From 448d3fb3592cc73761562dcfdd1cd4921ed6a488 Mon Sep 17 00:00:00 2001
From: Charlotte Van Petegem <charlotte@vanpetegem.me>
Date: Mon, 5 Apr 2021 15:45:31 +0200
Subject: [PATCH] Manage nextcloud in nixos instead of docker

---
 machines/lasting-integrity/default.nix |   1 +
 machines/lasting-integrity/secret.nix  | Bin 2768 -> 2656 bytes
 modules/default.nix                    |   1 +
 modules/nextcloud.nix                  |  41 +++++++++++++++++++++++++
 4 files changed, 43 insertions(+)
 create mode 100644 modules/nextcloud.nix

diff --git a/machines/lasting-integrity/default.nix b/machines/lasting-integrity/default.nix
index 90d610cd..dfa4b851 100644
--- a/machines/lasting-integrity/default.nix
+++ b/machines/lasting-integrity/default.nix
@@ -17,6 +17,7 @@
     stateVersion = "20.09";
     docker.enable = true;
     nginx.enable = true;
+    nextcloud.enable = true;
     ovh.enable = true;
     smartd.enable = true;
     sshd.enable = true;
diff --git a/machines/lasting-integrity/secret.nix b/machines/lasting-integrity/secret.nix
index c95ad9c5dd21790fefc6ca1c8846e4f40db53aee..e38f5a8d170058a9c6544b144c232527743ef8a8 100644
GIT binary patch
literal 2656
zcmZQ@_Y83kiVO&0$X;vl{Fdnbm6rsUFyD9i^zGioX^}f7dp*0O!kr{86Zk!L<GuD0
zm!!uw+rP(g*Y1DTdWB1=Q)245jNrLP6hkY6o=VT#n03_5-ui6XJ{I}5sn(Y|f1iqE
zP5$<=^2of><nu1OJF~S*kMc3z`mWV5S@p@X-n$)rufMC$EuC`uO|661&c)Ay@)IK#
z9?WF+p789v^EIKJ0tGA_i|=zDR2P2g#PVo|LYvoxK(?b?CJs|1lGdkfU9m-I#*Jzn
z&qN+Zc8`l6tn*&I@{8qLF?s5)DK9E-ZSZs`2~|~yY5G_7_?67M=`4yrqz=a4V0UNQ
zY0r1ojlblZ&#JklA~lm|)VUP$oeRuPcqB4^NoVeFx%G-J2NvyVvf~$=ae213YM#%#
z*9!~3|33Dia98-Bz&W~q`C|%MYda2`xboD#@of(IXXjOsuJER>$Ns_ZE1N&2z4PCf
z#U{aUWmm7pgZ8bP!hCe35;iRSS(?>9IZ-X!=gym}>MN6Gm=tlCyYuW}ZMx@e-xp`^
z_u_$}nLtd$3e#)7j^UyO#f)DLpD~Jet?~QlEdFq++4_J>o`RPizpPjD+M&K=dpz&T
z(8P^WKNjuCSkjidfAYkTGiN7UZ8&_}QFlS4@!x+j^1h)vuTDz2#(r{QU*+DX>!%#i
z4;2a8aV%BpuFv=7uS`shHSRJRKa(&%d_+4xDL09==e4l=mz^D}EcFVq8V@Y}$hBnW
zVjq`=53{9L@BVONVVXyO*!v?P&py^Bol^d;x?0Ft>gdS?mYqJS<=q_<f>eU%J<NGr
z?)O1?x0=(-*{}P3OxFu6;gDAivF&<c+U-8q#LkjOtn{SdZiN=RFE_Jv!Yf)`>f(eu
