nixos-selfhost/nextcloud.nix

{
  self,
  config,
  lib,
  pkgs,
  ...
}: let
  domain = "cloud.sondell.org";
  nextcloud = pkgs.nextcloud30;

  app_api = pkgs.fetchNextcloudApp {
    url = "https://github.com/cloud-py-api/app_api/releases/download/v2.7.0/app_api-v2.7.0.tar.gz";
    sha256 = "sha256-FIVM5QoDYxHa3rWmNatLo3rv7Geou+mbdEh9Ws/KT7Q=";
    license = "agpl3Only";
  };
in {
  environment.systemPackages = [
    nextcloud
  ];
  systemd.timers."nextcloud-db-backup" = {
    wantedBy = ["timers.target"];
    timerConfig = {
      # OnBootSec = "5m";
      # OnUnitActiveSec = "5m";
      OnCalendar = "*-*-* 2:00:00";
      Unit = "nextcloud-db-backup.service";
    };
  };

  systemd.services.nextcloud-cron = {
    path = [pkgs.perl];
  };
  systemd.services."nextcloud-db-backup" = {
    script = with pkgs; ''
      set -eu
      date=$(date --iso-8601)
      ${postgresql}/bin/pg_dump "nextcloud"  > /pool/var/lib/nextcloud/pgdump/latest.sql
    '';
    serviceConfig = {
      Type = "oneshot";
      User = "nextcloud";
    };
  };
  users.users.nextcloud.extraGroups = ["backup"];

  services = {
    restic.backups = {
      "nextcloud" = {
        passwordFile = "/etc/nixos/.secrets/restic_pw";
        repository = "sftp:Glenn@nas:/home/back/nextcloud/restic-repo";
        paths = [
          "/pool/var/lib/nextcloud"
        ];
        user = "root";
        timerConfig.OnCalendar = "02:05";
        pruneOpts = [
          "--keep-daily 10"
          "--keep-weekly 5"
          "--keep-monthly 12"
          "--keep-yearly 75"
        ];
      };
    };

    nginx.virtualHosts = {
      ${domain} = {
        #     forceSSL = true;
        #     enableACME = true;
        #     # Use DNS Challenege.
        #     # acmeRoot = null;
      };
    };
    postgresql.enable = true;
    #
    nextcloud = {
      enable = true;
      appstoreEnable = true;
      hostName = domain;
      # Need to manually increment with every major upgrade.
      package = nextcloud;
      # Let NixOS install and configure the database automatically.
      database.createLocally = true;
      # Increase the maximum file upload size.
      datadir = "/pool/var/lib/nextcloud";

      maxUploadSize = "16G";
      https = true;
      autoUpdateApps.enable = false;
      extraAppsEnable = true;
      # Let NixOS install and configure Redis caching automatically.
      configureRedis = true;
      settings = {
        trusted_proxies = [
          "192.168.1.199"
        ];
        maintenance_window_start = 1;
      };
      extraOptions = {
        "memories.exiftool" = "${lib.getExe pkgs.exiftool}";
        "memories.vod.ffmpeg" = "${lib.getExe pkgs.ffmpeg-headless}";
        "memories.vod.ffprobe" = "${pkgs.ffmpeg-headless}/bin/ffprobe";
        preview_ffmpeg_path = "${pkgs.ffmpeg-headless}/bin/ffmpeg";

