nixos-config/modules/nextcloud.nix

{ pkgs, config, lib, ... }:
let
  oo_domain = "onlyoffice.mc-fucker.cool";
in
{

  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "corefonts" ]; #allow a single package from unfree

  services.postgresql = {
    ensureDatabases = [ "nextcloud" ];
    ensureUsers = [
      {
        name = "nextcloud";
        ensurePermissions = {
          "DATABASE nextcloud" = "ALL PRIVILEGES";
        };
      }
    ];
  };

  services.postgresqlBackup.databases = [ "nextcloud" ];

  services.nextcloud = {
    autoUpdateApps.enable = true;
    enable = true;
    caching.redis = true;
    hostName = "nc.mc-fucker.cool";
    package = pkgs.nextcloud25;
    https = true;
    config = {
      dbtype = "pgsql";
      #dbhost = "postgres";
      dbhost = "/run/postgresql";
      #dbpassFile = "/etc/nixos/keys/nextcloud-dbpassword";
      extraTrustedDomains = [ "mc4" ];
      adminpassFile = "/etc/nixos/keys/nextcloud-adminpassword";
      adminuser = "Superadmin";
      defaultPhoneRegion = "DE";
    };
    #poolSettings = {
    #  "pm" = "dynamic";
    #  "pm.max_children" = "256";
    #  "pm.max_requests" = "1000";
    #  "pm.max_spare_servers" = "64";
    #  "pm.min_spare_servers" = "24";
    #  "pm.start_servers" = "32";
    #};
  };

  services.nginx = {
    #package = pkgs.nginxMainline;
    package = pkgs.nginxQuic;
    virtualHosts."${config.services.nextcloud.hostName}" = {
      forceSSL = true;
      enableACME = true;
      #http3 = true;
    };
  };

  services.redis = {
    enable = true;
    unixSocket = "/run/redis/redis.sock";
    unixSocketPerm = 770;
  };

  services.onlyoffice = {
    enable = true;
    hostname = oo_domain;
  };

  services.nginx.virtualHosts."${oo_domain}" = {
    forceSSL = true;
    enableACME = true;
  };

  users.users = {
    nginx = {
      extraGroups = [ "onlyoffice" ];
    };
  };


  users.groups.redis.members = [ "nextcloud" ];

  networking.firewall.allowedTCPPorts = [ 80 443 ];
  security.acme = {
    acceptTerms = true;
    defaults.email = "dev@mc-fucker.cool";
  };

  systemd.services.nextcloud-redis-setup = let
    redisConfig = pkgs.writeText "nextcloud-redis-config.php" ''
      <?php
      $CONFIG = [
        'memcache.distributed' => '\OC\Memcache\Redis',
        'memcache.locking' => '\OC\Memcache\Redis',
        'redis' => [
          'host'     => '${config.services.redis.unixSocket}',
          'port'     => 0,
          'dbindex'  => 0,
          'timeout'  => 1.5,
        ],
        'allow_local_remote_servers' => true,
      ];
    '';
  in {
    wantedBy = [ "multi-user.target" ];
    before = [ "phpfpm-nextcloud.service" ];
    script = ''
      ln -sf ${redisConfig} ${config.services.nextcloud.datadir}/config/redis.config.php
    '';
    serviceConfig.Type = "oneshot";
    serviceConfig.User = "nextcloud";
  };

}

# vim: set et ts=2 sw=2 ai:
added onlyoffice to nextcloud 2022-09-25 02:14:33 +02:00			`{ pkgs, config, lib, ... }:`
			`let`
			`oo_domain = "onlyoffice.mc-fucker.cool";`
			`in`
added nextcloud 2021-11-23 11:17:26 +01:00			`{`
seperated psql backup into multiple files 2022-07-19 12:13:40 +02:00
added onlyoffice to nextcloud 2022-09-25 02:14:33 +02:00			`nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "corefonts" ]; #allow a single package from unfree`

seperated psql backup into multiple files 2022-07-19 12:13:40 +02:00			`services.postgresql = {`
			`ensureDatabases = [ "nextcloud" ];`
			`ensureUsers = [`
			`{`
			`name = "nextcloud";`
			`ensurePermissions = {`
			`"DATABASE nextcloud" = "ALL PRIVILEGES";`
			`};`
			`}`
			`];`
			`};`

