yemou.pink / nix-configs
Nix configurations for my homelab
fork atom

Use rclone for nextcloud instead of nextcloud client

The nextcloud client requires user interaction with the secret service
and since im in the process of setting up autostarting for frequently
used applications, I'd rather not have this.

Additionally, this means I won't have every single file in a sync on
my machine at once which will help with space savings.

yemou.pink 12d0edb8 23c9376d

verified
options
unified split
Changed files
+91 -25
flake.lock
modules
cloud-storage.nix
secrets
lutea.yaml
+21 -21
flake.lock 
···

       
111

       
111

       
 

       
        ]


     

       
112

       
112

       
 

       
      },


     

       
113

       
113

       
 

       
      "locked": {


     

       
114

       

       
-

       
        "lastModified": 1763416652,


     

       
115

       

       
-

       
        "narHash": "sha256-8EBEEvtzQ11LCxpQHMNEBQAGtQiCu/pqP9zSovDSbNM=",


     

       

       
114

       
+

       
        "lastModified": 1764788330,


     

       

       
115

       
+

       
        "narHash": "sha256-hE/gXK+Z0j654T0tsW+KcndRqsgZXe8HyWchjBJgQpw=",


     

       
116

       
116

       
 

       
        "owner": "nix-community",


     

       
117

       
117

       
 

       
        "repo": "home-manager",


     

       
118

       

       
-

       
        "rev": "ea164b7c9ccdc2321379c2ff78fd4317b4c41312",


     

       

       
118

       
+

       
        "rev": "fca4cba863e76c26cfe48e5903c2ff4bac2b2d5d",


     

       
119

       
119

       
 

       
        "type": "github"


     

       
120

       
120

       
 

       
      },


     

       
121

       
121

       
 

       
      "original": {


     
···

       
220

       
220

       
 

       
    },


     

       
221

       
221

       
 

       
    "nixpkgs": {


     

       
222

       
222

       
 

       
      "locked": {


     

       
223

       

       
-

       
        "lastModified": 1763553727,


     

       
224

       

       
-

       
        "narHash": "sha256-4aRqRkYHplWk0mrtoF5i3Uo73E3niOWiUZU8kmPm9hQ=",


     

       

       
223

       
+

       
        "lastModified": 1764811743,


     

       

       
224

       
+

       
        "narHash": "sha256-Ypfd8oBuG3HWtzcY7VtYiI6Pawznag7YHWy8RoOfiBs=",


     

       
225

       
225

       
 

       
        "owner": "NixOS",


     

       
226

       
226

       
 

       
        "repo": "nixpkgs",


     

       
227

       

       
-

       
        "rev": "094318ea16502a7a81ce90dd3638697020f030a2",


     

       

       
227

       
+

       
        "rev": "4a6ebaabd716d6479b39fa234a8f895f0ec1cb88",


     

       
228

       
228

       
 

       
        "type": "github"


     

       
229

       
229

       
 

       
      },


     

       
230

       
230

       
 

       
      "original": {


     
···

       
252

       
252

       
 

       
    },


     

       
253

       
253

       
 

       
    "nixpkgs-stable": {


     

       
254

       
254

       
 

       
      "locked": {


     

       
255

       

       
-

       
        "lastModified": 1763608124,


     

       
256

       

       
-

       
        "narHash": "sha256-zlZnIcby+AdBREjjqOG7xLamvs2RljQ48dyUwYFD6oM=",


     

       

       
255

       
+

       
        "lastModified": 1764769562,


     

       

       
256

       
+

       
        "narHash": "sha256-Lx/5433PaXsAe58ng9teZ3LpHbVLTZ0Ue6WewpkAWcM=",


     

       
257

       
257

       
 

       
        "owner": "NixOS",


     

       
258

       
258

       
 

       
        "repo": "nixpkgs",


     

       
259

       

       
-

       
        "rev": "f6af808f2d4b1d2feb64ec2d9901b322e980938a",


     

       

       
259

       
+

       
        "rev": "6d76c70a214229ada04edc84b25be34f3dc34dd3",


     

       
260

       
260

       
 

       
        "type": "github"


     

       
261

       
261

       
 

       
      },


     

       
262

       
262

       
 

       
      "original": {


     
···

       
268

       
268

       
 

       
    },


     

       
269

       
269

       
 

       
    "nixpkgs-unstable": {


     

       
270

       
270

       
 

       
      "locked": {


     

       
271

       

       
-

       
        "lastModified": 1763421233,


     

       
272

       

       
-

       
        "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=",


     

