{ lib, config, pkgs, ... }: let cfg = config.my.services.nextcloud; in { options.my.services.nextcloud = { enable = lib.mkEnableOption "Enable Nextcloud module"; proxy = { enable = lib.mkEnableOption "Set the proxy entry for this service"; domain = lib.mkOption { default = "example.com"; type = lib.types.str; description = '' The domain where Caddy is reachable ''; }; host = lib.mkOption { default = "localhost"; type = lib.types.str; description = '' host name where the download manager stack is running ''; }; }; }; config = lib.mkMerge [ (lib.mkIf cfg.enable { age.secrets = { nextcloud-admin-pwd = { file = ../../secrets/nextcloud-admin-pwd.age; owner = "nextcloud"; group = "nextcloud"; mode = "770"; }; }; services = { nextcloud = { enable = true; package = pkgs.nextcloud30; hostName = "cloud.${cfg.proxy.domain}"; https = true; nginx.recommendedHttpHeaders = true; settings = { overwriteProtocol = "https"; default_phone_region = "IT"; trusted_proxies = [ "192.168.1.150" ]; trusted_domains = [ "cloud.${cfg.proxy.domain}" ]; maintenance_window_start = 1; enabledPreviewProviders = [ "OC\\Preview\\BMP" "OC\\Preview\\GIF" "OC\\Preview\\JPEG" "OC\\Preview\\Krita" "OC\\Preview\\MarkDown" "OC\\Preview\\MP3" "OC\\Preview\\OpenDocument" "OC\\Preview\\PNG" "OC\\Preview\\TXT" "OC\\Preview\\XBitmap" "OC\\Preview\\HEIC" "OC\\Preview\\Movie" ]; memories = { exiftool = "${lib.getExe pkgs.exiftool}"; vod.ffmpeg = "${lib.getExe pkgs.ffmpeg-headless}"; vod.ffprobe = "${pkgs.ffmpeg-headless}/bin/ffprobe"; }; }; phpOptions."opcache.interned_strings_buffer" = "64"; config = { dbtype = "pgsql"; adminuser = "admin"; adminpassFile = config.age.secrets.nextcloud-admin-pwd.path; }; # Let NixOS install and configure the database automatically. database.createLocally = true; # Let NixOS install and configure Redis caching automatically. configureRedis = true; # Increase the maximum file upload size to avoid problems uploading videos. maxUploadSize = "16G"; # Instead of using pkgs.nextcloudXXPackages.apps, # we'll reference the package version specified above autoUpdateApps.enable = true; appstoreEnable = true; extraAppsEnable = true; extraApps = { inherit (config.services.nextcloud.package.packages.apps) contacts calendar cookbook cospend memories tasks onlyoffice # twofactor_totp user_oidc ; }; }; onlyoffice = { enable = true; hostname = "onlyoffice.${cfg.proxy.domain}"; }; nginx.virtualHosts = { ${config.services.nextcloud.hostName} = { forceSSL = false; enableACME = false; }; }; }; environment.systemPackages = with pkgs; [ exiftool ffmpeg ]; systemd.services."nextcloud-setup" = { requires = [ "postgresql.service" ]; after = [ "postgresql.service" ]; }; }) (lib.mkIf cfg.proxy.enable { services.caddy = with cfg.proxy; { virtualHosts."cloud.${domain}".extraConfig = '' reverse_proxy http://${host}:80 import cloudflare ''; virtualHosts."onlyoffice.${domain}".extraConfig = '' import cloudflare reverse_proxy http://${host}:${toString config.services.onlyoffice.port} { # Required to circumvent bug of Onlyoffice loading mixed non-https content header_up X-Forwarded-Proto https } ''; }; }) ]; }