraOptions = [
+        "--net=nextcloud"
+      ];
+    };
+  };
+  system.activationScripts.mkVPN = ''
+    ${pkgs.docker}/bin/docker network create nextcloud
+  '';
+
+}
diff --git a/scrts/nextcloud_env.age b/scrts/nextcloud_env.age
new file mode 100644
index 0000000..8c72d40
--- /dev/null
+++ b/scrts/nextcloud_env.age
@@ -0,0 +1,34 @@
+age-encryption.org/v1
+-> ssh-rsa 7S8lxw
+LdtLRHa5lpaXExtqkC8s2hJ20P+9YI4f2ZZFEkqc0/JozqzEFiP1xeAs8kXXpknf
+czC0AJpTVbovZysY1CCj+ApPprkjSde/RDFVyaa2DQrncKQdeubAY2GcmGpDup1p
+McuSIrZ92FuVU/yiBZGSzNeqoujCLoKUra3Y1P+ycrQ04ZBj+sxATAJ92Yba5hJy
+n2+/Mjdk00VfbZ+Z9oYejTuWNynCmKGhmAfVwFd/PwCN0lZoIxBucY1IwgtR928A
+v5g3i6pkzPXNMwlBbq5DkuEK6V5Lq3uAad0VeNKqyaDFSURLF4yrSqmdlW4iDm2+
+IlKtTEHpy7mLK59T8jyZFywDJ+DWywirOC7aZoYZ9UydrrWUyLoDjtfT3+7CTHHU
+IhODxMWi6/VeHzpSWNayQcCAviSzsHggHPDYsE4kgI5vBUbMn7wy0GfG5sdH7VsO
+6rVLdEoPk3Y2HYverzarnaeQBuIocgOFT6kLvUdVQYBdl9ttxjNRlCtw1yE9ZENY
+
+-> ssh-rsa Ws+JZA
+L2AEPNYGbXZFjyB6mY4I/JMaNWqpa8OObhRXFt8WnugS+U4JCENlJDbrpppTSmn+
+W0r26wfUyr1di8XSweyhKcVtdgUoFtR/VKuNEKMRK6d1OJ3umRYT3e/sQmM1nIr+
+2ZPs7aB705MF61zDz1JEdtwh8aH/+/19XnImatLm0Mz6ImoxE8Fn3elm55SEHcs3
+0bM/06pAkSIWbOgP9iArFkbswG0jPzump5W9tS+UrNCNolaMjitIuSfGR1D41G29
+kAloVh/iQ5qiWUHSz7NSGQeCVfKNpMC1v1QWWn2Vr9UMXkCiz/1sFOsem/V7PCU6
+zajq4/E0K5mOXQlIPA0DRKJz9OgsrIB1eGB/bM2KoZzJYDnEiBcL6kRJ8MpQhP1I
+/2i/fDC7tLu+wOndcgyBfXffCBWADg57JJ70YIanNh05rCeV2+5SgnjcxZxMy4hm
+mNkpiFAVGdv5XVwcdgYLnhhZjrYnS2gBedwfRDsFKOQHiH2YCbMKcjKHr4daoNWk
+
+-> ssh-ed25519 skmU/w nuyq5npptM5bas+M3jqpReL/hloZs3g6Kqub0uhrTkE
+ZmZ2h++VAwAzo9WrM+1XNLOcf1xkhsCXrfxpfs4+fwE
+-> ssh-ed25519 MpFwoA XOQyrApMRyzujgyiHbZxjOIVHqj9DuJ/at4VK1b4syg
+0Hz9Z376UtxMQn9WXl8CT/YYC4XSRuywWMTVjwplO+E
+-> ssh-ed25519 KXqA9w 0KnMs8WH07Quji6wNZDPYd1engQ3Y29BbpT0AryyqVk
+2ANzfISoBrt0mkeWt89PBaWrKIv0YgVr80upG1f2JyM
+-> ssh-ed25519 aGyD+A pdzvGvRlUkzv5ZQ8ichKbvRiwFQEK9ATRWcA3oX3Jno
+tX0gFk+0RXPki7HbIHMj97NQCZfDPCibZ7PWn+E8C9I
+-> Q:-grease S`l _Ta<]e& (PT)~\
+vgI4o9Su/jk
+--- nnHLB07Gyv5bDviSDUjsR4VWuXV6M0UabD56bmGcu24
+\æ"ÃŒ•„”ýO«°æ}¢ÔžbÇÖÇM–>ÞfèÐ[£æ]×¶¶/ç]xfLô±X8^á†5'†æ73”äŠ¯^8Vw»c×Aó—Xzzð-QíNŽöW¨sÀå!–iÿ;»=|Q';{ÌÀ]"ŽÒ¼|`dØRÕ +Þ[’ˆ5j(O¢ù«¢Úºñ>ÁÏŠ¢ÕCŸ7/"Æî¾vAJº’ÆôiL'ÚÒ—ˆ¶Å}2ìÏPÆ+ÜîX(Ùè®óUÄ™Üº5IG©Ð„ò¶œb´„ö5žN}
+äS(ÇÞnº­0nîlêk,{a?>›æÈ;]“=óuãné‰B£†a’U³`ß­î9‘o
\ No newline at end of file
diff --git a/scrts/secrets.nix b/scrts/secrets.nix
index 70044b4..f64d028 100644
--- a/scrts/secrets.nix
+++ b/scrts/secrets.nix
@@ -35,6 +35,7 @@ in
 {
   "gitea_env.age".publicKeys = defaultKeys ++ [ git ];
   "infomaniak_env.age".publicKeys = all;
+  "nextcloud_env.age".publicKeys = defaultKeys ++ [ nextcloud ];
   "pihole_env.age".publicKeys = defaultKeys ++ [ pihole ];
   "personal_email.key.age".publicKeys = defaultKeys;
   "plex_claim.age".publicKeys = defaultKeys ++ [ plex ];
diff --git a/systems/nextcloud/default.nix b/systems/nextcloud/default.nix
index b393b01..4f9feda 100644
--- a/systems/nextcloud/default.nix
+++ b/systems/nextcloud/default.nix
@@ -1,4 +1,7 @@
 { custom, hostname }: { pkgs, ... }:
+let
+  domain = "nextcloud.2li.ch";
+in
 {
   imports = [
     (import "${custom.inputs.self}/systems/proxmox-vm" {
@@ -11,6 +14,9 @@
     })
     (import "${custom.inputs.self}/modules/docker" { inherit custom; })
     "${custom.inputs.self}/modules/mariadb"
+    (import "${custom.inputs.self}/modules/nextcloud" {
+      inherit custom domain;
+    })
     "${custom.inputs.self}/modules/nginx-acme-base"
   ];
 
@@ -20,7 +26,7 @@
       add_header X-Frame-Options SAMEORIGIN;
     '';
     clientMaxBodySize = "20G";
-    virtualHosts."nextcloud.2li.ch" = {
+    virtualHosts."${domain}" = {
       enableACME = true;
       forceSSL = true;
       locations."/" = {