nextcloud

modules/nixos/services/caddy/default.nix

@@ -53,6 +53,18 @@ let
                 reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.attic.port}
               }
 
+              @cloud host cloud.mjallen.dev
+              handle @cloud {
+                reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.nextcloud.port} {
+                  header_up Host {upstream_hostport}
+                }
+
+                header {
+                  Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
+                  X-Robots-Tag "noindex, nofollow"
+                }
+              }
+
               @gitea host gitea.mjallen.dev
               handle @gitea {
                 reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.gitea.port}

modules/nixos/services/nextcloud/default.nix

@@ -1,6 +1,7 @@
 {
   lib,
   config,
+  pkgs,
   namespace,
   ...
 }:
@@ -11,26 +12,97 @@ let
 
   nextcloudConfig = lib.${namespace}.mkModule {
     inherit config name;
-    serviceName = "podman-${name}";
-    description = "nextcloud";
+    serviceName = "nextcloud";
+    description = "Nextcloud - Secure file sync and sharing platform";
     options = { };
+
     moduleConfig = {
-      virtualisation.oci-containers.containers."${name}" = {
-        autoStart = true;
-        image = "lscr.io/linuxserver/nextcloud";
-        ports = [
-          "${toString cfg.port}:443"
-        ];
-        volumes = [
-          "${cfg.configDir}/nextcloud:/config"
-          "${cfg.dataDir}/nextcloud:/data"
-          "/run/postgresql:/run/postgresql"
-        ];
-        environmentFiles = [ ];
-        environment = {
-          PUID = cfg.puid;
-          PGID = cfg.pgid;
-          TZ = cfg.timeZone;
+      # Setup the native NixOS Nextcloud service
+      services.nextcloud = {
+        enable = true;
+        package = pkgs.nextcloud32;
+        hostName = "cloud.mjallen.dev";
+        home = "${cfg.configDir}/nextcloud";
+        datadir = "${cfg.dataDir}/nextcloud";
+        configureRedis = true;
+        enableImagemagick = true;
+        appstoreEnable = true;
+        
+        # Use PostgreSQL for database
+        config = {
+          dbtype = "pgsql";
+          dbname = "nextcloud";
+          dbuser = "nextcloud";
+          dbhost = "/run/postgresql"; # Socket directory
+          # dbpassFile = config.sops.secrets."jallen-nas/nextcloud/dbpassword".path;
+          adminuser = "mjallen";
+          adminpassFile = config.sops.secrets."matt_password".path;
+        };
+        
+        # PHP settings
+        phpOptions = lib.mkOverride 90 {
+          memory_limit = "512M";
+          upload_max_filesize = "10G";
+          post_max_size = "10G";
+          output_buffering = "0";
+          "opcache.interned_strings_buffer" = "16";
+          "opcache.max_accelerated_files" = "10000";
+          "opcache.memory_consumption" = "128";
+          "opcache.save_comments" = "1";
+          "opcache.revalidate_freq" = "1";
+        };
+        
+        # Configure caching for better performance
+        caching = {
+          apcu = true;
+          redis = true;
+          memcached = false;
+        };
+        
+        # Auto-update apps
+        autoUpdateApps = {
+          enable = false;
+          startAt = "05:00:00";
+        };
+        
+        # Configure HTTPS if enabled
+        https = false;
+
+        settings = {
+          default_phone_region = "US";
+          trusted_proxies = [ "10.0.1.3" ];
+          trusted_domains = [
+            "cloud.mjallen.dev"
+            "10.0.1.3:${toString cfg.port}"
+          ];
+          enabledPreviewProviders = [
+            "OC\\Preview\\PNG"
+            "OC\\Preview\\JPEG"
+            "OC\\Preview\\GIF"
+            "OC\\Preview\\BMP"
+            "OC\\Preview\\XBitmap"
+            "OC\\Preview\\Krita"
+            "OC\\Preview\\WebP"
+            "OC\\Preview\\MarkDown"
+            "OC\\Preview\\TXT"
+            "OC\\Preview\\OpenDocument"
+          ];
+        };
+      };
+
+      users.users.nextcloud.isSystemUser = lib.mkForce true;
+      users.users.nextcloud.isNormalUser = lib.mkForce false;
+      users.groups.nextcloud = {};
+      
+      # Configure web server
+      services.nginx = {
+        enable = true;
+        virtualHosts.${config.services.nextcloud.hostName} = {
+          listen = [{
+            addr = "0.0.0.0";
+            port = cfg.port;
+            ssl = false;
+          }];
         };
       };
     };
@@ -38,4 +110,4 @@ let
 in
 {
   imports = [ nextcloudConfig ];
-}
+}

modules/nixos/services/opencloud/default.nix

@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  pkgs,
   namespace,
   ...
 }:
@@ -9,12 +10,92 @@ let
   name = "opencloud";
   cfg = config.${namespace}.services.${name};
 
