{ config, pkgs, lib, ... }: let cfg = config.containers.nextcloud.config.services.nextcloud; hostName = "cloud.feal.no"; in { containers.nextcloud = { autoStart = true; ephemeral = true; privateNetwork = true; hostBridge = "br0"; localAddress = "192.168.10.171/24"; bindMounts = { "/var/lib/nextcloud" = { isReadOnly = false; hostPath = "/tank/nextcloud/nextcloud/"; }; "/var/lib/postgresql" = { isReadOnly = false; hostPath = "/tank/nextcloud/postgresql/"; }; "/srv/secrets/" = { isReadOnly = true; hostPath = "/tank/nextcloud/secrets/"; }; }; config = { config, pkgs, ... }: { system.stateVersion = "23.11"; networking = { firewall = { enable = true; allowedTCPPorts = [ 80 ]; }; defaultGateway = "192.168.10.1"; }; time.timeZone = "Europe/Oslo"; services.nextcloud = { enable = true; package = pkgs.nextcloud28; inherit hostName; home = "/var/lib/nextcloud"; https = true; config = { dbtype = "pgsql"; dbuser = "nextcloud"; dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself dbname = "nextcloud"; adminpassFile = "/srv/secrets/adminpass"; adminuser = "ncadmin"; trustedProxies = [ "192.168.10.175" ]; # defiant }; # phpOptions = { # "opcache.interned_strings_buffer" = "16"; # "upload_max_filesize" = "4G"; # "post_max_size" = "4G"; # "memory_limit" = "4G"; # }; poolSettings = { "pm" = "ondemand"; "pm.max_children" = 32; "pm.process_idle_timeout" = "10s"; "pm.max_requests" = 500; }; }; services.postgresql = { enable = true; ensureDatabases = [ "nextcloud" ]; ensureUsers = [ { name = "nextcloud"; ensureDBOwnership = true; } ]; }; systemd.services."nextcloud-setup" = { requires = [ "postgresql.service" ]; after = [ "postgresql.service" ]; }; }; }; }