config.nix/modules/server/cloud/nextcloud.nix

{
  config,
  lib,
  pkgs,
  ...
}:

{
  options = {
    server.cloud.nextcloud = {
      enable = lib.mkEnableOption "enable nextcloud";
      port = lib.mkOption {
        default = 8009;
        description = "nextcloud port";
      };
      public = lib.mkEnableOption "make nextcloud public";
      subdomain = lib.mkOption {
        default = "nextcloud";
        description = "nextcloud subdomain";
      };
    };
  };
  config = {
    services =
      if config.server.cloud.nextcloud.enable then
        {
          nextcloud = {
            enable = true;
            configureRedis = true;
            package = pkgs.nextcloud33;
            hostName = "nextcloud-net";
            config = {
              dbtype = "pgsql";
              dbuser = "nextcloud";
              dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
              dbname = "nextcloud";
              adminpassFile = "/home/marty/secrets/nextcloud";
              adminuser = "admin";
            };
            settings = {
              trusted_proxies = [
                "localhost"
                "127.0.0.1"
                "${config.server.cloud.nextcloud.subdomain}.${config.networking.domain}"
                config.networking.hostName
              ];
              trusted_domains = [
                "${config.server.cloud.nextcloud.subdomain}.${config.networking.domain}"
                config.networking.hostName
              ];
              skeletondirectory = "";
              preview_ffmpeg_path = "${pkgs.ffmpeg}/bin/ffmpeg";
              log_type = "file";
              logfile = "nextcloud.log";
              loglevel = 0;
            };
          };
          postgresql = {
            enable = true;
            ensureDatabases = [ "nextcloud" ];
            ensureUsers = [
              {
                name = "nextcloud";
                ensureDBOwnership = true;
              }
            ];
          };
          nginx = {
            virtualHosts = {
              "nextcloud-net".listen = [
                {
                  addr = "0.0.0.0";
                  port = config.server.cloud.nextcloud.port;
                }
              ];
              "${config.server.cloud.nextcloud.subdomain}.${config.networking.domain}" =
                if config.server.cloud.nextcloud.public then
                  {
                    enableACME = true;
                    forceSSL = true;
                    locations."/" = {
                      proxyPass = "http://127.0.0.1:${toString config.server.cloud.nextcloud.port}";
                    };
                  }
                else
                  { };
            };
          };
        }
      else
        { };
    systemd =
      if config.server.cloud.nextcloud.enable then
        {
          services."nextcloud-setup" = {
            requires = [ "postgresql.service" ];
            after = [ "postgresql.service" ];
          };
        }
      else
        { };
  };
}