yemou.pink / nix-configs
Nix configurations for my homelab
fork atom
nix-configs / modules / services / nextcloud.nix
at main 4.3 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7{ 8 imports = [ ./postgresql.nix ]; 9 10 environment.persistence."/data/persistent".directories = [ 11 { 12 directory = "/var/lib/nextcloud"; 13 mode = "0700"; 14 user = "nextcloud"; 15 group = "nextcloud"; 16 } 17 { 18 directory = "/var/lib/redis-nextcloud"; 19 mode = "0700"; 20 user = "nextcloud"; 21 group = "nextcloud"; 22 } 23 ]; 24 25 sops = { 26 secrets = { 27 "nextcloud/adminPass" = { 28 owner = "nextcloud"; 29 group = "nextcloud"; 30 }; 31 "b77-smtp/user" = { }; 32 "b77-smtp/pass" = { }; 33 }; 34 templates.smtpConfig = { 35 owner = "nextcloud"; 36 group = "nextcloud"; 37 content = builtins.toJSON { 38 mail_domain = "lilac.pink"; 39 mail_from_address = "nextcloud-noreply"; 40 mail_smtpauth = true; 41 mail_smtphost = "smtp.purelymail.com"; 42 mail_smtpname = config.sops.placeholder."b77-smtp/user"; 43 mail_smtppassword = config.sops.placeholder."b77-smtp/pass"; 44 mail_smtpport = 465; 45 mail_smtpsecure = "ssl"; 46 }; 47 }; 48 }; 49 50 services.nginx.virtualHosts.${config.services.nextcloud.hostName}.listen = [ 51 { 52 addr = "[::1]"; 53 port = 8080; 54 extraParameters = [ "http2" ]; 55 } 56 ]; 57 58 services = { 59 redis.package = pkgs.valkey; 60 nextcloud = { 61 enable = true; 62 package = pkgs.nextcloud32; 63 appstoreEnable = true; 64 autoUpdateApps.enable = true; 65 caching = { 66 apcu = true; 67 redis = true; 68 }; 69 config = { 70 adminpassFile = config.sops.secrets."nextcloud/adminPass".path; 71 adminuser = "admin"; 72 dbtype = "pgsql"; 73 }; 74 configureRedis = true; 75 database.createLocally = true; 76 enableImagemagick = true; 77 # extraApps = { }; 78 extraAppsEnable = false; 79 hostName = "cloud.lilac.pink"; 80 https = true; 81 maxUploadSize = "50G"; 82 notify_push = { 83 enable = true; 84 nextcloudUrl = "http://[::1]:8080"; 85 }; 86 phpOptions = { 87 "opcache.interned_strings_buffer" = "16"; 88 # Needed to prevent `Failed to open stream: No such file or directory` 89 # https://github.com/NixOS/nixpkgs/blob/b6eaf97c6960d97350c584de1b6dcff03c9daf42/nixos/modules/services/web-apps/nextcloud.md 90 "realpath_cache_size" = "0"; 91 }; 92 # poolConfig = '' ''; 93 # poolSettings = { }; 94 secretFile = config.sops.templates.smtpConfig.path; 95 settings = { 96 dbpersistent = true; 97 default_phone_region = "US"; 98 "gs.federation" = "global"; 99 "htaccess.RewriteBase" = "/"; 100 "maintenance_window_start" = 1; 101 "memcache.locking" = ''\OC\Memcache\Redis''; 102 "overwrite.cli.url" = "https://cloud.lilac.pink"; 103 overwritehost = "cloud.lilac.pink"; 104 overwriteprotocol = "https"; 105 overwritewebroot = "/"; 106 redis = { 107 host = "/run/redis-nextcloud/redis.sock"; 108 port = 0; 109 timeout = "1.5"; 110 }; 111 "simpleSignUpLink.shown" = false; 112 trusted_proxies = [ "::1" ]; 113 "files.chunked_upload.max_size" = 2147483648; 114 }; 115 }; 116 }; 117 118 systemd = { 119 services = { 120 # TODO: Need to make sure that this runs after nextcloud to avoid startup errors especially when there is a nextcloud 121 # upgrade 122 nextcloud-generate-previews = { 123 enable = true; 124 description = "Nextcloud preview generator app (https://github.com/nextcloud/previewgenerator)"; 125 requires = [ "phpfpm-nextcloud.service" ]; 126 serviceConfig = { 127 Type = "oneshot"; 128 ExecStart = "${lib.getExe config.services.nextcloud.occ} preview:pre-generate"; 129 User = "nextcloud"; 130 Group = "nextcloud"; 131 LoadCredential = [ "secret_file:${config.services.nextcloud.secretFile}" ]; 132 }; 133 }; 134 }; 135 timers.nextcloud-generate-previews = { 136 enable = true; 137 description = "Nextcloud preview generator app (https://github.com/nextcloud/previewgenerator)"; 138 requires = [ "phpfpm-nextcloud.service" ]; 139 wantedBy = [ "timers.target" ]; 140 timerConfig = { 141 OnBootSec = "10m"; 142 OnUnitActiveSec = "10m"; 143 Unit = "nextcloud-generate-previews.service"; 144 }; 145 }; 146 }; 147}