zCUQLc_W1+<isFcK7ZnWGsky#dD5Rurr>7|DaOy(!ZS~qMk;V-2ir4l@*&X?`J^a<e
zi_+;^9K)(sZHfQ1s#NJ$z_i-y>-%QOok{&sFYO_aJnyUFJi$Y^;*CCtwE4JA-JjPP
z!1G6>h+9#lFP`z{#JZ|NlS{noJ&wHo?`rk3wwkSN`<jXGXR@T({k(L*Ir7E}h966L
zSc}?qWDU3PP2Q3xB9mqkWgIH{dG{WJqw!DHIW=hY6nX?0-8-FssLTBARh2b|&oxhp
zI8>^m^>gnuJ4cD&%&gEGC;8%fS{2yX4tW%Y?BVH;P1+pPrX(pgWBbF71BoyFr?WZq
z)kfS`zt^<#q3Y|p(7e`T8A~ifn&&)YeL0!^>|%>5_tx2G+H9}<pR#wWYPpTfl&H!l
zewX#*F7euZX(;Bu)%oS<bRqwodnV0^4wt4VoqVvH!S7b>jrYY4o=OV0AK0x-UK{da
zy16}L8s{N?vxPHmxz1yJkhZ=2>d_*xE&reR-!W`nd%cElq3ki~&finQbc&er&zc(V
zW_hzN&gn$su9+zx!ycO7IXC}=mA#c&uij>}dtNuSxMvzDO<NvwT6FjKX+|$+B}_hD
zUJ~H>^l7|NTHE;r^2yU?uIb&SaesZy2}>)U(yIY6W=*@A>=rFK_D%k|>xmba42t>}
z+uv6|SogMKV$l`f%x6Z+u3hflc2d1lc)ef|i)Mk$ZVuDUkL=GEhL_a3I|uG;YH_t>
z(V1Ab_3gSQk$;J2Wu<mU?c3vawd@7|^Io~iFD#z*Ov;O7*KKE<_u>4<?4Z?B``6_~
zFWG(lr;_qY@$gjpwK|pyFD3ksS+`T}<FtHU&5G^j6K3@*G%c3e#;)GD!l5v^TFxZF
z_TnAm*K_x@*>PobT>52Ry4U}Ka!b(7FD0oua}|zEeZC^<yQERdzgwM-@{g-#sW&HZ
z$*h?>tJP((*2N>&dfr6+SmmL5c-kGkf|=|8E!Zi3mE-E$Bu%ZQF_J$Xm$f$SfB2!c
zi_!GN=@^qojIZtQ^09_xo)0U{OnhA>wRHRP>+CDUj^`!2xLwavh~w8ZK5*VORrYE8
z+Un)MEi%5noAWy(IQ09*-kv4GIX5M)6_orq6Y(P0cj~?c6)f*KJXIe(y&+qFuKwek
zvJGh~`E^ep47WVyZC@_5<;mKQ(YNlLTKsXI6o<jT<`=EZwoc`DU;Vtts3{cO{Oj6L
ze(%QJO}`q<XaC&zsef~^$(heT>SjITbL+YFz%_Pq#EN|lZTr&`ZXHljnPX{ie&U|b
zueWYgzgE@$BkW-~)5(Yo`$GlYKmIIWIWMqv`i`tDg{jTw6|euDe{6F#&*`5XtVf$a
zZqQPg&_3r|n*5WWyH1ub?RsdT+cvGkV2Sd<J%4(WEw?{faB`xe!`W?tEcV-VSr4As
z&@P!XC)oAX`g<F{9J=G@kSBMV_0xi%tkX{0DsI1<a_#Tr+a0T(o_1q;bxLrO%%r{|
zhvbIu8a^J`_8l#m9R0iZURmH+^!-8Q%*MI1g&OkoTAttJisQYxWW&|6=BD|nWhPAT
z_j=WDoRYNRvf`CIX^ksI>-+83wx`6`NUmM6XzPQeNAH&`$vhTf`a1Nl&LyEP(S-e8
zoBUKh{ZokdWz$^lHD4)n!+WhsOrJFFnb>}x_SnSZWYe_t6Dw}MP19tZ;(sZx?&$yf
zONH1aWtcuJ;ZjoZ`I}a=Mn`{Pl~%E;^PQ@1j2?vshw8qiZ8cbz%&_97W|WZl@9Cl^
zB~53z-#Te&w`<mk+4=ico!?{na?!f@C3&tc2h?>QS8a~n<nI5xU%+JhqMLK&@}e%~
zJe>3T>Tj#k#gkR-xk9t{%z2cre<Pmt^^-@oJH=bRJU(m_FkgY8B0yBiZ>KF^tZ2<y
z*9R>HiJMmm`qrnK#i(-s_<hcHN5p+$!&6VHt{1ZB%{=qK`pcuIX_DJQ!dJ*$Te{F{
z(!)*b<lpQRS-ZEL=g!?tzg3JUbX=+3*W&0u;l+<%mmQq0%$2e@w)4Q>x#{*(W&7Q)
zr|N1xJMWYwnI=#X^Y>hC*NltLT-w-FI{tb^e97etHMU|4n5k~|=&Meb<C(o1yiW?g
