modules/nixfiles/nextcloud.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133

{
  config,
  lib,
  pkgs,
  ...
}:
with lib; let
  cfg = config.nixfiles.modules.nextcloud;
in {
  options.nixfiles.modules.nextcloud = {
    enable = mkEnableOption "Nextcloud";

    domain = mkOption {
      description = "Domain name sans protocol scheme.";
      type = with types; str;
      default = "nextcloud.${config.networking.domain}";
    };
  };

  config = mkIf cfg.enable {
    nixfiles.modules = {
      nginx = {
        enable = true;
        virtualHosts.${cfg.domain} = {};
      };
      postgresql.enable = true;
    };

    services = let
      db = "nextcloud";
    in {
      nextcloud = mkMerge [
        {
          enable = true;
          package = pkgs.nextcloud23;

          hostName = cfg.domain;

          appstoreEnable = false;

          config = {
            adminpassFile = null; # This needs to be set as secret.

            dbtype = "pgsql";
            dbhost = "/run/postgresql";
            dbuser = db;
            dbname = db;

            defaultPhoneRegion = "RU";
          };

          extraApps = let
            mkNextcloudApp = {
              name,
              version,
              hash,
            }:
              pkgs.fetchNextcloudApp {
                inherit name version hash;
                url = "https://github.com/nextcloud/${name}/archive/refs/tags/v${version}.tar.gz";
              };
          in {
            contacts = mkNextcloudApp {
              name = "contacts";
              version = "4.0.1";
              sha256 = "sha256-dXKsG8KmlUojeY5dUn/XsMD3KaSh4QcZFOGDdcqlSvE=";
            };
            calendar = mkNextcloudApp {
              name = "calendar";
              version = "3.0.5";
              sha256 = "sha256-aKUKm7fWJQxOWwma56Tv+GGIo+p0n30Nhoyt4XoxsjI=";
            };
            files_rightclick = mkNextcloudApp {
              name = "files_rightclick";
              version = "23.0.1";
              sha256 = "sha256-VYODzkvvGrtpyRoug/8UPKhAgfCx1ltP1JdGPiB/lts=";
            };
            unsplash = mkNextcloudApp {
              name = "unsplash";
              version = "1.2.4";
              sha256 = "sha256-KGSkBOrNu0nK0YvAPYaxEL/kZNoJQD1oBV2aUBxh6cI=";
            };
            previewgenerator = mkNextcloudApp {
              name = "previewgenerator";
              version = "3.4.1";
              sha256 = "sha256-IUdj0xWt5zHxQoiMv1bYyYTzekuOFrsRIe530QOwC/w=";
            };
            bruteforcesettings = mkNextcloudApp {
              name = "bruteforcesettings";
              version = "2.3.0";
              sha256 = "sha256-J7ujmiPaw8GI7vDfVPXEum2XAMWvahciP8C6iXgckdE=";
            };
          };
        }
        (mkIf config.nixfiles.modules.acme.enable {
          https = true;
          config.overwriteProtocol = "https";
        })
      ];

      postgresql = {
        ensureDatabases = [db];
        ensureUsers = [
          {
            name = db;
            ensurePermissions."DATABASE \"${db}\"" = "ALL PRIVILEGES";
          }
        ];
      };
    };

    systemd = {
      services = {
        nextcloud-setup.after = ["network-online.target" "postgresql.service"];

        nextcloud-preview-generate-cron.serviceConfig = {
          Type = "oneshot";
          User = "nextcloud";
          ExecStart = "${config.services.nextcloud.occ}/bin/nextcloud-occ preview:pre-generate";
        };
      };

      timers.nextcloud-preview-generate = {
        wantedBy = ["timers.target"];
        timerConfig = {
          OnBootSec = "15m";
          OnUnitActiveSec = "15m";
          Unit = "nextcloud-preview-generate-cron.service";
        };
      };
    };
  };
}