Add nextcloud config (working)

Fix nextcloud and add recommended security features
This commit is contained in:
Evie Litherland-Smith 2023-05-26 10:21:38 +01:00
parent 064ad9e6be
commit 0503c681c2
4 changed files with 15 additions and 17 deletions

View file

@ -10,6 +10,5 @@
./sshd ./sshd
./traefik/sshd.nix ./traefik/sshd.nix
./syncthing/Vanguard.nix ./syncthing/Vanguard.nix
./traefik/syncthing.nix
]; ];
} }

View file

@ -9,8 +9,14 @@
hostName = "cloud.xenia.me.uk"; hostName = "cloud.xenia.me.uk";
config = { config = {
adminuser = "xenia"; adminuser = "xenia";
adminpassFile = "/etc/nextcloud/admin_secret.txt"; adminpassFile = "/secrets/nextcloud_admin.txt";
}; };
extraOptions = {
trusted_proxies = ["192.168.1.166"];
overwriteprotocol = "https";
};
extraApps = with pkgs.nextcloud26Packages.apps; {inherit calendar contacts;};
extraAppsEnable = true;
}; };
services.nginx.virtualHosts.${config.services.nextcloud.hostName}.listen = [ services.nginx.virtualHosts.${config.services.nextcloud.hostName}.listen = [
{ {

View file

@ -33,25 +33,17 @@
middlewares = ["auth"]; middlewares = ["auth"];
tls = {certResolver = "default";}; tls = {certResolver = "default";};
}; };
middlewares.auth.basicAuth.users = ["xenia:$apr1$LB0wVd6I$BHVPIyh.F5Ewt9/7PqAtS."]; middlewares = {
auth.basicAuth.users = ["xenia:$apr1$LB0wVd6I$BHVPIyh.F5Ewt9/7PqAtS."];
hsts.headers = {
stsSeconds = "31536000";
stsIncludeSubdomains = true;
};
};
}; };
}; };
networking.firewall = { networking.firewall = {
enable = true; enable = true;
allowedTCPPorts = [80 443 2222]; allowedTCPPorts = [80 443 2222];
}; };
services.fail2ban.jails = {
traefik-http = ''
enabled = true
filter = traefik-auth
ports = http,https,2222
backend = systemd
'';
traefik-ssh = ''
enabled = true
filter = sshd
ports = 2222
backend = systemd
'';
};
} }

View file

@ -5,6 +5,7 @@
rule = "Host(`cloud.xenia.me.uk`)"; rule = "Host(`cloud.xenia.me.uk`)";
entryPoints = ["http" "https"]; entryPoints = ["http" "https"];
service = "nextcloud-webinterface"; service = "nextcloud-webinterface";
middlewares = ["hsts"];
tls = {certResolver = "default";}; tls = {certResolver = "default";};
}; };
services.nextcloud-webinterface.loadBalancer.servers = [{url = "http://localhost:8000";}]; services.nextcloud-webinterface.loadBalancer.servers = [{url = "http://localhost:8000";}];