config.nix/modules/server/cloud/nextcloud.nix

{
  config,
  lib,
  pkgs,
  ...
}:

{
  options = {
    server.cloud.nextcloud = {
      enable = lib.mkEnableOption "enable nextcloud";
      port = lib.mkOption {
        default = 8009;
        description = "nextcloud port";
      };
      public = lib.mkEnableOption "make nextcloud public";
      subdomain = lib.mkOption {
        default = "nextcloud";
        description = "nextcloud subdomain";
      };
    };
  };
  config = {
    services = {
      nextcloud = {
        enable = config.server.cloud.nextcloud.enable;
        configureRedis = true;
        package = pkgs.nextcloud33;
        hostName = "nextcloud-net";
        config = {
          dbtype = "pgsql";
          dbuser = "nextcloud";
          dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
          dbname = "nextcloud";
          adminpassFile = "/home/${config.user.userName}/secrets/nextcloud";
          adminuser = "admin";
        };
        settings = {
          trusted_proxies = [
            "localhost"
            "127.0.0.1"
            "${config.server.cloud.nextcloud.subdomain}.${config.networking.domain}"
            config.networking.hostName
          ];
          trusted_domains = [
            "${config.server.cloud.nextcloud.subdomain}.${config.networking.domain}"
            config.networking.hostName
          ];
          skeletondirectory = "";
          preview_ffmpeg_path = "${pkgs.ffmpeg}/bin/ffmpeg";
          log_type = "file";
          logfile = "nextcloud.log";
          loglevel = 0;
        };
      };
      postgresql =
        if config.server.cloud.nextcloud.enable then
          {
            enable = true;
            ensureDatabases = [ "nextcloud" ];
            ensureUsers = [
              {
                name = "nextcloud";
                ensureDBOwnership = true;
              }
            ];
          }
        else
          { };
      nginx = {
        virtualHosts = {
          "nextcloud-net".listen = [
            {
              addr = "0.0.0.0";
              port = config.server.cloud.nextcloud.port;
            }
          ];
          "${config.server.cloud.nextcloud.subdomain}.${config.networking.domain}" =
            if config.server.cloud.nextcloud.public then
              {
                enableACME = true;
                forceSSL = true;
                locations."/" = {
                  proxyPass = "http://127.0.0.1:${toString config.server.cloud.nextcloud.port}";
                };
              }
            else
              { };
        };
      };
    };
    systemd.services."nextcloud-setup" = {
      requires = [ "postgresql.service" ];
      after = [ "postgresql.service" ];
    };
  };
}