blob: d7d2490b664233c259dff15ac6575cb705049e68 [file] [log] [blame]
Skyler Greyfe1740c2023-10-21 01:24:18 +00001{ config, pkgs, lib, ... }: {
2 sops.secrets.clicks_nextcloud_db_password = {
3 mode = lib.mkForce "0440";
4 group = lib.mkForce "nextcloud";
5 };
Skyler Grey09c5cda2023-10-09 07:10:10 +00006
Skyler Greyfe1740c2023-10-21 01:24:18 +00007 users.users.nextcloud = {
8 isSystemUser = true;
9 createHome = true;
10 home = "/var/lib/nextcloud";
11 group = config.users.groups.nextcloud.name;
12 shell = pkgs.bashInteractive;
13 };
14 users.groups.nextcloud = { };
Skyler Grey09c5cda2023-10-09 07:10:10 +000015
Skyler Greyfe1740c2023-10-21 01:24:18 +000016 services.nextcloud.enable = true;
Skyler Grey4259e932023-10-21 21:37:03 +000017 services.nextcloud.https = true;
Skyler Greyfe1740c2023-10-21 01:24:18 +000018 services.nextcloud.config.adminpassFile =
19 config.sops.secrets.nextcloud_admin_password.path;
20 services.nextcloud.hostName = "nextcloud.clicks.codes";
Skyler Grey4259e932023-10-21 21:37:03 +000021 services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
22 enableACME = true;
23 forceSSL = true;
24 };
Skyler Greyfe1740c2023-10-21 01:24:18 +000025 services.nextcloud.package = pkgs.nextcloud27;
26 services.nextcloud.poolSettings = {
27 pm = "dynamic";
28 "pm.max_children" = "32";
29 "pm.max_requests" = "500";
30 "pm.max_spare_servers" = "4";
31 "pm.min_spare_servers" = "2";
32 "pm.start_servers" = "2";
33 "listen.owner" = config.users.users.nextcloud.name;
34 "listen.group" = config.users.users.nextcloud.group;
35 };
Skyler Grey09c5cda2023-10-09 07:10:10 +000036
Skyler Greyfe1740c2023-10-21 01:24:18 +000037 services.nextcloud.config = {
38 dbtype = "pgsql";
39 dbport = config.services.postgresql.port;
40 dbpassFile = config.sops.secrets.clicks_nextcloud_db_password.path;
41 dbname = "nextcloud";
42 dbhost = "localhost";
Skyler Grey4259e932023-10-21 21:37:03 +000043 extraTrustedDomains = [ "cloud.clicks.codes" "docs.clicks.codes" ];
Skyler Greyfe1740c2023-10-21 01:24:18 +000044 };
Skyler Grey09c5cda2023-10-09 07:10:10 +000045
Skyler Greyfe1740c2023-10-21 01:24:18 +000046 services.nextcloud.extraOptions = { social_login_auto_redirect = true; };
Skyler Grey09c5cda2023-10-09 07:10:10 +000047
Skyler Greyfe1740c2023-10-21 01:24:18 +000048 services.nextcloud.extraApps = {
49 sociallogin = pkgs.fetchNextcloudApp {
50 url =
51 "https://github.com/zorn-v/nextcloud-social-login/releases/download/v5.5.3/release.tar.gz";
52 sha256 = "sha256-96/wtK7t23fXVRcntDONjgb5bYtZuaNZzbvQCa5Gsj4=";
Skyler Grey9ae213d2023-10-10 23:43:29 +000053 };
Skyler Greyfe1740c2023-10-21 01:24:18 +000054 richdocumentscode = pkgs.fetchNextcloudApp {
55 url = "redacted";
56 sha256 = "sha256-XYtjBZCIQ6+PL3BNLSZfJTgLLpOyphzR5HOAwI7bWx0=";
57 };
58 richdocuments = pkgs.fetchNextcloudApp {
59 url =
60 "https://github.com/nextcloud-releases/richdocuments/releases/download/v8.2.0/richdocuments-v8.2.0.tar.gz";
61 sha256 = "sha256-PKw7FXSWvden2+6XjnUDOvbTF71slgeTF/ktS/l2+Dk=";
62 };
63 };
Skyler Grey9ae213d2023-10-10 23:43:29 +000064
Skyler Greyfe1740c2023-10-21 01:24:18 +000065 sops.secrets.nextcloud_admin_password = {
66 mode = "0600";
67 owner = config.users.users.nextcloud.name;
68 group = config.users.users.nextcloud.group;
69 sopsFile = ../secrets/nextcloud.json;
70 format = "json";
71 };
Skyler Grey13420dc2023-10-10 22:23:26 +000072}