       

       
271

       
+

       
        "lastModified": 1764667669,


     

       

       
272

       
+

       
        "narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=",


     

       
273

       
273

       
 

       
        "owner": "NixOS",


     

       
274

       
274

       
 

       
        "repo": "nixpkgs",


     

       
275

       

       
-

       
        "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648",


     

       

       
275

       
+

       
        "rev": "418468ac9527e799809c900eda37cbff999199b6",


     

       
276

       
276

       
 

       
        "type": "github"


     

       
277

       
277

       
 

       
      },


     

       
278

       
278

       
 

       
      "original": {


     
···

       
300

       
300

       
 

       
    },


     

       
301

       
301

       
 

       
    "nixpkgs_3": {


     

       
302

       
302

       
 

       
      "locked": {


     

       
303

       

       
-

       
        "lastModified": 1763191728,


     

       
304

       

       
-

       
        "narHash": "sha256-esRhOS0APE6k40Hs/jjReXg+rx+J5LkWw7cuWFKlwYA=",


     

       

       
303

       
+

       
        "lastModified": 1764445028,


     

       

       
304

       
+

       
        "narHash": "sha256-ik6H/0Zl+qHYDKTXFPpzuVHSZE+uvVz2XQuQd1IVXzo=",


     

       
305

       
305

       
 

       
        "owner": "NixOS",


     

       
306

       
306

       
 

       
        "repo": "nixpkgs",


     

       
307

       

       
-

       
        "rev": "1d4c88323ac36805d09657d13a5273aea1b34f0c",


     

       

       
307

       
+

       
        "rev": "a09378c0108815dbf3961a0e085936f4146ec415",


     

       
308

       
308

       
 

       
        "type": "github"


     

       
309

       
309

       
 

       
      },


     

       
310

       
310

       
 

       
      "original": {


     
···

       
338

       
338

       
 

       
        "rust-overlay": "rust-overlay"


     

       
339

       
339

       
 

       
      },


     

       
340

       
340

       
 

       
      "locked": {


     

       
341

       

       
-

       
        "lastModified": 1763583727,


     

       
342

       

       
-

       
        "narHash": "sha256-nhEg5l2h9fjqjFyBd+85laV6A3coUIN2UFhGoHJJxSI=",


     

       

       
341

       
+

       
        "lastModified": 1764805253,


     

       

       
342

       
+

       
        "narHash": "sha256-uGyOlk8bB0Eno/qQl6bk3gF1FerlYFAAJFwYsD7mmJc=",


     

       
343

       
343

       
 

       
        "owner": "roc-lang",


     

       
344

       
344

       
 

       
        "repo": "roc",


     

       
345

       

       
-

       
        "rev": "2fc3b7afb622fcc66d899975ba6a208e1c1d199e",


     

       

       
345

       
+

       
        "rev": "bb17e26f7bd1aa51ce8e18a2a795eab9d07369a9",


     

       
346

       
346

       
 

       
        "type": "github"


     

       
347

       
347

       
 

       
      },


     

       
348

       
348

       
 

       
      "original": {


     
···

       
392

       
392

       
 

       
        "nixpkgs": "nixpkgs_3"


     

       
393

       
393

       
 

       
      },


     

       
394

       
394

       
 

       
      "locked": {


     

       
395

       

       
-

       
        "lastModified": 1763607916,


     

       
396

       

       
-

       
        "narHash": "sha256-VefBA1JWRXM929mBAFohFUtQJLUnEwZ2vmYUNkFnSjE=",


     

       

       
395

       
+

       
        "lastModified": 1764483358,


     

       

       
396

       
+

       
        "narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=",


     

       
397

       
397

       
 

       
        "owner": "Mic92",


     

       
398

       
398

       
 

       
        "repo": "sops-nix",


     

       
399

       

       
-

       
        "rev": "877bb495a6f8faf0d89fc10bd142c4b7ed2bcc0b",


     

       

       
399

       
+

       
        "rev": "5aca6ff67264321d47856a2ed183729271107c9c",


     

       
400

       
400

       
 

       
        "type": "github"


     

       
401

       
401

       
 

       
      },


     

       
402

       
402

       
 

       
      "original": {
+64 -2
modules/cloud-storage.nix 
···

       
1

       

       
-

       
{ pkgs, ... }:


     

       

       
1

       
+

       
{


     

       

       
2

       
+

       
  config,


     

       

       
3

       
+

       
  lib,


     

       

       
4

       
+

       
  pkgs,


     

       

       
5

       
+

       
  ...