zU*DP%eDq$LTbqLPlcjq?i(@YJUr;evrKx;-t$)gP&WIySi7ULP$xY%<{eQTIt-aj-
zcav-N&KZ|IM3~mq-`wSQ;n$CQpH>}=ejEL_tmLZ2r=Ml*j86ow{5O=1xc%jBonEod
zNyRS=|8}0%R=e_bYL|24r`c6}L9;#{Pdqq%ruc*?ogFTBpQ(3-nQUtl+vQ{`HB)P{
zSbu><$kg_fO^%MQ4hzjrVmx}_{7kWn9d7d<f7j1A#MKZJey+zbyTGp9r~Q^uzS)^O
z;mhV8?fsp1M9k#)wYDWiwFhKUg_kE3_iT82@0Y=ez^{2G&X=s%*82XJQakXxZ~uzK
z`OY&hFzG5NoZZL2^>JF$jHRES*t~F`ZngWFOZm~T*(RmdZ_Jv7T_$RCHBDNrc{1o~
zcBRGA=9xn0k{9IaIerroHP7}v%EGwj%+D^vkRw%wlf2m(E|pjt_4K9+d`)J$$Jh|K
z>>G=Csp2`k3a&n$d$x-X915A4_2ozWhHKw;GoB0mm^rV-v-iaQk9MIi{<^tD7_JxI
zkkVK1;^`BgNJ*a=+g4m~j@_4R=&BPaE_U|N(^F-sKlWU`kpBIi)Ve7r#92QYC+}$E
zyWqr;HNE2Xp}0dz>HU4Zty7hR7mHY(E|aacRbg_pxVzxliBpMl_KQBADs=_`;QT8v

literal 2768
zcmZQ@_Y83kiVO&0(4M;D&7sLhR7_50Jl(<^!!bkcYUtFr?OuY-`o_F-HgW$oe{rBY
zSSapk-wVsj3!8$B_ju}WWSPX7_haqmg{tE2j_&&=g|w|G{=D{3+ZDb`+h$Ew_RY`L
z4_~TdRnE1V<-vKKGrDr8Pgf*Al4H+#d1~tU7fb3|uP!Pw$lE15VO!aJF|}iN<+)t9
z^IR|L*5vOASm+}7=SGaNa8JsQRjf^3LAO+S=e|rb?he;DU-($`<o&?deX1Yjt*vB2
z_xxyodiE~+8^>1>PJc5>@2M_$5L6`l|3*vBo_Pm<J-e-!vGpIP`U`H6bEm(TB?`8G
zTo~-#702*(g3UX7x6hB?GU*<Pto?XHuvu;HGN!fhdoPHJ>pjxE?DDQf*}qVK)wwO7
z7wxaUqB+}mwF)m+N1N1*hsR2e+Ps~e&NQ>&cx|TF9;QRvcldlM5zT6gyrLx@DAww^
z_m+IJTimV_YA;=vCcO6$m;bDnCTQn(d7D93Vys1w&UgDGEoxJ9jDI%N9+uxDWhu5Z
z>)*@ymnToi-_>_}P2S!Tf$96ET)iwgx97u#7S=A_pKF&*I+*J?<)G*zw(?yY&)ci&
zyvppHvO(kEfyd{qult>N8MyD`0;Q=@LK`M0FS1se9a3SU)z3B4@bjfNrW!o%JrcYB
zp4j~6U4^s7o~K%#0`*h)Q>y3wj-H_#8JV`px~bnGW5>Bwyyse<7woG)s(7aQTkrhv
zG_5%@uPS5gi~VLi$mvg&6|Vli=;)sN_kaBgN-ti;e0RtB<FS7q<X*ltvF1TCd*7kc
z(`K&!*`?8+bNI}vKaZZa&b7ZQ7u5Rw++)eQ9ZgKL-rioZGgtf5nR`EHT@#s<f5UUF
z(9Z^sGdb*gPHeCe%w;<0eU!<v#!lduE2oB@_zvgOMai5_UT>s680S5)yvVq)H+Xv5
zOZi{X2TyKDvwr<3{*LeLdHn53IcM*i*nEgMp8Z2y_CScpw|k+fN%!S;S&2FLI#x3;
zPS|m*^{B&{JBv5Z=3U`i?9|A*;#|{($5nY{tG1qNY2_AcVv$%Nb(1@+HsXBtr1bbR
zIY(WT)I^@`?hjk&<`%qd*44sU$BJ3*?09D8QM!A|(H`B(lY3`LoLKXyU-kRDu;8=@
zGbfzf@_*;oH{u&3w%a-#bU%MW@6`wUE$4N;m+wj|?$}YbgY)Y(c}83PS+?ndJ2O08
z`u-<=<*qSp$qIZvlOyw3^B!yU#DjHR(~s@BKF8B|_PWb@(^A%Do=Cr0bLPicu{r*{
zynPCnO*>;)EAqD|@ha8%80au8uh4K2Zn6Jadi?LcmyeBSZ~mMd`r@@?@(C@z%ag>F
