{ self, config, lib, pkgs, ... }: let domain = "cloud.sondell.org"; nextcloud = pkgs.nextcloud30; app_api = pkgs.fetchNextcloudApp { url = "https://github.com/cloud-py-api/app_api/releases/download/v2.7.0/app_api-v2.7.0.tar.gz"; sha256 = "sha256-FIVM5QoDYxHa3rWmNatLo3rv7Geou+mbdEh9Ws/KT7Q="; license = "agpl3Only"; }; in { environment.systemPackages = [ nextcloud ]; systemd.timers."nextcloud-db-backup" = { wantedBy = ["timers.target"]; timerConfig = { # OnBootSec = "5m"; # OnUnitActiveSec = "5m"; OnCalendar = "*-*-* 2:00:00"; Unit = "nextcloud-db-backup.service"; }; }; systemd.services.nextcloud-cron = { path = [pkgs.perl]; }; systemd.services."nextcloud-db-backup" = { script = with pkgs; '' set -eu date=$(date --iso-8601) ${postgresql}/bin/pg_dump "nextcloud" > /pool/var/lib/nextcloud/pgdump/latest.sql ''; serviceConfig = { Type = "oneshot"; User = "nextcloud"; }; }; users.users.nextcloud.extraGroups = ["backup"]; services = { restic.backups = { "nextcloud" = { passwordFile = "/etc/nixos/.secrets/restic_pw"; repository = "sftp:Glenn@nas:/home/back/nextcloud/restic-repo"; paths = [ "/pool/var/lib/nextcloud" ]; user = "root"; timerConfig.OnCalendar = "02:05"; pruneOpts = [ "--keep-daily 10" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ]; }; }; nginx.virtualHosts = { ${domain} = { # forceSSL = true; # enableACME = true; # # Use DNS Challenege. # # acmeRoot = null; }; }; postgresql.enable = true; # nextcloud = { enable = true; appstoreEnable = true; hostName = domain; # Need to manually increment with every major upgrade. package = nextcloud; # Let NixOS install and configure the database automatically. database.createLocally = true; # Increase the maximum file upload size. datadir = "/pool/var/lib/nextcloud"; maxUploadSize = "16G"; https = true; autoUpdateApps.enable = false; extraAppsEnable = true; # Let NixOS install and configure Redis caching automatically. configureRedis = true; settings = { trusted_proxies = [ "192.168.1.199" ]; maintenance_window_start = 1; }; extraOptions = { "memories.exiftool" = "${lib.getExe pkgs.exiftool}"; "memories.vod.ffmpeg" = "${lib.getExe pkgs.ffmpeg-headless}"; "memories.vod.ffprobe" = "${pkgs.ffmpeg-headless}/bin/ffprobe"; preview_ffmpeg_path = "${pkgs.ffmpeg-headless}/bin/ffmpeg"; # redis = { # # host = "/run/redis/redis.sock"; # port = 0; # dbindex = 0; # password = "secret"; # timeout = 1.5; # }; }; extraApps = with config.services.nextcloud.package.packages.apps; { # List of apps we want to install and are already packaged in # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json inherit mail calendar contacts notes onlyoffice cookbook spreed memories previewgenerator; }; config = { # overwriteProtocol = "https"; defaultPhoneRegion = "SE"; dbtype = "pgsql"; adminuser = "admin"; adminpassFile = "/etc/nixos/.secrets/nextadminpw"; }; # Suggested by Nextcloud's health check. phpOptions = { "opcache.interned_strings_buffer" = "16"; # updatechecker = "false"; # has_internet_connection = "false"; }; }; # Nightly database backups. # postgresqlBackup = { # enable = true; # startAt = "*-*-* 01:15:00"; # }; }; services.onlyoffice = { enable = true; port = 8123; hostname = "office.sondell.org"; jwtSecretFile = "/etc/nixos/.secrets/onlyoffice.jwt"; }; services.nginx.virtualHosts."office.sondell.org" = { # forceSSL = true; # enableACME = true; # locations."/".proxyPass = "http://localhost:8123"; }; }