yemou.pink / nix-configs
Nix configurations for my homelab
fork atom

Use rclone for nextcloud instead of nextcloud client

The nextcloud client requires user interaction with the secret service
and since im in the process of setting up autostarting for frequently
used applications, I'd rather not have this.

Additionally, this means I won't have every single file in a sync on
my machine at once which will help with space savings.

yemou.pink 12d0edb8 23c9376d

verified
options
unified split
Changed files
+91 -25
flake.lock
modules
cloud-storage.nix
secrets
lutea.yaml
+21 -21
flake.lock 
···

       
111

       
 

       
        ]


     

       
112

       
 

       
      },


     

       
113

       
 

       
      "locked": {


     

       
114

       
-

       
        "lastModified": 1763416652,


     

       
115

       
-

       
        "narHash": "sha256-8EBEEvtzQ11LCxpQHMNEBQAGtQiCu/pqP9zSovDSbNM=",


     

       
116

       
 

       
        "owner": "nix-community",


     

       
117

       
 

       
        "repo": "home-manager",


     

       
118

       
-

       
        "rev": "ea164b7c9ccdc2321379c2ff78fd4317b4c41312",


     

       
119

       
 

       
        "type": "github"


     

       
120

       
 

       
      },


     

       
121

       
 

       
      "original": {


     
···

       
220

       
 

       
    },


     

       
221

       
 

       
    "nixpkgs": {


     

       
222

       
 

       
      "locked": {


     

       
223

       
-

       
        "lastModified": 1763553727,


     

       
224

       
-

       
        "narHash": "sha256-4aRqRkYHplWk0mrtoF5i3Uo73E3niOWiUZU8kmPm9hQ=",


     

       
225

       
 

       
        "owner": "NixOS",


     

       
226

       
 

       
        "repo": "nixpkgs",


     

       
227

       
-

       
        "rev": "094318ea16502a7a81ce90dd3638697020f030a2",


     

       
228

       
 

       
        "type": "github"


     

       
229

       
 

       
      },


     

       
230

       
 

       
      "original": {


     
···

       
252

       
 

       
    },


     

       
253

       
 

       
    "nixpkgs-stable": {


     

       
254

       
 

       
      "locked": {


     

       
255

       
-

       
        "lastModified": 1763608124,


     

       
256

       
-

       
        "narHash": "sha256-zlZnIcby+AdBREjjqOG7xLamvs2RljQ48dyUwYFD6oM=",


     

       
257

       
 

       
        "owner": "NixOS",


     

       
258

       
 

       
        "repo": "nixpkgs",


     

       
259

       
-

       
        "rev": "f6af808f2d4b1d2feb64ec2d9901b322e980938a",


     

       
260

       
 

       
        "type": "github"


     

       
261

       
 

       
      },


     

       
262

       
 

       
      "original": {


     
···

       
268

       
 

       
    },


     

       
269

       
 

       
    "nixpkgs-unstable": {


     

       
270

       
 

       
      "locked": {


     

       
271

       
-

       
        "lastModified": 1763421233,


     

       
272

       
-

       
        "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=",


     

       
273

       
 

       
        "owner": "NixOS",


     

       
274

       
 

       
        "repo": "nixpkgs",


     

       
275

       
-

       
        "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648",


     

       
276

       
 

       
        "type": "github"


     

       
277

       
 

       
      },


     

       
278

       
 

       
      "original": {


     
···

       
300

       
 

       
    },


     

       
301

       
 

       
    "nixpkgs_3": {


     

       
302

       
 

       
      "locked": {


     

       
303

       
-

       
        "lastModified": 1763191728,


     

       
304

       
-

       
        "narHash": "sha256-esRhOS0APE6k40Hs/jjReXg+rx+J5LkWw7cuWFKlwYA=",


     

       
305

       
 

       
        "owner": "NixOS",


     

       
306

       
 

       
        "repo": "nixpkgs",


     

       
307

       
-

       
        "rev": "1d4c88323ac36805d09657d13a5273aea1b34f0c",


     

       
308

       
 

       
        "type": "github"


     

       
309

       
 

       
      },


     

       
310

       
 

       
      "original": {


     
···

       
338

       
 

       
        "rust-overlay": "rust-overlay"


     

       
339

       
 

       
      },


     

       
340

       
 