        #  redis = {
        #     # host = "/run/redis/redis.sock";
        #     port = 0;
        #     dbindex = 0;
        #     password = "secret";
        #     timeout = 1.5;
        # };
      };
      extraApps = with config.services.nextcloud.package.packages.apps; {
        # List of apps we want to install and are already packaged in
        # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
        inherit mail calendar contacts notes onlyoffice cookbook spreed memories previewgenerator;
      };
      config = {
        # overwriteProtocol = "https";
        defaultPhoneRegion = "SE";
        dbtype = "pgsql";
        adminuser = "admin";
        adminpassFile = "/etc/nixos/.secrets/nextadminpw";
      };
      # Suggested by Nextcloud's health check.
      phpOptions = {
        "opcache.interned_strings_buffer" = "16";
        # updatechecker = "false";
        # has_internet_connection = "false";
      };
    };
    # Nightly database backups.
    # postgresqlBackup = {
    #   enable = true;
    #   startAt = "*-*-* 01:15:00";
    # };
  };
  services.onlyoffice = {
    enable = true;
    port = 8123;
    hostname = "office.sondell.org";
    jwtSecretFile = "/etc/nixos/.secrets/onlyoffice.jwt";
  };
  services.nginx.virtualHosts."office.sondell.org" = {
    #   forceSSL = true;
    #   enableACME = true;
    # locations."/".proxyPass = "http://localhost:8123";
  };
}
init hosting 2024-03-01 22:15:55 +01:00			`{`
update nextcloud 2024-07-02 09:37:59 +02:00			`self,`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}: let`
			`domain = "cloud.sondell.org";`
disable ai stuff and bumb major version 2024-10-07 10:36:53 +02:00			`nextcloud = pkgs.nextcloud30;`
support ai stuff 2024-07-25 10:19:49 +02:00
			`app_api = pkgs.fetchNextcloudApp {`
			`url = "https://github.com/cloud-py-api/app_api/releases/download/v2.7.0/app_api-v2.7.0.tar.gz";`
disable ai stuff and bumb major version 2024-10-07 10:36:53 +02:00			`sha256 = "sha256-FIVM5QoDYxHa3rWmNatLo3rv7Geou+mbdEh9Ws/KT7Q=";`
support ai stuff 2024-07-25 10:19:49 +02:00			`license = "agpl3Only";`
			`};`
update nextcloud 2024-07-02 09:37:59 +02:00			`in {`
fix: nextcloud 2024-04-03 12:59:00 +02:00			`environment.systemPackages = [`
			`nextcloud`
			`];`
moved data 2024-06-23 08:05:34 +02:00			`systemd.timers."nextcloud-db-backup" = {`
update nextcloud 2024-07-02 09:37:59 +02:00			`wantedBy = ["timers.target"];`
			`timerConfig = {`
			`# OnBootSec = "5m";`
			`# OnUnitActiveSec = "5m";`
			`OnCalendar = "--* 2:00:00";`
			`Unit = "nextcloud-db-backup.service";`
			`};`
init nextcloud backup 2024-05-05 21:19:42 +02:00			`};`

added preview settings 2024-07-24 09:16:20 +02:00			`systemd.services.nextcloud-cron = {`
			`path = [pkgs.perl];`
			`};`
moved data 2024-06-23 08:05:34 +02:00			`systemd.services."nextcloud-db-backup" = {`
working sql dump over ssh 2024-05-05 21:54:47 +02:00			`script = with pkgs; ''`
init nextcloud backup 2024-05-05 21:19:42 +02:00			`set -eu`
keep multiple dates of sql dumps 2024-06-24 13:08:54 +02:00			`date=$(date --iso-8601)`
db dump in a path that restics backsup 2024-09-13 22:14:55 +02:00			`${postgresql}/bin/pg_dump "nextcloud" > /pool/var/lib/nextcloud/pgdump/latest.sql`
init nextcloud backup 2024-05-05 21:19:42 +02:00			`'';`
			`serviceConfig = {`
			`Type = "oneshot";`
db dump in a path that restics backsup 2024-09-13 22:14:55 +02:00			`User = "nextcloud";`
init nextcloud backup 2024-05-05 21:19:42 +02:00			`};`
			`};`
fix nextcloud restic premissions 2024-11-26 12:39:03 +01:00			`users.users.nextcloud.extraGroups = ["backup"];`
moved data 2024-06-23 08:05:34 +02:00
init hosting 2024-03-01 22:15:55 +01:00			`services = {`
flake lock update 2024-06-23 15:39:08 +02:00			`restic.backups = {`
prune_cfg 2024-06-24 13:09:53 +02:00			`"nextcloud" = {`
flake lock update 2024-06-23 15:39:08 +02:00			`passwordFile = "/etc/nixos/.secrets/restic_pw";`
			`repository = "sftp:Glenn@nas:/home/back/nextcloud/restic-repo";`
			`paths = [`
			`"/pool/var/lib/nextcloud"`
			`];`
fix nextcloud restic premissions 2024-11-26 12:39:03 +01:00			`user = "root";`
prune_cfg 2024-06-24 13:09:53 +02:00			`timerConfig.OnCalendar = "02:05";`
			`pruneOpts = [`
			`"--keep-daily 10"`
			`"--keep-weekly 5"`
			`"--keep-monthly 12"`
			`"--keep-yearly 75"`
			`];`
flake lock update 2024-06-23 15:39:08 +02:00			`};`
			`};`
moved data 2024-06-23 08:05:34 +02:00
init hosting 2024-03-01 22:15:55 +01:00			`nginx.virtualHosts = {`
			`${domain} = {`
defer tls/ssl to hyperserver 2025-01-14 15:17:47 +01:00			`# forceSSL = true;`
			`# enableACME = true;`
			`# # Use DNS Challenege.`
			`# # acmeRoot = null;`
init hosting 2024-03-01 22:15:55 +01:00			`};`
			`};`
explicit add db service 2024-03-02 17:32:59 +01:00			`postgresql.enable = true;`
update nextcloud 2024-07-02 09:37:59 +02:00			`#`
init hosting 2024-03-01 22:15:55 +01:00			`nextcloud = {`
			`enable = true;`
enable css theme 2024-10-07 11:35:19 +02:00			`appstoreEnable = true;`
init hosting 2024-03-01 22:15:55 +01:00			`hostName = domain;`
			`# Need to manually increment with every major upgrade.`
fix: nextcloud 2024-04-03 12:59:00 +02:00			`package = nextcloud;`
init hosting 2024-03-01 22:15:55 +01:00			`# Let NixOS install and configure the database automatically.`
			`database.createLocally = true;`
			`# Increase the maximum file upload size.`
update nextcloud 2024-07-02 09:37:59 +02:00			`datadir = "/pool/var/lib/nextcloud";`

