felixalb/nixos-config
felixalb
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

voyager: move nextcloud to zfs directly

This commit is contained in:
Felix Albrigtsen 2024-06-03 15:38:56 +02:00
parent b32bc2f8b5
commit 5aa756b842
1 changed files with 5 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
hosts/voyager/services/nextcloud.nix
View File

@ -7,7 +7,7 @@ in {
enable = true;
package = pkgs.nextcloud29;
inherit hostName;
home = "/var/lib/nextcloud";
home = "/tank/nextcloud";
https = true;
webfinger = true;
@ -63,9 +63,9 @@ in {
};
systemd.services."phpfpm-nextcloud" = {
requires = [ "var-lib-nextcloud.mount" ];
requires = [ "tank-nextcloud.mount" ];
serviceConfig = {
WorkingDirectory = "/var/lib/nextcloud";
WorkingDirectory = "/tank/nextcloud";
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
@ -77,7 +77,8 @@ in {
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ReadWritePaths = [ "/var/lib/nextcloud" "/run/phpfpm" "/run/systemd" "/run/secrets" "/nix/store" ];
ReadWritePaths = [ "/tank/nextcloud" "/run/phpfpm" "/run/systemd" ];
ReadPaths = [ "/run/secrets" "/nix/store" ];
RemoveIPC = true;
RestrictSUIDSGID = true;
UMask = "0007";
@ -86,9 +87,4 @@ in {
CapabilityBoundingSet = "~CAP_FSETID ~CAP_SETFCAP ~CAP_SETUID ~CAP_SETGID ~CAP_SETPCAP ~CAP_NET_ADMIN ~CAP_SYS_ADMIN ~CAP_SYS_PTRACE ";
};
};
fileSystems."/var/lib/nextcloud" = {
device = "/tank/nextcloud";
options = [ "bind "];
};
}