diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 3fcc767..787cbee 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -3,6 +3,7 @@ services.nextcloud = { autoUpdateApps.enable = true; enable = true; + caching.redis = true; hostName = "nc.mc-fucker.cool"; package = pkgs.nextcloud22; https = true; @@ -16,14 +17,14 @@ adminuser = "Superadmin"; defaultPhoneRegion = "DE"; }; - poolSettings = { - "pm" = "dynamic"; - "pm.max_children" = "128"; - "pm.max_requests" = "500"; - "pm.max_spare_servers" = "18"; - "pm.min_spare_servers" = "6"; - "pm.start_servers" = "12"; - }; + #poolSettings = { + # "pm" = "dynamic"; + # "pm.max_children" = "256"; + # "pm.max_requests" = "1000"; + # "pm.max_spare_servers" = "64"; + # "pm.min_spare_servers" = "24"; + # "pm.start_servers" = "32"; + #}; }; services.nginx = { @@ -31,18 +32,49 @@ package = pkgs.nginxQuic; virtualHosts."${config.services.nextcloud.hostName}" = { forceSSL = true; - #sslCertificate = "/etc/letsencrypt/live/mc-fucker.cool/cert.pem"; - #sslCertificateKey = "/etc/letsencrypt/live/mc-fucker.cool/privkey.pem"; enableACME = true; http3 = true; }; }; + services.redis = { + enable = true; + unixSocket = "/run/redis/redis.sock"; + unixSocketPerm = 770; + }; + + users.groups.redis.members = [ "nextcloud" ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; security.acme = { acceptTerms = true; email = "dev@mc-fucker.cool"; }; + + systemd.services.nextcloud-redis-setup = let + redisConfig = pkgs.writeText "nextcloud-redis-config.php" '' + '\OC\Memcache\Redis', + 'memcache.locking' => '\OC\Memcache\Redis', + 'redis' => [ + 'host' => '${config.services.redis.unixSocket}', + 'port' => 0, + 'dbindex' => 0, + 'timeout' => 1.5, + ], + ]; + ''; + in { + wantedBy = [ "multi-user.target" ]; + before = [ "phpfpm-nextcloud.service" ]; + script = '' + ln -sf ${redisConfig} ${config.services.nextcloud.datadir}/config/redis.config.php + ''; + serviceConfig.Type = "oneshot"; + serviceConfig.User = "nextcloud"; + }; + } # vim: set et ts=2 sw=2 ai: