diff options
Diffstat (limited to 'tw/services/nextcloud.scm')
-rw-r--r-- | tw/services/nextcloud.scm | 125 |
1 files changed, 125 insertions, 0 deletions
diff --git a/tw/services/nextcloud.scm b/tw/services/nextcloud.scm new file mode 100644 index 00000000..ca68cf77 --- /dev/null +++ b/tw/services/nextcloud.scm @@ -0,0 +1,125 @@ +(define-module (tw services nextcloud) + #:use-module (gnu) + #:use-module (gnu packages php) + #:use-module (gnu services certbot) + #:use-module (gnu services mcron) + #:use-module (gnu services web) + #:use-module (guix gexp) + #:use-module (tw services)) + +(define-public %nextcloud-php.ini + (computed-file "nextcloud-php.ini" + #~(begin + (use-modules (ice-9 popen) (ice-9 rdelim)) + (let* ((php-config #$(file-append php "/bin/php-config")) + (pipe (open-pipe* OPEN_READ php-config "--extension-dir")) + (php-extdir (read-line pipe))) + (unless (zero? (status:exit-val (close-pipe pipe))) + (error "Failed to get PHP extension dir")) + (with-output-to-file #$output + ;; Guix's PHP comes with the following extensions built-in, + ;; so no extension= line necessary: + ;; pdo_mysql, bcmath, bz2, exif, gd, iconv, intl + (lambda () (display (string-append "\ +memory_limit=512M +extension_dir=/run/current-system/profile/lib/php/extensions/" (basename php-extdir) " +; Caching extensions for Nextcloud +extension=apcu +apc.enable_cli=1 +zend_extension=opcache +; https://www.php.net/manual/en/opcache.configuration.php +opcache.enable=1 +opcache.interned_strings_buffer=32 +opcache.max_accelerated_files=10000 +opcache.memory_consumption=128 +opcache.save_comments=1 +; It will take up to revalidate_freq seconds for changes to config.php to be applied. +opcache.revalidate_freq=120 +")))))))) + +(define-public %nextcloud-services + (list (simple-service 'nextcloud-https-server httpd-service-type + ;; The certbot service redirects everything on port 80 to + ;; port 443 by default, modulo its own /.well-known paths. + (list (httpd-virtualhost "*:443" (list "\ +# For Nextcloud. +ServerName cloud.wilkenfamily.de +DocumentRoot /var/www/nextcloud +SSLEngine on +SSLCertificateFile \"/etc/letsencrypt/live/cloud.wilkenfamily.de/fullchain.pem\" +SSLCertificateKeyFile \"/etc/letsencrypt/live/cloud.wilkenfamily.de/privkey.pem\" +Header always set Strict-Transport-Security \"max-age=15552000\" + +# Don't check for .htaccess files above DocumentRoot. +<Directory \"/\"> + AllowOverride None +</Directory> + +<Directory /var/www/nextcloud> + Options +FollowSymlinks + AllowOverride All + <IfModule mod_dav.c> + Dav off + </IfModule> + SetEnv HOME /var/www/nextcloud + SetEnv HTTP_HOME /var/www/nextcloud +</Directory> + +# Redirect to local php-fpm if mod_php is not available +<IfModule !mod_php7.c> + <IfModule proxy_fcgi_module> + # Enable http authorization headers + <IfModule setenvif_module> + SetEnvIfNoCase ^Authorization$ \"(.+)\" HTTP_AUTHORIZATION=$1 + </IfModule> + <FilesMatch \".+\\.ph(ar|p|tml)$\"> + <If \"-f %{REQUEST_FILENAME}\"> + SetHandler \"proxy:unix:/var/run/php-fpm.sock|fcgi://localhost/\" + </If> + </FilesMatch> + # Deny access to raw PHP sources and files without filename (e.g. '.php') + <FilesMatch \"^\\.ph(ar|p|ps|tml)$|.*\\.phps$\"> + Require all denied + </FilesMatch> + </IfModule> +</IfModule> +")))) + + (service php-fpm-service-type + (php-fpm-configuration + (user "httpd") + (group "httpd") + (socket "/var/run/php-fpm.sock") + (socket-user "httpd") + (socket-group "httpd") + (php-ini-file %nextcloud-php.ini))) + + (simple-service 'nextcloud-certificates certbot-service-type + (list (certificate-configuration + (domains '("cloud.wilkenfamily.de")) + (deploy-hook %httpd-cert-deploy-hook)))) + + ;; Nextcloud cron + (simple-service 'nextcloud-cron mcron-service-type + (list #~(job "*/5 * * * *" + (lambda () + (chdir "/var/www/nextcloud") + ;; `setgid' first while we're still root + (setgid (group:gid (getgr "httpd"))) + (setuid (passwd:uid (getpw "httpd"))) + (execl #$(file-append php "/bin/php") "php" + "-c" #$%nextcloud-php.ini "cron.php")) + (string-append + #$(file-append php "/bin/php") + " -c " #$%nextcloud-php.ini + " /var/www/nextcloud/cron.php")) + + ;; Nextcloud backups + ;; Requires: sudo, php, btrfs, mysqldump, rsync + (let ((backup-script (local-file "files/nextcloud-backup" #:recursive? #t))) + #~(job "0 6 * * *" + (lambda () + ;; Pass through the php.ini file that allows us to + ;; use Nextcloud's occ script. + (execl #$backup-script "nextcloud-backup" #$%nextcloud-php.ini)) + (string-append #$backup-script " " #$%nextcloud-php.ini))))))) |