			`services.postgresqlBackup.databases = [ "nextcloud" ];`

added nextcloud 2021-11-23 11:17:26 +01:00			`services.nextcloud = {`
added rclone, nextcloud app update 2021-11-23 12:41:14 +01:00			`autoUpdateApps.enable = true;`
added nextcloud 2021-11-23 11:17:26 +01:00			`enable = true;`
added redis to nextcloud 2021-12-02 16:30:19 +01:00			`caching.redis = true;`
added nextcloud 2021-11-23 11:17:26 +01:00			`hostName = "nc.mc-fucker.cool";`
updated nextcloud to 25 2022-10-27 02:00:09 +02:00			`package = pkgs.nextcloud25;`
added nextcloud 2021-11-23 11:17:26 +01:00			`https = true;`
			`config = {`
			`dbtype = "pgsql";`
			`#dbhost = "postgres";`
			`dbhost = "/run/postgresql";`
			`#dbpassFile = "/etc/nixos/keys/nextcloud-dbpassword";`
			`extraTrustedDomains = [ "mc4" ];`
			`adminpassFile = "/etc/nixos/keys/nextcloud-adminpassword";`
			`adminuser = "Superadmin";`
added default phone region to nextcloud 2021-11-30 15:38:18 +01:00			`defaultPhoneRegion = "DE";`
added nextcloud 2021-11-23 11:17:26 +01:00			`};`
added redis to nextcloud 2021-12-02 16:30:19 +01:00			`#poolSettings = {`
			`# "pm" = "dynamic";`
			`# "pm.max_children" = "256";`
			`# "pm.max_requests" = "1000";`
			`# "pm.max_spare_servers" = "64";`
			`# "pm.min_spare_servers" = "24";`
			`# "pm.start_servers" = "32";`
			`#};`
added nextcloud 2021-11-23 11:17:26 +01:00			`};`

			`services.nginx = {`
			`#package = pkgs.nginxMainline;`
			`package = pkgs.nginxQuic;`
			`virtualHosts."${config.services.nextcloud.hostName}" = {`
			`forceSSL = true;`
			`enableACME = true;`
stuff 2021-12-21 14:41:36 +01:00			`#http3 = true;`
added nextcloud 2021-11-23 11:17:26 +01:00			`};`
			`};`

added redis to nextcloud 2021-12-02 16:30:19 +01:00			`services.redis = {`
			`enable = true;`
			`unixSocket = "/run/redis/redis.sock";`
			`unixSocketPerm = 770;`
			`};`

added onlyoffice to nextcloud 2022-09-25 02:14:33 +02:00			`services.onlyoffice = {`
			`enable = true;`
			`hostname = oo_domain;`
			`};`

			`services.nginx.virtualHosts."${oo_domain}" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`};`

			`users.users = {`
			`nginx = {`
			`extraGroups = [ "onlyoffice" ];`
			`};`
			`};`


added redis to nextcloud 2021-12-02 16:30:19 +01:00			`users.groups.redis.members = [ "nextcloud" ];`

added nextcloud 2021-11-23 11:17:26 +01:00			`networking.firewall.allowedTCPPorts = [ 80 443 ];`
			`security.acme = {`
			`acceptTerms = true;`
borg, atop interval, ihatemoney, postgresql backup 2022-01-15 13:22:32 +01:00			`defaults.email = "dev@mc-fucker.cool";`
added nextcloud 2021-11-23 11:17:26 +01:00			`};`
added redis to nextcloud 2021-12-02 16:30:19 +01:00
			`systemd.services.nextcloud-redis-setup = let`
			`redisConfig = pkgs.writeText "nextcloud-redis-config.php" ''`
			`<?php`
			`$CONFIG = [`
			`'memcache.distributed' => '\OC\Memcache\Redis',`
			`'memcache.locking' => '\OC\Memcache\Redis',`
			`'redis' => [`
			`'host' => '${config.services.redis.unixSocket}',`
			`'port' => 0,`
			`'dbindex' => 0,`
			`'timeout' => 1.5,`
			`],`
allow local remote servers for nextcloud 2022-03-24 17:20:21 +01:00			`'allow_local_remote_servers' => true,`
added redis to nextcloud 2021-12-02 16:30:19 +01:00			`];`
			`'';`
			`in {`
			`wantedBy = [ "multi-user.target" ];`
			`before = [ "phpfpm-nextcloud.service" ];`
			`script = ''`
			`ln -sf ${redisConfig} ${config.services.nextcloud.datadir}/config/redis.config.php`
			`'';`
			`serviceConfig.Type = "oneshot";`
			`serviceConfig.User = "nextcloud";`
			`};`

added nextcloud 2021-11-23 11:17:26 +01:00			`}`

			`# vim: set et ts=2 sw=2 ai:`