Add nextcloud
Nextcloud will allow us to easily replace google docs with open source
alternatives such as Collabora Online.
Other options considered:
- Privatebin (not for collaborative document editing, we do have an instance at
https://paste.clicks.codes/)
- Etherpad (seemed to require a nontrivial amount of setup and an old version of
nodejs)
- Owncloud (looks good too, but Nextcloud is the offering I'm more familiar with
as I've used instances of it before (and some friends host it!))
- Standalone Collabora Online server (would need some other WOPI host or to use
filesystem... which, no)
- Cryptpad (I'm less familiar with it, and we don't seem to need the things
which are its selling points)
Still TODO (for followup changes):
- Integrate with Keycloak (added in I53e33f8c7fa21220e5407d4cd75a705c8e19f9a3)
for authentication
Change-Id: I8cf10ee09b068eb7d74cd2d5619b509eb9581f8d
diff --git a/modules/postgres.nix b/modules/postgres.nix
index d2844c1..cedb222 100644
--- a/modules/postgres.nix
+++ b/modules/postgres.nix
@@ -14,6 +14,7 @@
"vaultwarden"
"privatebin"
"keycloak"
+ "nextcloud"
];
ensureUsers = [
@@ -48,6 +49,12 @@
"DATABASE privatebin" = "ALL PRIVILEGES";
};
}
+ {
+ name = "nextcloud";
+ ensurePermissions = {
+ "DATABASE nextcloud" = "ALL PRIVILEGES";
+ };
+ }
] ++ (map
(name: (
{
@@ -82,6 +89,7 @@
{ user = "keycloak"; passwordFile = config.sops.secrets.clicks_keycloak_db_password.path; }
{ user = "vaultwarden"; passwordFile = config.sops.secrets.clicks_bitwarden_db_password.path; }
{ user = "privatebin"; passwordFile = config.sops.secrets.clicks_privatebin_db_password.path; }
+ { user = "nextcloud"; passwordFile = config.sops.secrets.clicks_nextcloud_db_password.path; }
] [
(map (userData: ''
$PSQL -tAc "ALTER USER ${userData.user} PASSWORD '$(cat ${userData.passwordFile})';"
@@ -95,6 +103,7 @@
"clicks_keycloak_db_password"
"clicks_bitwarden_db_password"
"clicks_privatebin_db_password"
+ "clicks_nextcloud_db_password"
] [
(map (name: {
inherit name;