zu9j7p+-N`T6z8d}A5`m{FT7T6SJM%V6UFytD(`+BSuy+cvGmFQ-pAsV8hr(O&+*Rr
z$8_|?!egegr;3D@?EmjSuY9VHqWV`Zv7TePE5F-c@Uj)<@V7qjGO7Bp)VE}{e>`=3
z4L4q`{BqkjcIUC?IcI+T<NSJF$0gdrEJQh{Xun?k{ptj^g=Yjq`UF`IYgJG8t(x>q
zA+Ptw?R8iBEcJT-ynb@LEc9*3{b_TxU(3ELIoGwpRNDRP^anfgCW@KWN~>%u{`bKy
zIBAbsK*%$<71{Fz%ra{9rbz#pk?{2R=jPva(Sp+A_4jjbPuEXA6m7jQMRFHQnBWRe
zxen=Dr{Aq<z4EZ;->KO%W^Jf5Q@!QWWc~N_;!dX9DO`WP{)@5jwF^5L6UpvyTJh$c
zz6W=+f_1iVd|8%J|8V~QvXA!RD&bO=*RMwi99f#Y{vaz$jr&Doce4X)t+W}|Y*qWp
zc8{r|prrrsn)iaDhQSrh6ArGqR(h&nPo$}g;mqsL8&BEutmM!aH4fl3%KUp_=gzGO
z+J-mwEn4Jw=&*uQzKWt>o4~}hfCo?FgJbj_3E#V!s(A2N+u!#b!j*BEyhlFH*>+6&
zF3Sg9_3w3x^>c4sm&!`HSCp3bW6!SIlUfJu{BB-(+|GEY{?zOAhTE5x<s6Nyz2b0^
z&8Oo?U;!^@+@g~aZ%WcRW+)09&MY>%usSJp;^VE?Q&#Z3TYW5k$J`2q&&n@eOioCD
z_oGzd`tHBa`0b_^JIYvmxGq@obGiA{Xp;_c_AZ;pUQR4?=bwDm@a<~Bj&dKSZ8E1H
z?91Q#f9<uq9EQ&pKKQ!vb4bT3CEM2(%?7U1Si^5#Q?2^7yxYd#@y=&m*>_UQJ{_KV
z=e_C_)grgIQ#cMca%z^cd8OJtxIbGWf6iz9uD6|&owDWL*6c65^k>z~tRsJ&oA=G0
zGGUWNv)s}fZC4s)YL7p=<@=r|sQY>~<0_5xb0W)rEtc4~*E@33(X?YXWrK<}GWILC
zbo<Y5p0KB@%GPA=lE`DnL~0*#PLxvgKV<geMs-c2O3Z>3=KopWZm?bZ+&1;kl=qib
zpO!2>+oGnzw`BFPVzG-pcDdrsFK&CSa5pi}j94!&op<!RfTrc6$G497>)0~Juh(i`
z@VjZo;*!usJlbq(c_*H2)zDdaSU62%>qTx}v$!|<++IcsH!jOpIPUdUVqS1N(mHcH
zuj{7ulKuPpcg=a7a-Tiu#$rWF!JaVp6BR`}c4o=AsdDEk2Z}I<i;I7lHRnV|^YQ(&
zw>+zVa_QK-Q%Cb=f0*~L=wNx`{<RjN&Gl<oz09|NbXt6R*S+<7>xA6ua%I0ro|?EL
zMKwqA{la}8i++2a*D&#%raE`}vGdhA6ZgMVY*)YaW!Kf0B3fc6lxBvN{t=xjV)w*K
zXrXwuQ4DWWGf#2C<2f_e78X967rA|gb!hq)C*cm|A1s?bC0lz-Y_8iP$`kwQ;@L;q
zL9?c=(wX%s)TF$|ZFTqk4!fRbk-2j|<;8yMtGZzD=zhbE4b7ED^E>CSR!;BQpA)K<
zv?5&ipP8uC%F2w1!Kp5nPOUog!Sqn=)K>GR){9=<ADfTI9z9Zf=&_~m>+a9>0{jQg
z>}LH?v_^NAM)xt5DXBhQa_<(j7nrU-ZL52C&f;@*hL1K~-lOtIG_61`Ir_g;<!oc^
z9}jj-XY1O}+a*8Of@yp7;)zV>`lVO>EI;^f!`F`;Uff!{^o7LuAILmhIQ#07zmgLU
zMs4>i7k7U0GGR`6vVpm?+(Rz`RxJjn|HXII7uVldcw*x+qhsN-3?_Wz;o=Rblruh@
zkbbw!DzQ@j*7tk;#q$)hB5VG<IcoEB$<HY}AErEf_e5RnzOjPR={bipQ>Rra2%6;>
z#+_2Sw(-NcKfk(b1TS3aTbz?@d|lp*>y5^`gu=f|-W}w>kaG3M(IN#OUY?o!!h4=s
zL_E8voX6CVx_Ec?rp5C4a+y<4>m`KRHcYik3YE~vWt)6AUV8SDqug53vnI7ItkJYr
zl=`Tnt9Q}Ry-j?Y9P=U9M-7`3D>Uz(6swU-s#2OeDKM}4wP>PeY53i5mnPRNYCPZ)
