71 lines
1.7 KiB
Nix
71 lines
1.7 KiB
Nix
|
{ pkgs, config, secrets, ... }:
|
||
|
|
||
|
# TODO: This kinda sucks, but nextcloud refuses to use the NFS mounted
|
||
|
# drive, as it is not able to lock it properly.
|
||
|
# I'll wait for a while with enabling this service, until I have gotten
|
||
|
# Some proper disks into the server.
|
||
|
{
|
||
|
sops.secrets."nextcloud/initialPassword" = {
|
||
|
restartUnits = [ "nextcloud.service" ];
|
||
|
owner = "nextcloud";
|
||
|
group = "nextcloud";
|
||
|
};
|
||
|
sops.secrets."postgres/nextcloud" = {
|
||
|
restartUnits = [ "nextcloud.service" ];
|
||
|
owner = "nextcloud";
|
||
|
group = "nextcloud";
|
||
|
};
|
||
|
|
||
|
services.nextcloud = {
|
||
|
enable = false;
|
||
|
hostName = "cloud.nani.wtf";
|
||
|
https = true;
|
||
|
maxUploadSize = "10G";
|
||
|
package = pkgs.nextcloud25;
|
||
|
|
||
|
datadir = "${config.machineVars.dataDrives.default}/var/nextcloud";
|
||
|
|
||
|
home = "${config.machineVars.dataDrives.default}/var/nextcloud";
|
||
|
|
||
|
enableBrokenCiphersForSSE = false;
|
||
|
|
||
|
caching.redis = true;
|
||
|
extraOptions = {
|
||
|
redis = {
|
||
|
host = config.services.redis.servers.nextcloud.unixSocket;
|
||
|
port = 0;
|
||
|
dbindex = 0;
|
||
|
timeout = 1.5;
|
||
|
};
|
||
|
};
|
||
|
|
||
|
config = {
|
||
|
defaultPhoneRegion = "NO";
|
||
|
|
||
|
dbtype = "pgsql";
|
||
|
dbport = secrets.ports.postgres;
|
||
|
dbpassFile = config.sops.secrets."postgres/nextcloud".path;
|
||
|
|
||
|
adminuser = "h7x4";
|
||
|
adminpassFile = config.sops.secrets."nextcloud/initialPassword".path;
|
||
|
};
|
||
|
};
|
||
|
|
||
|
services.redis.servers.nextcloud = {
|
||
|
enable = true;
|
||
|
};
|
||
|
|
||
|
services.postgresql = {
|
||
|
enable = true;
|
||
|
ensureDatabases = [ "nextcloud" ];
|
||
|
ensureUsers = [
|
||
|
(rec {
|
||
|
name = "nextcloud";
|
||
|
ensurePermissions = {
|
||
|
"DATABASE \"${name}\"" = "ALL PRIVILEGES";
|
||
|
};
|
||
|
})
|
||
|
];
|
||
|
};
|
||
|
}
|