{ lib, config, pkgs, ... }: let cfg = config.my.services.nextcloud; in { options.my.services.nextcloud = { enable = lib.mkEnableOption "Enable Nextcloud module"; adminPasswordFile = lib.mkOption { default = ""; type = lib.types.str; description = '' Path to the file containing the admin password for Nextcloud ''; }; secretFile = lib.mkOption { default = ""; type = lib.types.str; description = '' Path to the file containing extra secrets for Nextcloud ''; }; proxy = { enable = lib.mkEnableOption "Set the proxy entry for this service"; domain = lib.mkOption { default = "example.com"; type = lib.types.str; description = '' The domain where Caddy is reachable ''; }; subdomain = lib.mkOption { default = "cloud"; type = lib.types.str; description = '' The subdomain where Nextcloud is reachable ''; }; officeSubdomain = lib.mkOption { default = "office"; type = lib.types.str; description = '' The subdomain where Collabora Online is reachable ''; }; host = lib.mkOption { default = "localhost"; type = lib.types.str; description = '' host name where nextcloud is running ''; }; }; }; config = lib.mkMerge [ (lib.mkIf cfg.enable { services = { nextcloud = { enable = true; package = pkgs.nextcloud32; hostName = "cloud.${cfg.proxy.domain}"; https = true; nginx.recommendedHttpHeaders = true; secretFile = cfg.secretFile; settings = { overwriteprotocol = "https"; default_phone_region = "IT"; trusted_proxies = [ "192.168.1.150" ]; trusted_domains = [ "cloud.${cfg.proxy.domain}" ]; maintenance_window_start = 1; mail_smtpmode = "smtp"; mail_sendmailmode = "smtp"; mail_from_address = "cloud"; mail_domain = cfg.proxy.domain; mail_smtphost = "smtp.tem.scaleway.com"; mail_smtpport = 465; mail_smtpauth = "true"; enabledPreviewProviders = [ "OC\\Preview\\BMP" "OC\\Preview\\GIF" "OC\\Preview\\JPEG" "OC\\Preview\\Krita" "OC\\Preview\\MarkDown" "OC\\Preview\\MP3" "OC\\Preview\\OpenDocument" "OC\\Preview\\PNG" "OC\\Preview\\TXT" "OC\\Preview\\XBitmap" "OC\\Preview\\HEIC" "OC\\Preview\\Movie" ]; memories = { exiftool = "${lib.getExe pkgs.exiftool}"; vod.ffmpeg = "${lib.getExe pkgs.ffmpeg-headless}"; vod.ffprobe = "${pkgs.ffmpeg-headless}/bin/ffprobe"; }; }; phpOptions = { "opcache.interned_strings_buffer" = "64"; "opcache.memory_consumption" = "256"; }; config = { dbtype = "pgsql"; adminuser = "admin"; adminpassFile = cfg.adminPasswordFile; }; # Let NixOS install and configure the database automatically. database.createLocally = true; # Let NixOS install and configure Redis caching automatically. configureRedis = true; # Increase the maximum file upload size to avoid problems uploading videos. maxUploadSize = "16G"; # Instead of using pkgs.nextcloudXXPackages.apps, # we'll reference the package version specified above autoUpdateApps.enable = true; appstoreEnable = true; extraAppsEnable = true; extraApps = { inherit (config.services.nextcloud.package.packages.apps) contacts calendar cookbook cospend tasks richdocuments ; }; }; collabora-online = { enable = true; settings = { host = [ ''127\.0\.0\.1'' ]; storage.wopi."@allow" = true; }; # hostname = "office.${cfg.proxy.domain}"; }; }; networking.firewall.allowedTCPPorts = [ 80 config.services.collabora-online.port ]; environment.systemPackages = with pkgs; [ exiftool ffmpeg ]; systemd.services."nextcloud-setup" = { requires = [ "postgresql.service" ]; after = [ "postgresql.service" ]; }; }) (lib.mkIf cfg.proxy.enable { services.caddy = with cfg.proxy; { virtualHosts."${subdomain}.${domain}".extraConfig = '' reverse_proxy http://${host}:80 import cloudflare_${domain} ''; virtualHosts."${officeSubdomain}.${domain}".extraConfig = '' import cloudflare_${domain} reverse_proxy http://${host}:${toString config.services.collabora-online.port} { # Required to circumvent bug of Onlyoffice loading mixed non-https content header_up X-Forwarded-Proto https } ''; }; }) ]; }