Add nextcloud config (working)
Fix nextcloud and add recommended security features
This commit is contained in:
parent
064ad9e6be
commit
0503c681c2
|
@ -10,6 +10,5 @@
|
||||||
./sshd
|
./sshd
|
||||||
./traefik/sshd.nix
|
./traefik/sshd.nix
|
||||||
./syncthing/Vanguard.nix
|
./syncthing/Vanguard.nix
|
||||||
./traefik/syncthing.nix
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,8 +9,14 @@
|
||||||
hostName = "cloud.xenia.me.uk";
|
hostName = "cloud.xenia.me.uk";
|
||||||
config = {
|
config = {
|
||||||
adminuser = "xenia";
|
adminuser = "xenia";
|
||||||
adminpassFile = "/etc/nextcloud/admin_secret.txt";
|
adminpassFile = "/secrets/nextcloud_admin.txt";
|
||||||
};
|
};
|
||||||
|
extraOptions = {
|
||||||
|
trusted_proxies = ["192.168.1.166"];
|
||||||
|
overwriteprotocol = "https";
|
||||||
|
};
|
||||||
|
extraApps = with pkgs.nextcloud26Packages.apps; {inherit calendar contacts;};
|
||||||
|
extraAppsEnable = true;
|
||||||
};
|
};
|
||||||
services.nginx.virtualHosts.${config.services.nextcloud.hostName}.listen = [
|
services.nginx.virtualHosts.${config.services.nextcloud.hostName}.listen = [
|
||||||
{
|
{
|
||||||
|
|
|
@ -33,25 +33,17 @@
|
||||||
middlewares = ["auth"];
|
middlewares = ["auth"];
|
||||||
tls = {certResolver = "default";};
|
tls = {certResolver = "default";};
|
||||||
};
|
};
|
||||||
middlewares.auth.basicAuth.users = ["xenia:$apr1$LB0wVd6I$BHVPIyh.F5Ewt9/7PqAtS."];
|
middlewares = {
|
||||||
|
auth.basicAuth.users = ["xenia:$apr1$LB0wVd6I$BHVPIyh.F5Ewt9/7PqAtS."];
|
||||||
|
hsts.headers = {
|
||||||
|
stsSeconds = "31536000";
|
||||||
|
stsIncludeSubdomains = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
enable = true;
|
enable = true;
|
||||||
allowedTCPPorts = [80 443 2222];
|
allowedTCPPorts = [80 443 2222];
|
||||||
};
|
};
|
||||||
services.fail2ban.jails = {
|
|
||||||
traefik-http = ''
|
|
||||||
enabled = true
|
|
||||||
filter = traefik-auth
|
|
||||||
ports = http,https,2222
|
|
||||||
backend = systemd
|
|
||||||
'';
|
|
||||||
traefik-ssh = ''
|
|
||||||
enabled = true
|
|
||||||
filter = sshd
|
|
||||||
ports = 2222
|
|
||||||
backend = systemd
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
rule = "Host(`cloud.xenia.me.uk`)";
|
rule = "Host(`cloud.xenia.me.uk`)";
|
||||||
entryPoints = ["http" "https"];
|
entryPoints = ["http" "https"];
|
||||||
service = "nextcloud-webinterface";
|
service = "nextcloud-webinterface";
|
||||||
|
middlewares = ["hsts"];
|
||||||
tls = {certResolver = "default";};
|
tls = {certResolver = "default";};
|
||||||
};
|
};
|
||||||
services.nextcloud-webinterface.loadBalancer.servers = [{url = "http://localhost:8000";}];
|
services.nextcloud-webinterface.loadBalancer.servers = [{url = "http://localhost:8000";}];
|
||||||
|
|
Loading…
Reference in a new issue