     

       

       
6

       
+

       
}:


     

       
2

       
7

       
 

       
{


     

       
3

       

       
-

       
  users.users.mou.packages = with pkgs; [ nextcloud-client ];


     

       

       
8

       
+

       
  sops = {


     

       

       
9

       
+

       
    secrets = {


     

       

       
10

       
+

       
      "rclone-nextcloud/url" = { };


     

       

       
11

       
+

       
      "rclone-nextcloud/user" = { };


     

       

       
12

       
+

       
      "rclone-nextcloud/password" = { };


     

       

       
13

       
+

       
    };


     

       

       
14

       
+

       
    templates.rclone-nextcloud-config.content = lib.generators.toINI { } {


     

       

       
15

       
+

       
      nextcloud = {


     

       

       
16

       
+

       
        type = "webdav";


     

       

       
17

       
+

       
        url = config.sops.placeholder."rclone-nextcloud/url";


     

       

       
18

       
+

       
        vendor = "nextcloud";


     

       

       
19

       
+

       
        user = config.sops.placeholder."rclone-nextcloud/user";


     

       

       
20

       
+

       
        pass = config.sops.placeholder."rclone-nextcloud/password";


     

       

       
21

       
+

       
      };


     

       

       
22

       
+

       
    };


     

       

       
23

       
+

       
  };


     

       

       
24

       
+

       



     

       

       
25

       
+

       
  environment.persistence."/data/persistent".directories = [


     

       

       
26

       
+

       
    {


     

       

       
27

       
+

       
      directory = "/var/cache/rclone";


     

       

       
28

       
+

       
      mode = "0700";


     

       

       
29

       
+

       
    }


     

       

       
30

       
+

       
  ];


     

       

       
31

       
+

       



     

       

       
32

       
+

       
  systemd.services.rclone-nextcloud = {


     

       

       
33

       
+

       
    enable = true;


     

       

       
34

       
+

       
    description = "NextCloud VFS (rclone)";


     

       

       
35

       
+

       
    after = [ "network-online.target" ];


     

       

       
36

       
+

       
    wants = [ "network-online.target" ];


     

       

       
37

       
+

       
    wantedBy = [ "multi-user.target" ];


     

       

       
38

       
+

       
    serviceConfig = {


     

       

       
39

       
+

       
      Type = "notify";


     

       

       
40

       
+

       
      ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /media/nextcloud";


     

       

       
41

       
+

       
      ExecStart =


     

       

       
42

       
+

       
        let


     

       

       
43

       
+

       
          args = [


     

       

       
44

       
+

       
            "--config ${config.sops.templates.rclone-nextcloud-config.path}"


     

       

       
45

       
+

       
            "--cache-dir /var/cache/rclone/nextcloud"


     

       

       
46

       
+

       
            # "--dir-cache-time 5m" # This is the default


     

       

       
47

       
+

       
            # "--poll-interval 1m" # This is the default


     

       

       
48

       
+

       
            "--vfs-cache-mode writes"


     

       

       
49

       
+

       
            "--webdav-nextcloud-chunk-size 2Gi"


     

       

       
50

       
+

       
            "--checksum"


     

       

       
51

       
+

       
            "--track-renames"


     

       

       
52

       
+

       
            "--allow-other"


     

       

       
53

       
+

       
            "--uid 1000"


     

       

       
54

       
+

       
            "--gid 1000"


     

       

       
55

       
+

       
            "--dir-perms 0770"


     

       

       
56

       
+

       
            "--file-perms 0660"


     

       

       
57

       
+

       
            "--umask 007"


     

       

       
58

       
+

       
          ];


     

       

       
59

       
+

       
        in


     

       

       
60

       
+

       
        "${pkgs.rclone}/bin/rclone mount nextcloud:/ /media/nextcloud ${lib.strings.join " " args}";


     

       

       
61

       
+

       
      ExecStop = "${pkgs.fuse3}/bin/fusermount3 -z /media/nextcloud";


     

       

       
62

       
+

       
      Restart = "on-failure";


     

       

       
63

       
+

       
    };


     

       

       
64

       
+

       
    restartTriggers = [ config.sops.secrets."rclone-nextcloud/password".sopsFileHash ];


     

       

       
65

       
+

       
  };


     

       
4

       
66

       
 

       
}
+6 -2
secrets/lutea.yaml 
···

       
5

       
5

       
 

       
protonvpn-torrent:


     