       
      "locked": {


     

       
341

       
-

       
        "lastModified": 1763583727,


     

       
342

       
-

       
        "narHash": "sha256-nhEg5l2h9fjqjFyBd+85laV6A3coUIN2UFhGoHJJxSI=",


     

       
343

       
 

       
        "owner": "roc-lang",


     

       
344

       
 

       
        "repo": "roc",


     

       
345

       
-

       
        "rev": "2fc3b7afb622fcc66d899975ba6a208e1c1d199e",


     

       
346

       
 

       
        "type": "github"


     

       
347

       
 

       
      },


     

       
348

       
 

       
      "original": {


     
···

       
392

       
 

       
        "nixpkgs": "nixpkgs_3"


     

       
393

       
 

       
      },


     

       
394

       
 

       
      "locked": {


     

       
395

       
-

       
        "lastModified": 1763607916,


     

       
396

       
-

       
        "narHash": "sha256-VefBA1JWRXM929mBAFohFUtQJLUnEwZ2vmYUNkFnSjE=",


     

       
397

       
 

       
        "owner": "Mic92",


     

       
398

       
 

       
        "repo": "sops-nix",


     

       
399

       
-

       
        "rev": "877bb495a6f8faf0d89fc10bd142c4b7ed2bcc0b",


     

       
400

       
 

       
        "type": "github"


     

       
401

       
 

       
      },


     

       
402

       
 

       
      "original": {


     
···

       
111

       
 

       
        ]


     

       
112

       
 

       
      },


     

       
113

       
 

       
      "locked": {


     

       
114

       
+

       
        "lastModified": 1764788330,


     

       
115

       
+

       
        "narHash": "sha256-hE/gXK+Z0j654T0tsW+KcndRqsgZXe8HyWchjBJgQpw=",


     

       
116

       
 

       
        "owner": "nix-community",


     

       
117

       
 

       
        "repo": "home-manager",


     

       
118

       
+

       
        "rev": "fca4cba863e76c26cfe48e5903c2ff4bac2b2d5d",


     

       
119

       
 

       
        "type": "github"


     

       
120

       
 

       
      },


     

       
121

       
 

       
      "original": {


     
···

       
220

       
 

       
    },


     

       
221

       
 

       
    "nixpkgs": {


     

       
222

       
 

       
      "locked": {


     

       
223

       
+

       
        "lastModified": 1764811743,


     

       
224

       
+

       
        "narHash": "sha256-Ypfd8oBuG3HWtzcY7VtYiI6Pawznag7YHWy8RoOfiBs=",


     

       
225

       
 

       
        "owner": "NixOS",


     

       
226

       
 

       
        "repo": "nixpkgs",


     

       
227

       
+

       
        "rev": "4a6ebaabd716d6479b39fa234a8f895f0ec1cb88",


     

       
228

       
 

       
        "type": "github"


     

       
229

       
 

       
      },


     

       
230

       
 

       
      "original": {


     
···

       
252

       
 

       
    },


     

       
253

       
 

       
    "nixpkgs-stable": {


     

       
254

       
 

       
      "locked": {


     

       
255

       
+

       
        "lastModified": 1764769562,


     

       
256

       
+

       
        "narHash": "sha256-Lx/5433PaXsAe58ng9teZ3LpHbVLTZ0Ue6WewpkAWcM=",


     

       
257

       
 

       
        "owner": "NixOS",


     

       
258

       
 

       
        "repo": "nixpkgs",


     

       
259

       
+

       
        "rev": "6d76c70a214229ada04edc84b25be34f3dc34dd3",


     

       
260

       
 

       
        "type": "github"


     

       
261

       
 

       
      },


     

       
262

       
 

       
      "original": {


     
···

       
268

       
 

       
    },


     

       
269

       
 

       
    "nixpkgs-unstable": {


     

       
270

       
 

       
      "locked": {


     

       
271

       
+

       
        "lastModified": 1764667669,


     

       
272

       
+

       
        "narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=",


     

       
273

       
 

       
        "owner": "NixOS",


     

       
274

       
 

       
        "repo": "nixpkgs",


     

       
275

       
+

       
        "rev": "418468ac9527e799809c900eda37cbff999199b6",


     

       
276

       
 

       
        "type": "github"


     

       
277

       
 

       
      },


     

