server and other shit

2026-04-11 17:21:28 +02:00 · 2026-04-11 17:21:28 +02:00 · 804371bf96
commit 804371bf96
parent 270e1a0be4
65 changed files with 1428 additions and 619 deletions
--- a/modules/server/cloud/nextcloud.nix
+++ b/modules/server/cloud/nextcloud.nix
@ -0,0 +1,93 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  options = {
+    server.cloud.nextcloud = {
+      enable = lib.mkEnableOption "enable nextcloud";
+      port = lib.mkOption {
+        default = 8009;
+        description = "nextcloud port";
+      };
+      public = lib.mkEnableOption "make nextcloud public";
+      subdomain = lib.mkOption {
+        default = "nextcloud";
+        description = "nextcloud subdomain";
+      };
+    };
+  };
+  config = {
+    services = {
+      nextcloud = {
+        enable = config.server.cloud.nextcloud.enable;
+        configureRedis = true;
+        package = pkgs.nextcloud33;
+        hostName = "nextcloud-net";
+        config = {
+          dbtype = "pgsql";
+          dbuser = "nextcloud";
+          dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
+          dbname = "nextcloud";
+          adminpassFile = "/home/marty/secrets/nextcloud";
+          adminuser = "admin";
+        };
+        settings = {
+          trusted_proxies = [
+            "localhost"
+            "127.0.0.1"
+            "${config.server.cloud.nextcloud.subdomain}.${config.networking.domain}"
+            config.networking.hostName
+          ];
+          trusted_domains = [
+            "${config.server.cloud.nextcloud.subdomain}.${config.networking.domain}"
+            config.networking.hostName
+          ];
+          skeletondirectory = "";
+          preview_ffmpeg_path = "${pkgs.ffmpeg}/bin/ffmpeg";
+          log_type = "file";
+          logfile = "nextcloud.log";
+          loglevel = 0;
+        };
+      };
+      postgresql = {
+        enable = true;
+        ensureDatabases = [ "nextcloud" ];
+        ensureUsers = [
+          {
+            name = "nextcloud";
+            ensureDBOwnership = true;
+          }
+        ];
+      };
+      nginx = {
+        virtualHosts = {
+          "nextcloud-net".listen = [
+            {
+              addr = "0.0.0.0";
+              port = config.server.cloud.nextcloud.port;
+            }
+          ];
+          "${config.server.cloud.nextcloud.subdomain}.${config.networking.domain}" =
+            if config.server.cloud.nextcloud.public then
+              {
+                enableACME = true;
+                forceSSL = true;
+                locations."/" = {
+                  proxyPass = "http://127.0.0.1:${toString config.server.cloud.nextcloud.port}";
+                };
+              }
+            else
+              { };
+        };
+      };
+    };
+    systemd.services."nextcloud-setup" = {
+      requires = [ "postgresql.service" ];
+      after = [ "postgresql.service" ];
+    };
+  };
+}