2021-07-17 00:24:30 +02:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
let
|
|
|
|
|
uidFile = pkgs.writeText "uidfile" ''
|
2021-12-26 23:01:12 +01:00
|
|
|
nextcloud:993
|
2021-07-17 00:24:30 +02:00
|
|
|
'';
|
|
|
|
|
gidFile = pkgs.writeText "gidfile" ''
|
2021-12-26 23:01:12 +01:00
|
|
|
nextcloud:991
|
2021-07-17 00:24:30 +02:00
|
|
|
'';
|
|
|
|
|
in
|
|
|
|
|
{
|
2021-11-29 02:04:29 +01:00
|
|
|
sops.secrets = {
|
|
|
|
|
sshfsKey = {
|
|
|
|
|
key = "sshfs_keys/private";
|
|
|
|
|
};
|
|
|
|
|
nextcloudDbPassword = {
|
|
|
|
|
owner = config.users.users.nextcloud.name;
|
|
|
|
|
key = "nextcloud/db_password";
|
|
|
|
|
restartUnits = [ "nextcloud-setup.service" ];
|
|
|
|
|
};
|
|
|
|
|
nextcloudAdminPassword = {
|
|
|
|
|
owner = config.users.users.nextcloud.name;
|
|
|
|
|
key = "nextcloud/admin_password";
|
|
|
|
|
restartUnits = [ "nextcloud-setup.service" ];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2021-07-17 00:24:30 +02:00
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
sshfs
|
|
|
|
|
];
|
|
|
|
|
|
2021-11-29 02:04:29 +01:00
|
|
|
systemd.services.nextcloud-data-sshfs = {
|
2021-12-27 16:39:22 +01:00
|
|
|
wantedBy = [ "multi-user.target" "nextcloud-setup.service" ];
|
2021-11-29 02:04:29 +01:00
|
|
|
before = [ "phpfpm-nextcloud.service" ];
|
|
|
|
|
restartIfChanged = false;
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /var/lib/nextcloud/data";
|
|
|
|
|
ExecStart =
|
|
|
|
|
let
|
|
|
|
|
options = builtins.concatStringsSep "," [
|
|
|
|
|
"identityfile=${config.sops.secrets.sshfsKey.path}"
|
|
|
|
|
"ServerAliveInterval=15"
|
|
|
|
|
"idmap=file"
|
|
|
|
|
"uidfile=${uidFile}"
|
|
|
|
|
"gidfile=${gidFile}"
|
|
|
|
|
"allow_other"
|
|
|
|
|
"default_permissions"
|
|
|
|
|
"nomap=ignore"
|
|
|
|
|
];
|
|
|
|
|
in
|
2021-12-26 23:01:12 +01:00
|
|
|
"${pkgs.sshfs}/bin/mount.fuse.sshfs www-data@10.0.2.3:/nix/var/data/nextcloud/data "
|
2021-11-29 02:04:29 +01:00
|
|
|
+ "/var/lib/nextcloud/data -o ${options}";
|
|
|
|
|
ExecStopPost = "-${pkgs.fuse}/bin/fusermount -u /var/lib/nextcloud/data";
|
|
|
|
|
KillMode = "process";
|
2021-07-17 00:24:30 +02:00
|
|
|
};
|
2021-11-29 02:04:29 +01:00
|
|
|
};
|
2021-07-17 00:24:30 +02:00
|
|
|
|
2021-12-07 01:55:01 +01:00
|
|
|
services.nginx.virtualHosts."${config.services.nextcloud.hostName}" = {
|
|
|
|
|
enableACME = true;
|
|
|
|
|
forceSSL = true;
|
2021-07-17 00:24:30 +02:00
|
|
|
};
|
|
|
|
|
|
2021-12-07 01:55:01 +01:00
|
|
|
|
2021-07-17 00:24:30 +02:00
|
|
|
services.nextcloud = {
|
|
|
|
|
enable = true;
|
2022-06-22 18:52:20 +02:00
|
|
|
package = pkgs.nextcloud24;
|
2021-07-17 00:24:30 +02:00
|
|
|
hostName = "cloud.${config.networking.domain}";
|
2022-06-22 18:52:20 +02:00
|
|
|
https = true;
|
2021-07-17 00:24:30 +02:00
|
|
|
config = {
|
|
|
|
|
dbtype = "pgsql";
|
|
|
|
|
dbuser = "nextcloud";
|
|
|
|
|
dbhost = "10.0.1.11";
|
|
|
|
|
dbname = "nextcloud";
|
2021-11-29 02:04:29 +01:00
|
|
|
dbpassFile = "${config.sops.secrets.nextcloudDbPassword.path}";
|
|
|
|
|
adminpassFile = "${config.sops.secrets.nextcloudAdminPassword.path}";
|
2021-07-17 00:24:30 +02:00
|
|
|
adminuser = "root";
|
2021-08-05 00:33:34 +02:00
|
|
|
overwriteProtocol = "https";
|
2021-11-25 00:33:28 +01:00
|
|
|
defaultPhoneRegion = "BE";
|
2021-07-17 00:24:30 +02:00
|
|
|
};
|
2022-07-27 23:50:41 +02:00
|
|
|
|
|
|
|
|
phpOptions = {
|
|
|
|
|
short_open_tag = "Off";
|
|
|
|
|
expose_php = "Off";
|
|
|
|
|
error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT";
|
|
|
|
|
display_errors = "stderr";
|
|
|
|
|
"opcache.enable_cli" = "1";
|
|
|
|
|
"opcache.interned_strings_buffer" = "12";
|
|
|
|
|
"opcache.max_accelerated_files" = "10000";
|
|
|
|
|
"opcache.memory_consumption" = "128";
|
|
|
|
|
"opcache.revalidate_freq" = "1";
|
|
|
|
|
"opcache.fast_shutdown" = "1";
|
|
|
|
|
"openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt";
|
|
|
|
|
catch_workers_output = "yes";
|
|
|
|
|
};
|
2021-07-17 00:24:30 +02:00
|
|
|
};
|
|
|
|
|
}
|
