lass/1systems/ubik/config.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

with import <stockholm/lib>;
{ config, lib, pkgs, ... }:
{
  imports = [
    <stockholm/lass>
    <stockholm/lass/2configs>
    <stockholm/lass/2configs/retiolum.nix>
  ];

  krebs.build.host = config.krebs.hosts.ubik;

  krebs.sync-containers3.inContainer = {
    enable = true;
    pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPBFGMjH0+Dco6DVFZbByENMci8CFTLXCL7j53yctPnM";
  };

  security.acme = {
    acceptTerms = true;
    defaults.email = "acme@lassul.us";
  };
  networking.firewall.allowedTCPPorts = [ 80 443 ];

  # nextcloud
  services.nginx.virtualHosts."c.apanowicz.de" = {
    enableACME = true;
    forceSSL = true;
  };
  services.nextcloud = {
    enable = true;
    enableBrokenCiphersForSSE = false;
    hostName = "c.apanowicz.de";
    package = pkgs.nextcloud25;
    config.adminpassFile = "/run/nextcloud.pw";
    https = true;
    maxUploadSize = "9001M";
  };
  systemd.services.nextcloud-setup.serviceConfig.ExecStartPre = [
    "+${pkgs.writeDash "copy-pw" ''
      ${pkgs.rsync}/bin/rsync \
        --chown nextcloud:nextcloud \
        --chmod 0700 \
        /var/src/secrets/nextcloud.pw /run/nextcloud.pw
    ''}"
  ];
}