init hosting 2024-03-01 22:15:55 +01:00			`maxUploadSize = "16G";`
			`https = true;`
disable auto updates for nextcloud since most things are from nixpkgs anyways 2024-10-15 10:31:40 +02:00			`autoUpdateApps.enable = false;`
init hosting 2024-03-01 22:15:55 +01:00			`extraAppsEnable = true;`
fix: nextcloud 2024-04-03 12:59:00 +02:00			`# Let NixOS install and configure Redis caching automatically.`
			`configureRedis = true;`
			`settings = {`
defer tls/ssl to hyperserver 2025-01-14 15:17:47 +01:00			`trusted_proxies = [`
			`"192.168.1.199"`
			`];`
fix: nextcloud 2024-04-03 12:59:00 +02:00			`maintenance_window_start = 1;`
			`};`
disable dubble tls 2024-03-27 15:30:23 +01:00			`extraOptions = {`
added preview settings 2024-07-24 09:16:20 +02:00			`"memories.exiftool" = "${lib.getExe pkgs.exiftool}";`
			`"memories.vod.ffmpeg" = "${lib.getExe pkgs.ffmpeg-headless}";`
			`"memories.vod.ffprobe" = "${pkgs.ffmpeg-headless}/bin/ffprobe";`
			`preview_ffmpeg_path = "${pkgs.ffmpeg-headless}/bin/ffmpeg";`

update nextcloud 2024-07-02 09:37:59 +02:00			`# redis = {`
			`# # host = "/run/redis/redis.sock";`
			`# port = 0;`
			`# dbindex = 0;`
			`# password = "secret";`
			`# timeout = 1.5;`
			`# };`
disable dubble tls 2024-03-27 15:30:23 +01:00			`};`
init hosting 2024-03-01 22:15:55 +01:00			`extraApps = with config.services.nextcloud.package.packages.apps; {`
			`# List of apps we want to install and are already packaged in`
			`# https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json`
disable ai stuff and bumb major version 2024-10-07 10:36:53 +02:00			`inherit mail calendar contacts notes onlyoffice cookbook spreed memories previewgenerator;`
init hosting 2024-03-01 22:15:55 +01:00			`};`
			`config = {`
defer tls/ssl to hyperserver 2025-01-14 15:17:47 +01:00			`# overwriteProtocol = "https";`
fix: nextcloud 2024-04-03 12:59:00 +02:00			`defaultPhoneRegion = "SE";`
init hosting 2024-03-01 22:15:55 +01:00			`dbtype = "pgsql";`
			`adminuser = "admin";`
			`adminpassFile = "/etc/nixos/.secrets/nextadminpw";`
			`};`
			`# Suggested by Nextcloud's health check.`
disable auto updates for nextcloud since most things are from nixpkgs anyways 2024-10-15 10:31:40 +02:00			`phpOptions = {`
			`"opcache.interned_strings_buffer" = "16";`
			`# updatechecker = "false";`
			`# has_internet_connection = "false";`
			`};`
init hosting 2024-03-01 22:15:55 +01:00			`};`
			`# Nightly database backups.`
			`# postgresqlBackup = {`
			`# enable = true;`
			`# startAt = "--* 01:15:00";`
			`# };`
			`};`
homepage back up again :) 2024-04-04 13:40:20 +02:00			`services.onlyoffice = {`
			`enable = true;`
			`port = 8123;`
			`hostname = "office.sondell.org";`
added jwt secret 2024-07-15 09:18:55 +02:00			`jwtSecretFile = "/etc/nixos/.secrets/onlyoffice.jwt";`
homepage back up again :) 2024-04-04 13:40:20 +02:00			`};`
cleanup 2025-01-16 09:18:32 +01:00			`services.nginx.virtualHosts."office.sondell.org" = {`
			`# forceSSL = true;`
			`# enableACME = true;`
			`# locations."/".proxyPass = "http://localhost:8123";`
			`};`
init hosting 2024-03-01 22:15:55 +01:00			`}`