59 lines
1.5 KiB
Nix
59 lines
1.5 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
let
|
|
domain = "nextcloud.fablab-nea.de";
|
|
in
|
|
{
|
|
sops.secrets.nextcloud-adminpass = {
|
|
sopsFile = ../secrets.yaml;
|
|
owner = "nextcloud";
|
|
group = "nextcloud";
|
|
};
|
|
services.nextcloud = {
|
|
enable = true;
|
|
hostName = domain;
|
|
#secretFile =
|
|
#config.dbpassFile
|
|
https = true;
|
|
config = {
|
|
adminpassFile = config.sops.secrets.nextcloud-adminpass.path;
|
|
dbtype = "pgsql";
|
|
};
|
|
settings = {
|
|
overwriteprotocol = "https";
|
|
|
|
oidc_login_client_id = "nextcloud";
|
|
oidc_login_provider_url = "https://keycloak.fablab-nea.de";
|
|
oidc_login_attributes = {
|
|
id = "preferred_username";
|
|
};
|
|
oidc_login_scope = "openid profile";
|
|
oidc_login_button_text = "Log in with OpenID";
|
|
oidc_login_code_challenge_method = "S256";
|
|
};
|
|
database.createLocally = true;
|
|
extraApps =
|
|
with config.services.nextcloud.package.packages.apps;
|
|
{
|
|
inherit
|
|
bookmarks
|
|
calendar
|
|
contacts
|
|
deck
|
|
tasks
|
|
;
|
|
}
|
|
// {
|
|
oidc_login = pkgs.fetchNextcloudApp {
|
|
license = "agpl3Plus";
|
|
url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.2.0/oidc_login.tar.gz";
|
|
sha256 = "sha256-DrbaKENMz2QJfbDKCMrNGEZYpUEvtcsiqw9WnveaPZA=";
|
|
};
|
|
};
|
|
extraAppsEnable = true;
|
|
};
|
|
services.nginx.virtualHosts."${domain}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
};
|
|
}
|