nixos-config/hosts/voyager/services/nextcloud.nix

{ config, pkgs, lib, ... }:
let
  cfg = config.containers.nextcloud.config.services.nextcloud;
  hostName = "cloud.feal.no";
in {
  containers.nextcloud = {
    autoStart = true;
    ephemeral = true;

    privateNetwork = true;
    hostBridge = "br0";
    localAddress = "192.168.10.171/24";

    bindMounts = {
      "/var/lib/nextcloud"  = { isReadOnly = false; hostPath = "/tank/nextcloud/nextcloud/";  };
      "/var/lib/postgresql" = { isReadOnly = false; hostPath = "/tank/nextcloud/postgresql/"; };
      "/srv/secrets/"       = { isReadOnly = true;  hostPath = "/tank/nextcloud/secrets/";    };
    };

    config = { config, pkgs, ... }: {
      system.stateVersion = "23.11";

      networking = {
        firewall = {
          enable = true;
          allowedTCPPorts = [ 80 ];
        };

        defaultGateway = "192.168.10.1";
      };
      time.timeZone = "Europe/Oslo";

      services.nextcloud = {
        enable = true;
        package = pkgs.nextcloud28;
        inherit hostName;
        home = "/var/lib/nextcloud";
        https = true;

        config = {
          dbtype = "pgsql";
          dbuser = "nextcloud";
          dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
          dbname = "nextcloud";
          adminpassFile = "/srv/secrets/adminpass";
          adminuser = "ncadmin";
          trustedProxies = [ "192.168.10.175" ]; # defiant
        };

        # phpOptions = {
        #   "opcache.interned_strings_buffer" = "16";
        #   "upload_max_filesize" = "4G";
        #   "post_max_size" = "4G";
        #   "memory_limit" = "4G";
        # };

        poolSettings = {
          "pm" = "ondemand";
          "pm.max_children" = 32;
          "pm.process_idle_timeout" = "10s";
          "pm.max_requests" = 500;
        };
      };

      services.postgresql = {
        enable = true;
        ensureDatabases = [ "nextcloud" ];
        ensureUsers = [ {
          name = "nextcloud";
          ensureDBOwnership = true;
        } ];
      };

      systemd.services."nextcloud-setup" = {
        requires = [ "postgresql.service" ];
        after = [ "postgresql.service" ];
      };
    };
  };
}
voyager: add nextcloud 2024-01-03 02:35:57 +01:00			`{ config, pkgs, lib, ... }:`
			`let`
			`cfg = config.containers.nextcloud.config.services.nextcloud;`
			`hostName = "cloud.feal.no";`
			`in {`
			`containers.nextcloud = {`
			`autoStart = true;`
			`ephemeral = true;`

			`privateNetwork = true;`
			`hostBridge = "br0";`
			`localAddress = "192.168.10.171/24";`

			`bindMounts = {`
			`"/var/lib/nextcloud" = { isReadOnly = false; hostPath = "/tank/nextcloud/nextcloud/"; };`
			`"/var/lib/postgresql" = { isReadOnly = false; hostPath = "/tank/nextcloud/postgresql/"; };`
			`"/srv/secrets/" = { isReadOnly = true; hostPath = "/tank/nextcloud/secrets/"; };`
			`};`

			`config = { config, pkgs, ... }: {`
			`system.stateVersion = "23.11";`

			`networking = {`
			`firewall = {`
			`enable = true;`
			`allowedTCPPorts = [ 80 ];`
			`};`

			`defaultGateway = "192.168.10.1";`
			`};`
			`time.timeZone = "Europe/Oslo";`

			`services.nextcloud = {`
			`enable = true;`
			`package = pkgs.nextcloud28;`
			`inherit hostName;`
			`home = "/var/lib/nextcloud";`
			`https = true;`

			`config = {`
			`dbtype = "pgsql";`
			`dbuser = "nextcloud";`
			`dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself`
			`dbname = "nextcloud";`
			`adminpassFile = "/srv/secrets/adminpass";`
			`adminuser = "ncadmin";`
nextcloud: fix reverse proxy 2024-01-03 03:05:47 +01:00			`trustedProxies = [ "192.168.10.175" ]; # defiant`
voyager: add nextcloud 2024-01-03 02:35:57 +01:00			`};`

			`# phpOptions = {`
			`# "opcache.interned_strings_buffer" = "16";`
			`# "upload_max_filesize" = "4G";`
			`# "post_max_size" = "4G";`
			`# "memory_limit" = "4G";`
			`# };`

			`poolSettings = {`
			`"pm" = "ondemand";`
			`"pm.max_children" = 32;`
			`"pm.process_idle_timeout" = "10s";`
			`"pm.max_requests" = 500;`
			`};`
			`};`

			`services.postgresql = {`
			`enable = true;`
			`ensureDatabases = [ "nextcloud" ];`
			`ensureUsers = [ {`
			`name = "nextcloud";`
			`ensureDBOwnership = true;`
			`} ];`
			`};`

			`systemd.services."nextcloud-setup" = {`
			`requires = [ "postgresql.service" ];`
			`after = [ "postgresql.service" ];`
			`};`
			`};`
			`};`
			`}`