54 lines
1.4 KiB
Nix
54 lines
1.4 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
namespace,
|
|
...
|
|
}:
|
|
with lib;
|
|
let
|
|
name = "opencloud";
|
|
cfg = config.${namespace}.services.${name};
|
|
net = lib.${namespace}.network;
|
|
|
|
opencloudConfig = lib.${namespace}.mkModule {
|
|
inherit config name;
|
|
serviceName = "opencloud";
|
|
description = "OpenCloud - Secure and private file sharing and storage";
|
|
options = { };
|
|
|
|
moduleConfig = {
|
|
services.opencloud = {
|
|
enable = true;
|
|
url = "https://cloud.mjallen.dev";
|
|
address = cfg.listenAddress;
|
|
inherit (cfg) port;
|
|
stateDir = "${cfg.configDir}/opencloud";
|
|
environment = {
|
|
PROXY_TLS = "false"; # disable https when behind reverse-proxy
|
|
INITIAL_ADMIN_PASSWORD = "BogieDudie1";
|
|
OC_DB_TYPE = "postgres";
|
|
OC_DB_HOST = net.hosts.nas.lan;
|
|
OC_DB_PORT = toString net.ports.nas.postgresql;
|
|
OC_DB_USER = "opencloud";
|
|
OC_DB_NAME = "opencloud";
|
|
OC_INSECURE = "true";
|
|
OC_LOG_LEVEL = "debug";
|
|
};
|
|
};
|
|
# Create the secret template
|
|
sops.templates = {
|
|
"opencloud.env" = {
|
|
content = ''
|
|
OC_JWT_SECRET=${config.sops.placeholder."jallen-nas/onlyoffice-key"}
|
|
OC_TRANSFER_SECRET=${config.sops.placeholder."jallen-nas/onlyoffice-key"}
|
|
OC_MACHINE_AUTH_API_KEY=${config.sops.placeholder."jallen-nas/onlyoffice-key"}
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
};
|
|
in
|
|
{
|
|
imports = [ opencloudConfig ];
|
|
}
|