       
278

       
 

       
      "original": {


     
···

       
300

       
 

       
    },


     

       
301

       
 

       
    "nixpkgs_3": {


     

       
302

       
 

       
      "locked": {


     

       
303

       
+

       
        "lastModified": 1764445028,


     

       
304

       
+

       
        "narHash": "sha256-ik6H/0Zl+qHYDKTXFPpzuVHSZE+uvVz2XQuQd1IVXzo=",


     

       
305

       
 

       
        "owner": "NixOS",


     

       
306

       
 

       
        "repo": "nixpkgs",


     

       
307

       
+

       
        "rev": "a09378c0108815dbf3961a0e085936f4146ec415",


     

       
308

       
 

       
        "type": "github"


     

       
309

       
 

       
      },


     

       
310

       
 

       
      "original": {


     
···

       
338

       
 

       
        "rust-overlay": "rust-overlay"


     

       
339

       
 

       
      },


     

       
340

       
 

       
      "locked": {


     

       
341

       
+

       
        "lastModified": 1764805253,


     

       
342

       
+

       
        "narHash": "sha256-uGyOlk8bB0Eno/qQl6bk3gF1FerlYFAAJFwYsD7mmJc=",


     

       
343

       
 

       
        "owner": "roc-lang",


     

       
344

       
 

       
        "repo": "roc",


     

       
345

       
+

       
        "rev": "bb17e26f7bd1aa51ce8e18a2a795eab9d07369a9",


     

       
346

       
 

       
        "type": "github"


     

       
347

       
 

       
      },


     

       
348

       
 

       
      "original": {


     
···

       
392

       
 

       
        "nixpkgs": "nixpkgs_3"


     

       
393

       
 

       
      },


     

       
394

       
 

       
      "locked": {


     

       
395

       
+

       
        "lastModified": 1764483358,


     

       
396

       
+

       
        "narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=",


     

       
397

       
 

       
        "owner": "Mic92",


     

       
398

       
 

       
        "repo": "sops-nix",


     

       
399

       
+

       
        "rev": "5aca6ff67264321d47856a2ed183729271107c9c",


     

       
400

       
 

       
        "type": "github"


     

       
401

       
 

       
      },


     

       
402

       
 

       
      "original": {
+64 -2
modules/cloud-storage.nix 
···

       
1

       
-

       
{ pkgs, ... }:


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
2

       
 

       
{


     

       
3

       
-

       
  users.users.mou.packages = with pkgs; [ nextcloud-client ];


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
4

       
 

       
}


     
···

       
1

       
+

       
{


     

       
2

       
+

       
  config,


     

       
3

       
+

       
  lib,


     

       
4

       
+

       
  pkgs,


     

       
5

       
+

       
  ...


     

       
6

       
+

       
}:


     

       
7

       
 

       
{


     

       
8

       
+

       
  sops = {


     

       
9

       
+

       
    secrets = {


     

       
10

       
+

       
      "rclone-nextcloud/url" = { };


     

       
11

       
+

       
      "rclone-nextcloud/user" = { };


     

       
12

       
+

       
      "rclone-nextcloud/password" = { };


     

       
13

       
+

       
    };


     

       
14

       
+

       
    templates.rclone-nextcloud-config.content = lib.generators.toINI { } {


     

       
15

       
+

       
      nextcloud = {


     

       
16

       
+

       
        type = "webdav";


     

       
17

       
+

       
        url = config.sops.placeholder."rclone-nextcloud/url";


     

       
18

       
+

       
        vendor = "nextcloud";


     

       
19

       
+

       
        user = config.sops.placeholder."rclone-nextcloud/user";


     

       
20

       
+

       
        pass = config.sops.placeholder."rclone-nextcloud/password";


     

       
21

       
+

       
      };


     

       
22

       
+

       
    };


     

       
23

       
+

       
  };


     

       
24

       
+

       



     

       
25

       
+

       
  environment.persistence."/data/persistent".directories = [


     

       
26

       
+

       
    {


     

       
27

       
+

       
      directory = "/var/cache/rclone";


     

       
28

       
+

       
      mode = "0700";


     

       
29

       
+

       
    }


     

       
30

       
+

       
  ];


     

       
31

       
+

       



     

       
32

       
+

       
  systemd.services.rclone-nextcloud = {


     