z>!%#Bb=j#+%RJ((CF_cKFY{aPy}M|(=(dNA=iF1{eEF=sRz8q&-Z*=f(VV^W?@#`%
z^HQ-$<#m3;7V-L%b+Mmk|Nb&RuK&>=wYfYVyX!SG#XWbnJ(|;3DX$u~Dd<XWE=Tq3
zJx`h1)F0gN>wWy~(s>)M=H<ud@l2hu?X2tZe=}O1H2)}KS<9*OY3tmKnF=PlZRHBq
z73<$`&_8+p*cJ}4-}~Nl^s8RwViFFzobyk|eRlpO-qQjsAH+_ad2PdU<9WqZ@2Qo$
zJMAm(U;J;u)Aiz%vUTY5;6%2ZgZ|}`=apU*Y%>)9zx!?^+jQFk^B|5ey+56Acjdp@
P{ek(*@sxbam44O$&9Z15

diff --git a/modules/default.nix b/modules/default.nix
index cf59e55a..42942292 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -11,6 +11,7 @@
     ./git.nix
     ./global-mailer.nix
     ./minecraft.nix
+    ./nextcloud.nix
     ./nix.nix
     ./nginx.nix
     ./ovh.nix
diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix
new file mode 100644
index 00000000..ff755bb9
--- /dev/null
+++ b/modules/nextcloud.nix
@@ -0,0 +1,41 @@
+{ config, lib, pkgs, ...}:
+
+{
+  options.chvp.nextcloud.enable = lib.mkOption {
+    default = false;
+    example = true;
+  };
+  config = lib.mkIf config.chvp.nextcloud.enable {
+    services = {
+      nextcloud = {
+        home = "${config.chvp.dataPrefix}/var/lib/nextcloud";
+        https = true;
+        hostName = "nextcloud.vanpetegem.me";
+        enable = true;
+        autoUpdateApps.enable = true;
+        package = pkgs.nextcloud21;
+        config = {
+          dbuser = "nextcloud";
+          dbname = "nextcloud";
+          dbtype = "pgsql";
+          dbhost = "/run/postgresql";
+          adminuser = "admin";
+          adminpassFile = "${config.chvp.dataPrefix}/var/secrets/nextcloud-admin-password";
+        };
+      };
+      nginx.virtualHosts."nextcloud.vanpetegem.me" = {
+        forceSSL = true;
+        useACMEHost = "vanpetegem.me";
+      };
+      postgresql = {
+        enable = true;
+        dataDir = "${config.chvp.dataPrefix}/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}";
+        ensureDatabases = [ "nextcloud" ];
+        ensureUsers = [{
+          name = "nextcloud";
+          ensurePermissions = { "DATABASE nextcloud" = "ALL PRIVILEGES"; };
+        }];
+      };
+    };
+  };
+}