+  # # Create an environment file from the configuration
+  # envFile = pkgs.writeText "opencloud-environment" ''
+  #   OC_JWT_SECRET=${config.sops.placeholder."jallen-nas/onlyoffice-key"}
+  #   OC_TRANSFER_SECRET=${config.sops.placeholder."jallen-nas/onlyoffice-key"}
+  #   OC_MACHINE_AUTH_API_KEY=${config.sops.placeholder."jallen-nas/onlyoffice-key"}
+    
+  #   OC_ADD_RUN_SERVICES=collaboration,app-provider
+  #   OC_REVA_GATEWAY=eu.opencloud.api.gateway
+  #   APP_PROVIDER_WOPI_APP_NAME=Collabora
+  #   APP_PROVIDER_ENABLE=true
+  #   APP_PROVIDER_SERVICE_NAME=app-provider-collabora
+  #   COLLABORATION_APP_NAME=Collabora
+  #   COLLABORATION_APP_PRODUCT=Collabora
+  #   COLLABORATION_WOPI_DISCOVERY_URL=https://office.mjallen.dev/hosting/discovery
+  #   COLLABORATION_WOPI_SRC=https://office.mjallen.dev
+  #   OC_COLLABORATION_WOPI_URL=https://office.mjallen.dev
+  #   COLLABORATION_APP_ADDR=https://office.mjallen.dev
+  #   COLLABORATION_APP_INSECURE=false
+  #   COLLABORATION_APP_PROOF_DISABLE=true
+  #   COLLABORATION_WOPI_SHORTTOKENS=false
+  #   MICRO_REGISTRY=nats-js-kv
+  #   MICRO_REGISTRY_ADDRESS=127.0.0.1:9233
+  #   OC_SYSTEM_USER_ID=${cfg.puid}
+
+  #   OC_LOG_LEVEL=info
+
+  #   APP_PROVIDER_PROVIDERS=collabora
+
+  #   APP_PROVIDER_COLLABORA_NAME=Collabora
+  #   APP_PROVIDER_COLLABORA_PRODUCT=Collabora Online
+
+  #   APP_PROVIDER_COLLABORA_ADDR=https://office.mjallen.dev
+  #   APP_PROVIDER_COLLABORA_ICON=https://office.mjallen.dev/favicon.ico
+
+  #   APP_PROVIDER_COLLABORA_MIME_TYPES=application/vnd.openxmlformats-officedocument.wordprocessingml.document application/vnd.openxmlformats-officedocument.spreadsheetml.sheet application/vnd.openxmlformats-officedocument.presentationml.presentation application/msword application/vnd.ms-excel application/vnd.ms-powerpoint text/plain
+
+  #   NATS_NATS_HOST=${cfg.listenAddress}
+  #   GATEWAY_GRPC_ADDR=${cfg.listenAddress}:9142
+
+  #   OC_DB_TYPE=postgres
+  #   OC_DB_HOST=10.0.1.3
+  #   OC_DB_PORT=5432
+  #   OC_DB_USER=opencloud
+  #   OC_DB_NAME=opencloud
+
+  #   OC_INSECURE=true
+  #   PROXY_TLS=false
+  #   PROXY_HTTP_ADDR=${cfg.listenAddress}:9200
+  #   OC_URL=https://cloud.mjallen.dev
+  #   OC_PUBLIC_URL=https://cloud.mjallen.dev
+  #   PUID=${cfg.puid}
+  #   PGID=${cfg.pgid}
+  #   TZ=${cfg.timeZone}
+  # '';
+
   opencloudConfig = lib.${namespace}.mkModule {
     inherit config name;
-    serviceName = "podman-${name}";
-    description = "opencloud";
+    serviceName = "opencloud";
+    description = "OpenCloud - Secure and private file sharing and storage";
     options = { };
+
     moduleConfig = {
+       services.opencloud = {
+        enable = true;
+        url = "https://cloud.mjallen.dev";
+        address = cfg.listenAddress;
+        port = cfg.port;
+        stateDir = "${cfg.configDir}/opencloud";
+        environment = {
+          PROXY_TLS = "false"; # disable https when behind reverse-proxy
+          INITIAL_ADMIN_PASSWORD = "BogieDudie1";
+          OC_DB_TYPE = "postgres";
+          OC_DB_HOST = "10.0.1.3";
+          OC_DB_PORT = "5432";
+          OC_DB_USER = "opencloud";
+          OC_DB_NAME = "opencloud";
+          OC_INSECURE = "true";
+          OC_LOG_LEVEL = "debug";
+          
+          # PROXY_TLS = "false";
+          # PROXY_HTTP_ADDR= "${cfg.listenAddress}:9200";
+          # OC_URL = "https://cloud.mjallen.dev"
+          # OC_PUBLIC_URL = "https://cloud.mjallen.dev"
+        };
+      };
+      # Create the secret template
       sops.templates = {
         "opencloud.env" = {
           content = ''
@@ -24,80 +105,15 @@ let
           '';
         };
       };
-      virtualisation.oci-containers.containers.opencloud = {
-        autoStart = true;
-        image = "opencloudeu/opencloud-rolling";
-        ports = [
-          "${toString cfg.port}:9200"
-        ];
-        volumes = [
-          "${cfg.dataDir}/opencloud:/var/lib/opencloud"
-          "${cfg.configDir}/opencloud:/etc/opencloud"
-        ];
-        environmentFiles = [ config.sops.templates."opencloud.env".path ];
-        environment = {
-          OC_ADD_RUN_SERVICES = "collaboration,app-provider";
-          OC_REVA_GATEWAY = "eu.opencloud.api.gateway";
-          APP_PROVIDER_WOPI_APP_NAME = "Collabora";
-          APP_PROVIDER_ENABLE = "true";
-          APP_PROVIDER_SERVICE_NAME = "app-provider-collabora";
-          COLLABORATION_APP_NAME = "Collabora";
-          COLLABORATION_APP_PRODUCT = "Collabora";
-          COLLABORATION_WOPI_DISCOVERY_URL = "https://office.mjallen.dev/hosting/discovery";
-          COLLABORATION_WOPI_SRC = "https://office.mjallen.dev";
-          OC_COLLABORATION_WOPI_URL = "https://office.mjallen.dev";
-          COLLABORATION_APP_ADDR = "https://office.mjallen.dev";
-          COLLABORATION_APP_INSECURE = "false";
-          COLLABORATION_APP_PROOF_DISABLE = "true";
-          COLLABORATION_WOPI_SHORTTOKENS = "false";
-          # COLLABORATION_GRPC_ADDR =  "${cfg.listenAddress}:9301";
-          # COLLABORATION_HTTP_ADDR = "${cfg.listenAddress}:9200";
-          MICRO_REGISTRY = "nats-js-kv";
-          MICRO_REGISTRY_ADDRESS = "127.0.0.1:9233";
-          OC_SYSTEM_USER_ID = cfg.puid;
 
