self-hosting/modules/nextcloud.nix

{
  config,
  lib,
  pkgs,
  ...
}:
let
  cfg = config.custom.services.nextcloud;
in
{
  options.custom.services.nextcloud = {
    enable = lib.mkEnableOption "nextcloud";
  };

  config = lib.mkIf cfg.enable {
    sops.secrets = {
      nextcloudDbPassword = {
        owner = config.users.users.nextcloud.name;
        key = "nextcloud/db_password";
        restartUnits = [ "nextcloud-setup.service" ];
      };
      nextcloudAdminPassword = {
        owner = config.users.users.nextcloud.name;
        key = "nextcloud/admin_password";
        restartUnits = [ "nextcloud-setup.service" ];
      };
    };

    environment.systemPackages = with pkgs; [ sshfs ];

    services.nginx.virtualHosts."${config.services.nextcloud.hostName}" = {
      enableACME = true;
      forceSSL = true;
    };

    services.nextcloud = {
      enable = true;
      # Can't be changed for now, could use a bind mount as workaround
      # https://github.com/NixOS/nixpkgs/issues/356973
      # home = "/nix/var/data/nextcloud";
      package = pkgs.nextcloud29;
      hostName = "cloud.${config.networking.domain}";
      https = true;
      maxUploadSize = "1G";

      config = {
        dbtype = "pgsql";
        dbuser = "nextcloud";
        dbhost = "127.0.0.1";
        dbname = "nextcloud";
        dbpassFile = "${config.sops.secrets.nextcloudDbPassword.path}";
        adminpassFile = "${config.sops.secrets.nextcloudAdminPassword.path}";
        adminuser = "root";
      };

      settings = {
        overwriteProtocol = "https";
        default_phone_region = "BE";
        maintenance_window_start = 1;
      };

      phpOptions = {
        short_open_tag = "Off";
        expose_php = "Off";
        error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT";
        display_errors = "stderr";
        "opcache.enable_cli" = "1";
        "opcache.interned_strings_buffer" = "24";
        "opcache.max_accelerated_files" = "10000";
        "opcache.memory_consumption" = "128";
        "opcache.revalidate_freq" = "1";
        "opcache.fast_shutdown" = "1";
        "openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt";
        catch_workers_output = "yes";
      };
    };
  };
}
Move everyting to hel1 except emails 2024-12-10 11:39:55 +01:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}:`
Migrate Nextcloud to hcloud 2021-07-17 00:24:30 +02:00			`let`
Finish migration to NixOS modules 2024-03-26 23:37:53 +01:00			`cfg = config.custom.services.nextcloud;`
Move everyting to hel1 except emails 2024-12-10 11:39:55 +01:00			`in`
			`{`
Finish migration to NixOS modules 2024-03-26 23:37:53 +01:00			`options.custom.services.nextcloud = {`
			`enable = lib.mkEnableOption "nextcloud";`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00			`};`

Finish migration to NixOS modules 2024-03-26 23:37:53 +01:00			`config = lib.mkIf cfg.enable {`
			`sops.secrets = {`
			`nextcloudDbPassword = {`
			`owner = config.users.users.nextcloud.name;`
			`key = "nextcloud/db_password";`
			`restartUnits = [ "nextcloud-setup.service" ];`
			`};`
			`nextcloudAdminPassword = {`
			`owner = config.users.users.nextcloud.name;`
			`key = "nextcloud/admin_password";`
			`restartUnits = [ "nextcloud-setup.service" ];`
			`};`
Migrate Nextcloud to hcloud 2021-07-17 00:24:30 +02:00			`};`

Finish migration to NixOS modules 2024-03-26 23:37:53 +01:00			`environment.systemPackages = with pkgs; [ sshfs ];`
Migrate Nextcloud to hcloud 2021-07-17 00:24:30 +02:00
Finish migration to NixOS modules 2024-03-26 23:37:53 +01:00			`services.nginx.virtualHosts."${config.services.nextcloud.hostName}" = {`
			`enableACME = true;`
			`forceSSL = true;`
Migrate Nextcloud to hcloud 2021-07-17 00:24:30 +02:00			`};`
Update Flake inputs 2022-07-27 23:50:41 +02:00
Finish migration to NixOS modules 2024-03-26 23:37:53 +01:00			`services.nextcloud = {`
			`enable = true;`
Move everyting to hel1 except emails 2024-12-10 11:39:55 +01:00			`# Can't be changed for now, could use a bind mount as workaround`
			`# https://github.com/NixOS/nixpkgs/issues/356973`
			`# home = "/nix/var/data/nextcloud";`
Update to Nextcloud 29 2024-05-24 18:26:14 +02:00			`package = pkgs.nextcloud29;`
Finish migration to NixOS modules 2024-03-26 23:37:53 +01:00			`hostName = "cloud.${config.networking.domain}";`
			`https = true;`
			`maxUploadSize = "1G";`

			`config = {`
			`dbtype = "pgsql";`
			`dbuser = "nextcloud";`
Move everyting to hel1 except emails 2024-12-10 11:39:55 +01:00			`dbhost = "127.0.0.1";`
Finish migration to NixOS modules 2024-03-26 23:37:53 +01:00			`dbname = "nextcloud";`
			`dbpassFile = "${config.sops.secrets.nextcloudDbPassword.path}";`
			`adminpassFile = "${config.sops.secrets.nextcloudAdminPassword.path}";`
			`adminuser = "root";`
			`};`

Update inputs to fix OpenSSH CVE-2024-6387 2024-07-02 18:16:26 +02:00			`settings = {`
			`overwriteProtocol = "https";`
			`default_phone_region = "BE";`
			`maintenance_window_start = 1;`
			`};`
Update to Nextcloud 28 2024-03-12 05:13:57 +01:00
Finish migration to NixOS modules 2024-03-26 23:37:53 +01:00			`phpOptions = {`
			`short_open_tag = "Off";`
			`expose_php = "Off";`
			`error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT";`
			`display_errors = "stderr";`
			`"opcache.enable_cli" = "1";`
nextcloud: increase opcache.interned_strings_buffer 2024-07-04 17:38:06 +02:00			`"opcache.interned_strings_buffer" = "24";`
Finish migration to NixOS modules 2024-03-26 23:37:53 +01:00			`"opcache.max_accelerated_files" = "10000";`
			`"opcache.memory_consumption" = "128";`
			`"opcache.revalidate_freq" = "1";`
			`"opcache.fast_shutdown" = "1";`
			`"openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt";`
			`catch_workers_output = "yes";`
			`};`
Update Flake inputs 2022-07-27 23:50:41 +02:00			`};`
Migrate Nextcloud to hcloud 2021-07-17 00:24:30 +02:00			`};`
			`}`