       
33

       
+

       
    enable = true;


     

       
34

       
+

       
    description = "NextCloud VFS (rclone)";


     

       
35

       
+

       
    after = [ "network-online.target" ];


     

       
36

       
+

       
    wants = [ "network-online.target" ];


     

       
37

       
+

       
    wantedBy = [ "multi-user.target" ];


     

       
38

       
+

       
    serviceConfig = {


     

       
39

       
+

       
      Type = "notify";


     

       
40

       
+

       
      ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /media/nextcloud";


     

       
41

       
+

       
      ExecStart =


     

       
42

       
+

       
        let


     

       
43

       
+

       
          args = [


     

       
44

       
+

       
            "--config ${config.sops.templates.rclone-nextcloud-config.path}"


     

       
45

       
+

       
            "--cache-dir /var/cache/rclone/nextcloud"


     

       
46

       
+

       
            # "--dir-cache-time 5m" # This is the default


     

       
47

       
+

       
            # "--poll-interval 1m" # This is the default


     

       
48

       
+

       
            "--vfs-cache-mode writes"


     

       
49

       
+

       
            "--webdav-nextcloud-chunk-size 2Gi"


     

       
50

       
+

       
            "--checksum"


     

       
51

       
+

       
            "--track-renames"


     

       
52

       
+

       
            "--allow-other"


     

       
53

       
+

       
            "--uid 1000"


     

       
54

       
+

       
            "--gid 1000"


     

       
55

       
+

       
            "--dir-perms 0770"


     

       
56

       
+

       
            "--file-perms 0660"


     

       
57

       
+

       
            "--umask 007"


     

       
58

       
+

       
          ];


     

       
59

       
+

       
        in


     

       
60

       
+

       
        "${pkgs.rclone}/bin/rclone mount nextcloud:/ /media/nextcloud ${lib.strings.join " " args}";


     

       
61

       
+

       
      ExecStop = "${pkgs.fuse3}/bin/fusermount3 -z /media/nextcloud";


     

       
62

       
+

       
      Restart = "on-failure";


     

       
63

       
+

       
    };


     

       
64

       
+

       
    restartTriggers = [ config.sops.secrets."rclone-nextcloud/password".sopsFileHash ];


     

       
65

       
+

       
  };


     

       
66

       
 

       
}
+6 -2
secrets/lutea.yaml 
···

       
5

       
 

       
protonvpn-torrent:


     

       
6

       
 

       
    private-key: ENC[AES256_GCM,data:RrXsojuB1y2cFD8yHWvK6NxoANfwPrRA0m+AL/5tmwcLtSWWgxoirucx7M8=,iv:GKUz7QIWeTZmN5G7nFHsn68rJNpG+hqPDL+JNUqLJGA=,tag:lJACT6FYjQEXQylsTd3OTA==,type:str]


     

       
7

       
 

       
    public-key: ENC[AES256_GCM,data:nXscOyxUTkXQN/fuHn6FxmAiNDXANBv2UPBOhiknGYN3xH9HK68psdS/yNA=,iv:5OEd8qo1ITTgyOGL1zCjk7ard2mO9k5BXuabZ8GDyfI=,tag:2oUui7PS2R5tFfhmRoazvQ==,type:str]


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
8

       
 

       
sops:


     

       
9

       
 

       
    age:


     

       
10

       
 

       
        - recipient: age1p55em5e3uk3fprj2mpum7ulrslcqgly63pjsyw2yv6hx99trdsnsvvv9ex


     
···

       
16

       
 

       
            ZWI2RWEwZllOUDRYV2tCNXZnZFpBS1kKYktM+w+tQbJMcmZBUpuKpeiioChqrWzd


     

       
17

       
 

       
            FU4qWfJw3tEZKdTWECGYaQuCUQm7s+PJBc1HQlxd+eFm8YZMPwoa/Q==


     

       
18

       
 

       
            -----END AGE ENCRYPTED FILE-----


     

       
19

       
-

       
    lastmodified: "2025-11-06T18:18:05Z"


     