-          OC_LOG_LEVEL = "info";
-
-          APP_PROVIDER_PROVIDERS = "collabora";
-
-          APP_PROVIDER_COLLABORA_NAME = "Collabora";
-          APP_PROVIDER_COLLABORA_PRODUCT = "Collabora Online";
-
-          APP_PROVIDER_COLLABORA_ADDR = "https://office.mjallen.dev";
-          APP_PROVIDER_COLLABORA_ICON = "https://office.mjallen.dev/favicon.ico";
-
-          APP_PROVIDER_COLLABORA_MIME_TYPES = ''
-            application/vnd.openxmlformats-officedocument.wordprocessingml.document
-            application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
-            application/vnd.openxmlformats-officedocument.presentationml.presentation
-            application/msword
-            application/vnd.ms-excel
-            application/vnd.ms-powerpoint
-            text/plain
-          '';
-
-          NATS_NATS_HOST = cfg.listenAddress;
-          GATEWAY_GRPC_ADDR = "${cfg.listenAddress}:9142";
-
-          OC_DB_TYPE = "postgres";
-          OC_DB_HOST = "10.0.1.3";
-          OC_DB_PORT = "5432";
-          OC_DB_USER = "opencloud";
-          OC_DB_NAME = "opencloud";
-
-          OC_INSECURE = "true";
-          PROXY_TLS = "false";
-          PROXY_HTTP_ADDR = "${cfg.listenAddress}:9200";
-          OC_URL = "https://cloud.mjallen.dev";
-          OC_PUBLIC_URL = "https://cloud.mjallen.dev";
-          PUID = cfg.puid;
-          PGID = cfg.pgid;
-          TZ = cfg.timeZone;
-        };
-      };
+      # # Create directories
+      # systemd.tmpfiles.rules = [
+      #   "d '${cfg.dataDir}/opencloud' 0750 ${cfg.user} ${cfg.group} - -"
+      #   "d '${cfg.configDir}/opencloud' 0750 ${cfg.user} ${cfg.group} - -"
+      # ];
     };
   };
 in
 {
   imports = [ opencloudConfig ];
-}
+}