From 4d02eddc690db9c9ccdee4555d8fbc111afcd3af Mon Sep 17 00:00:00 2001 From: EuAndreh Date: Tue, 11 Aug 2020 09:42:45 -0300 Subject: vps-configuration.env.nix: Finish working Nextcloud installation --- TODOs.org | 6 ++- .../terraform/plan-files/2020-08-11T08:30:21-03:00 | Bin 0 -> 3531 bytes .../terraform/plan-files/2020-08-11T08:31:21-03:00 | Bin 0 -> 2062 bytes .../terraform/plan-files/2020-08-11T08:38:03-03:00 | Bin 0 -> 3531 bytes .../terraform/plan-files/2020-08-11T08:38:25-03:00 | Bin 0 -> 2062 bytes secrets/terraform/terraform.tfstate | Bin 3052 -> 3062 bytes secrets/terraform/terraform.tfstate.backup | Bin 3052 -> 180 bytes vps-configuration.env.nix | 44 ++++++++++----------- 8 files changed, 24 insertions(+), 26 deletions(-) create mode 100644 secrets/terraform/plan-files/2020-08-11T08:30:21-03:00 create mode 100644 secrets/terraform/plan-files/2020-08-11T08:31:21-03:00 create mode 100644 secrets/terraform/plan-files/2020-08-11T08:38:03-03:00 create mode 100644 secrets/terraform/plan-files/2020-08-11T08:38:25-03:00 diff --git a/TODOs.org b/TODOs.org index 655a294..7abc29b 100644 --- a/TODOs.org +++ b/TODOs.org @@ -1,7 +1,7 @@ * Tasks - v4 -** TODO nginx magic =sslCiphers= value -Why not the default? What do those mean? +** TODO snapshot with swap ** TODO cron: borg, postgresql backup and nixos update +** TODO Configure PostgreSQL permissions correctly ** TODO Harden the server *** TODO [#C] [[https://www.reddit.com/r/selfhosted/comments/bw8hqq/top_3_measures_to_secure_your_virtual_private/][Top 3 measures to secure your Virtual Private Server? (VPS)]] *** TODO [#A] [[https://docs.nextcloud.com/server/stable/admin_manual/installation/harden_server.html][Nextcloud: Hardening and security guidance]] @@ -97,3 +97,5 @@ We could use the raw Droplet IP instead of the DNS A record, but I prefer callin * Scrath https://federationtester.matrix.org/ EteSync? + +DHCP? diff --git a/secrets/terraform/plan-files/2020-08-11T08:30:21-03:00 b/secrets/terraform/plan-files/2020-08-11T08:30:21-03:00 new file mode 100644 index 0000000..2db2b05 Binary files /dev/null and b/secrets/terraform/plan-files/2020-08-11T08:30:21-03:00 differ diff --git a/secrets/terraform/plan-files/2020-08-11T08:31:21-03:00 b/secrets/terraform/plan-files/2020-08-11T08:31:21-03:00 new file mode 100644 index 0000000..c2b5e1f Binary files /dev/null and b/secrets/terraform/plan-files/2020-08-11T08:31:21-03:00 differ diff --git a/secrets/terraform/plan-files/2020-08-11T08:38:03-03:00 b/secrets/terraform/plan-files/2020-08-11T08:38:03-03:00 new file mode 100644 index 0000000..d5a71ee Binary files /dev/null and b/secrets/terraform/plan-files/2020-08-11T08:38:03-03:00 differ diff --git a/secrets/terraform/plan-files/2020-08-11T08:38:25-03:00 b/secrets/terraform/plan-files/2020-08-11T08:38:25-03:00 new file mode 100644 index 0000000..6d37e6c Binary files /dev/null and b/secrets/terraform/plan-files/2020-08-11T08:38:25-03:00 differ diff --git a/secrets/terraform/terraform.tfstate b/secrets/terraform/terraform.tfstate index 57aa188..a549b1c 100644 Binary files a/secrets/terraform/terraform.tfstate and b/secrets/terraform/terraform.tfstate differ diff --git a/secrets/terraform/terraform.tfstate.backup b/secrets/terraform/terraform.tfstate.backup index 0401d8d..9ef552e 100644 Binary files a/secrets/terraform/terraform.tfstate.backup and b/secrets/terraform/terraform.tfstate.backup differ diff --git a/vps-configuration.env.nix b/vps-configuration.env.nix index 2283449..304c124 100644 --- a/vps-configuration.env.nix +++ b/vps-configuration.env.nix @@ -7,9 +7,13 @@ let letsencryptEmail = "$LETSENCRYPT_EMAIL"; authorizedKey = "$AUTHORIZED_KEY"; userPassword = "$USER_PASSWORD"; + nextcloudDatabaseUser = "$NEXTCLOUD_DATABASE_USER"; nextcloudDatabasePassword = "$NEXTCLOUD_DATABASE_PASSWORD"; + nextcloudAdminUser = "$NEXTCLOUD_ADMIN_USER"; nextcloudAdminPassword = "$NEXTCLOUD_ADMIN_PASSWORD"; + nextcloudTablePrefix = "$NEXTCLOUD_TABLE_PREFIX"; gitRoot = "$GIT_ROOT"; + systemStateVersion = "$SYSTEM_STATE_VERSION"; }; in { imports = [ ./hardware-configuration.nix ]; @@ -57,45 +61,37 @@ in { enableACME = true; }; }; + }; - gitweb = { - enable = true; - location = ""; - virtualHost = envsubstConfiguration.gitTLD; - }; + postgresql = { + enable = true; + ensureDatabases = [ "nextcloud" ]; + package = pkgs.postgresql_11; + ensureUsers = [{ + name = "nextcloud"; + ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; + }]; }; nextcloud = { enable = true; + package = pkgs.nextcloud19; + nginx.enable = true; hostName = envsubstConfiguration.nextcloudTLD; https = true; + maxUploadSize = "4G"; autoUpdateApps.enable = true; - autoUpdateApps.startAt = "05:00:00"; config = { overwriteProtocol = "https"; dbtype = "pgsql"; - dbuser = "nextcloud"; dbhost = "/run/postgresql"; - dbname = "nextcloud"; + dbuser = envsubstConfiguration.nextcloudDatabaseUser; dbpass = envsubstConfiguration.nextcloudDatabasePassword; - adminuser = "admin"; + dbtableprefix = envsubstConfiguration.nextcloudTablePrefix; + adminuser = envsubstConfiguration.nextcloudAdminUser; adminpass = envsubstConfiguration.nextcloudAdminPassword; }; }; - - postgresql = { - enable = true; - ensureDatabases = [ "nextcloud" ]; - ensureUsers = [{ - name = "nextcloud"; - ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; - }]; - }; - - gitweb = { - gitwebTheme = true; - projectroot = envsubstConfiguration.gitRoot; - }; }; systemd.services."nextcloud-setup" = { @@ -111,5 +107,5 @@ in { openssh.authorizedKeys.keys = [ envsubstConfiguration.authorizedKey ]; }; - system.stateVersion = "20.03"; + system.stateVersion = envsubstConfiguration.systemStateVersion; } -- cgit v1.2.3