       
20

       
-

       
    mac: ENC[AES256_GCM,data:UVTm4DIK+qN+VpmoDYMOPAEunSu7r7i/qP42lbxS7157Tjt1g5+jziS5s5Jmyvu4XZ+zIKcOorfm5/18XbIYLSQJdSKKNbCh6vahSqOSludzXv89evTJx8gyw9W2uDLEpRYWWSl+llqsf6PkTaIfut4+6XqDWHUl6+cJAAvMNRM=,iv:JKD2RW0i1hLgekPXPAT8YlFxkietNN6DilKLCo6ilUI=,tag:7Oma9whDvpV+wwucAwqydw==,type:str]


     

       
21

       
 

       
    unencrypted_suffix: _unencrypted


     

       
22

       
 

       
    version: 3.11.0


     
···

       
5

       
 

       
protonvpn-torrent:


     

       
6

       
 

       
    private-key: ENC[AES256_GCM,data:RrXsojuB1y2cFD8yHWvK6NxoANfwPrRA0m+AL/5tmwcLtSWWgxoirucx7M8=,iv:GKUz7QIWeTZmN5G7nFHsn68rJNpG+hqPDL+JNUqLJGA=,tag:lJACT6FYjQEXQylsTd3OTA==,type:str]


     

       
7

       
 

       
    public-key: ENC[AES256_GCM,data:nXscOyxUTkXQN/fuHn6FxmAiNDXANBv2UPBOhiknGYN3xH9HK68psdS/yNA=,iv:5OEd8qo1ITTgyOGL1zCjk7ard2mO9k5BXuabZ8GDyfI=,tag:2oUui7PS2R5tFfhmRoazvQ==,type:str]


     

       
8

       
+

       
rclone-nextcloud:


     

       
9

       
+

       
    url: ENC[AES256_GCM,data:rKYE/vwUHXCDXvYBP2DLPS7Ua83FOY3Pajas7/ue2Gzag9ALvT4+Bl/WUeBl0K+kbiWy,iv:JupnQYmT0mWuJ5DP5HH77CCfJ7JGB7vzs84ZyM4OAFE=,tag:x6bRgrN8e1LHVEMI40hveg==,type:str]


     

       
10

       
+

       
    user: ENC[AES256_GCM,data:hGfcQ14=,iv:GA9zY8QmNYuj/DRPEWl4OWxY8IQ9bw+OzZg/j9JcnXc=,tag:0grJZ75HbsRpeOTlPjzFbg==,type:str]


     

       
11

       
+

       
    password: ENC[AES256_GCM,data:AP6JhAreTu7hORjZR5qFcO+3GQAZMIj+OZposHX8CYbFqFGHpQiC5GvVsQBmWffx8vYg3x+3qsyia6me,iv:TVei1Xpn52fq+rBr5hKpHCFstJowqabLrlOw/jiRUd0=,tag:Imm+2C2gmlMjZJXqnxropg==,type:str]


     

       
12

       
 

       
sops:


     

       
13

       
 

       
    age:


     

       
14

       
 

       
        - recipient: age1p55em5e3uk3fprj2mpum7ulrslcqgly63pjsyw2yv6hx99trdsnsvvv9ex


     
···

       
20

       
 

       
            ZWI2RWEwZllOUDRYV2tCNXZnZFpBS1kKYktM+w+tQbJMcmZBUpuKpeiioChqrWzd


     

       
21

       
 

       
            FU4qWfJw3tEZKdTWECGYaQuCUQm7s+PJBc1HQlxd+eFm8YZMPwoa/Q==


     

       
22

       
 

       
            -----END AGE ENCRYPTED FILE-----


     

       
23

       
+

       
    lastmodified: "2025-12-02T07:06:57Z"


     

       
24

       
+

       
    mac: ENC[AES256_GCM,data:7pymCS0iXDcCgkYNd15K7n0bfgX+DgGO81bAAHNciIAsuk2mxzBc4+pBbeBjoo5X8Pgrinhj26Od3xRJ+RpCqM20dYOkHqnBZ8KbX3Q3ZxnRJ2yACeMuTQHbnHNrWrHL0ZwqB7Rq6CYDrrpVyy/LdGZORu+vFaLQPK1GQKmozPM=,iv:YNtrhULRWU3SiNhndci04R7u13ZomTIl4MXQuu+8LXo=,tag:okZ7bSWlZYPaHl03Ynlfjg==,type:str]


     

       
25

       
 

       
    unencrypted_suffix: _unencrypted


     

       
26

       
 

       
    version: 3.11.0