       
6

       
6

       
 

       
    private-key: ENC[AES256_GCM,data:RrXsojuB1y2cFD8yHWvK6NxoANfwPrRA0m+AL/5tmwcLtSWWgxoirucx7M8=,iv:GKUz7QIWeTZmN5G7nFHsn68rJNpG+hqPDL+JNUqLJGA=,tag:lJACT6FYjQEXQylsTd3OTA==,type:str]


     

       
7

       
7

       
 

       
    public-key: ENC[AES256_GCM,data:nXscOyxUTkXQN/fuHn6FxmAiNDXANBv2UPBOhiknGYN3xH9HK68psdS/yNA=,iv:5OEd8qo1ITTgyOGL1zCjk7ard2mO9k5BXuabZ8GDyfI=,tag:2oUui7PS2R5tFfhmRoazvQ==,type:str]


     

       

       
8

       
+

       
rclone-nextcloud:


     

       

       
9

       
+

       
    url: ENC[AES256_GCM,data:rKYE/vwUHXCDXvYBP2DLPS7Ua83FOY3Pajas7/ue2Gzag9ALvT4+Bl/WUeBl0K+kbiWy,iv:JupnQYmT0mWuJ5DP5HH77CCfJ7JGB7vzs84ZyM4OAFE=,tag:x6bRgrN8e1LHVEMI40hveg==,type:str]


     

       

       
10

       
+

       
    user: ENC[AES256_GCM,data:hGfcQ14=,iv:GA9zY8QmNYuj/DRPEWl4OWxY8IQ9bw+OzZg/j9JcnXc=,tag:0grJZ75HbsRpeOTlPjzFbg==,type:str]


     

       

       
11

       
+

       
    password: ENC[AES256_GCM,data:AP6JhAreTu7hORjZR5qFcO+3GQAZMIj+OZposHX8CYbFqFGHpQiC5GvVsQBmWffx8vYg3x+3qsyia6me,iv:TVei1Xpn52fq+rBr5hKpHCFstJowqabLrlOw/jiRUd0=,tag:Imm+2C2gmlMjZJXqnxropg==,type:str]


     

       
8

       
12

       
 

       
sops:


     

       
9

       
13

       
 

       
    age:


     

       
10

       
14

       
 

       
        - recipient: age1p55em5e3uk3fprj2mpum7ulrslcqgly63pjsyw2yv6hx99trdsnsvvv9ex


     
···

       
16

       
20

       
 

       
            ZWI2RWEwZllOUDRYV2tCNXZnZFpBS1kKYktM+w+tQbJMcmZBUpuKpeiioChqrWzd


     

       
17

       
21

       
 

       
            FU4qWfJw3tEZKdTWECGYaQuCUQm7s+PJBc1HQlxd+eFm8YZMPwoa/Q==


     

       
18

       
22

       
 

       
            -----END AGE ENCRYPTED FILE-----


     

       
19

       

       
-

       
    lastmodified: "2025-11-06T18:18:05Z"


     

       
20

       

       
-

       
    mac: ENC[AES256_GCM,data:UVTm4DIK+qN+VpmoDYMOPAEunSu7r7i/qP42lbxS7157Tjt1g5+jziS5s5Jmyvu4XZ+zIKcOorfm5/18XbIYLSQJdSKKNbCh6vahSqOSludzXv89evTJx8gyw9W2uDLEpRYWWSl+llqsf6PkTaIfut4+6XqDWHUl6+cJAAvMNRM=,iv:JKD2RW0i1hLgekPXPAT8YlFxkietNN6DilKLCo6ilUI=,tag:7Oma9whDvpV+wwucAwqydw==,type:str]


     

       

       
23

       
+

       
    lastmodified: "2025-12-02T07:06:57Z"


     

       

       
24

       
+

       
    mac: ENC[AES256_GCM,data:7pymCS0iXDcCgkYNd15K7n0bfgX+DgGO81bAAHNciIAsuk2mxzBc4+pBbeBjoo5X8Pgrinhj26Od3xRJ+RpCqM20dYOkHqnBZ8KbX3Q3ZxnRJ2yACeMuTQHbnHNrWrHL0ZwqB7Rq6CYDrrpVyy/LdGZORu+vFaLQPK1GQKmozPM=,iv:YNtrhULRWU3SiNhndci04R7u13ZomTIl4MXQuu+8LXo=,tag:okZ7bSWlZYPaHl03Ynlfjg==,type:str]


     

       
21

       
25

       
 

       
    unencrypted_suffix: _unencrypted


     

       
22

       
26

       
 

       
    version: 3.11.0