updates

modules/services/nextcloud/default.nix

@@ -0,0 +1,128 @@
+{ config, ... }:
+let
+  adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path;
+  dbpass = config.sops.secrets."jallen-nas/nextcloud/dbpassword".path;
+  smtppassword = config.sops.templates."nextcloud-smtp".content;
+in
+{
+  containers.nextcloud = {
+    autoStart = true;
+    privateNetwork = true;
+    # hostAddress = "127.0.0.1";
+    # localAddress = "10.233.0.2";
+    # hostAddress6 = "fc00::1";
+    # localAddress6 = "fc00::2";
+    # hostForward = [
+    #   {
+    #     hostPort = 9943;
+    #     containerPort = 80;
+    #   }
+    # ];
+
+    hostBridge = "br0";
+
+    bindMounts = {
+      secrets = {
+        hostPath = "/run/secrets/jallen-nas/nextcloud";
+        isReadOnly = true;
+        mountPoint = "/run/secrets/jallen-nas/nextcloud";
+      };
+
+      data = {
+        hostPath = "/media/nas/main/nextcloud";
+        isReadOnly = false;
+        mountPoint = "/data";
+      };
+    };
+
+    config =
+      { pkgs, lib, ... }:
+      {
+        services = {
+          nextcloud = {
+            enable = true;
+            package = pkgs.nextcloud29;
+            datadir = "/data";
+            hostName = "localhost";
+            appstoreEnable = true;
+            caching.redis = true;
+            configureRedis = true;
+            config = {
+              adminuser = "mjallen";
+              adminpassFile = adminpass;
+              dbhost = "10.0.1.18:3306";
+              dbtype = "mysql";
+              dbname = "jallen_nextcloud";
+              dbuser = "nextcloud";
+              dbpassFile = dbpass;
+            };
+            settings = {
+              trusted_domains = [
+                "10.0.1.18:9980"
+                "10.0.1.18:9943"
+                "cloud.mjallen.dev"
+              ];
+              trusted_proxies = [ "10.0.1.18" ];
+              maintenance_window_start = 6;
+              default_phone_region = "US";
+              mail_from_address = "matt.l.jallen";
+              mail_smtpmode = "smtp";
+              mail_sendmailmode = "smtp";
+              mail_domain = "gmail.com";
+              mail_smtpauth = 1;
+              mail_smtpname = "matt.l.jallen";
+              mail_smtppassword = smtppassword;
+              mail_smtpsecure = "ssl";
+              mail_smtphost = "smtp.gmail.com";
+              mail_smtpport = 465;
+              enable_previews = true;
+              enabledPreviewProviders = [
+                "OC\\\\Preview\\\\PNG"
+                "OC\\\\Preview\\\\JPEG"
+                "OC\\\\Preview\\\\GIF"
+                "OC\\\\Preview\\\\BMP"
+                "OC\\\\Preview\\\\XBitmap"
+                "OC\\\\Preview\\\\MP3"
+                "OC\\\\Preview\\\\TXT"
+                "OC\\\\Preview\\\\MarkDown"
+                "OC\\\\Preview\\\\OpenDocument"
+                "OC\\\\Preview\\\\Krita"
+                "OC\\\\Preview\\\\HEIC"
+              ];
+            };
+          };
+
+          nginx = {
+            enable = true;
+            virtualHosts = {
+              "nextcloud-container.local" = {
+                # Change this to the desired port number
+                listen = [
+                  {
+                    addr = "0.0.0.0";
+                    port = 9943;
+                  }
+                ];
+
+                root = "/var/www/nextcloud";
+
+                # You may need to adjust other options for your specific setup
+              };
+            };
+          };
+        };
+        system.stateVersion = "23.11";
+        networking = {
+          firewall = {
+            enable = true;
+            allowedTCPPorts = [ 9943 ];
+          };
+          # Use systemd-resolved inside the container
+          # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
+          useHostResolvConf = lib.mkForce false;
+        };
+        services.resolved.enable = true;
+
+      };
+  };
+}