repeated_keys

modules/nixos/services/nextcloud/default.nix

@@ -5,7 +5,6 @@
   namespace,
   ...
 }:
-with lib;
 let
   name = "nextcloud";
   cfg = config.${namespace}.services.${name};
@@ -18,130 +17,143 @@ let
     options = { };
 
     moduleConfig = {
-      # Override the empty systemd service created by mkModule.
-      # The native NixOS nextcloud module doesn't create a persistent "nextcloud.service"
-      # (it uses PHP-FPM pools and cron instead), so we clear this to avoid the error:
-      # "Service has no ExecStart=, ExecStop=, or SuccessAction=. Refusing."
-      systemd.services.nextcloud = lib.mkForce { };
       # Setup the native NixOS Nextcloud service
-      services.nextcloud = {
-        enable = true;
-        package = pkgs.nextcloud33;
-        hostName = "cloud.mjallen.dev";
-        home = "${cfg.configDir}/nextcloud";
-        datadir = "${cfg.dataDir}/nextcloud";
-        configureRedis = true;
-        enableImagemagick = true;
-        appstoreEnable = true;
+      services = {
+        nextcloud = {
+          enable = true;
+          package = pkgs.nextcloud33;
+          hostName = "cloud.mjallen.dev";
+          home = "${cfg.configDir}/nextcloud";
+          datadir = "${cfg.dataDir}/nextcloud";
+          configureRedis = true;
+          enableImagemagick = true;
+          appstoreEnable = true;
 
-        # extraApps = with pkgs.${namespace}; {
-        #   richdocumentscode = nextcloud-code-server;
-        #   # richdocuments = nextcloud-richdocuments;
-        # };
+          # extraApps = with pkgs.${namespace}; {
+          #   richdocumentscode = nextcloud-code-server;
+          #   # richdocuments = nextcloud-richdocuments;
+          # };
 
-        # Use PostgreSQL for database
-        config = {
-          dbtype = "pgsql";
-          dbname = "nextcloud";
-          dbuser = "nextcloud";
-          dbhost = "/run/postgresql"; # Socket directory
-          # dbpassFile = config.sops.secrets."jallen-nas/nextcloud/dbpassword".path;
-          adminuser = "mjallen";
-          adminpassFile = config.sops.secrets."matt_password".path;
-        };
-
-        # PHP settings
-        phpOptions = lib.mkOverride 90 {
-          memory_limit = "512M";
-          upload_max_filesize = "10G";
-          post_max_size = "10G";
-          output_buffering = "0";
-          "opcache.interned_strings_buffer" = "16";
-          "opcache.max_accelerated_files" = "10000";
-          "opcache.memory_consumption" = "128";
-          "opcache.save_comments" = "1";
-          "opcache.revalidate_freq" = "1";
-        };
-
-        # Configure caching for better performance
-        caching = {
-          apcu = true;
-          redis = true;
-          memcached = false;
-        };
-
-        # Auto-update apps
-        autoUpdateApps = {
-          enable = false;
-          startAt = "05:00:00";
-        };
-
-        # Configure HTTPS if enabled
-        https = false;
-
-        settings = {
-          installed = true;
-          auth.bruteforce.protection.enabled = false;
-          user_oidc = {
-            auto_provision = false;
+          # Use PostgreSQL for database
+          config = {
+            dbtype = "pgsql";
+            dbname = "nextcloud";
+            dbuser = "nextcloud";
+            dbhost = "/run/postgresql"; # Socket directory
+            # dbpassFile = config.sops.secrets."jallen-nas/nextcloud/dbpassword".path;
+            adminuser = "mjallen";
+            adminpassFile = config.sops.secrets."matt_password".path;
+          };
+
+          # PHP settings
+          phpOptions = lib.mkOverride 90 {
+            memory_limit = "512M";
+            upload_max_filesize = "10G";
+            post_max_size = "10G";
+            output_buffering = "0";
+            "opcache.interned_strings_buffer" = "16";
+            "opcache.max_accelerated_files" = "10000";
+            "opcache.memory_consumption" = "128";
+            "opcache.save_comments" = "1";
+            "opcache.revalidate_freq" = "1";
+          };
+
+          # Configure caching for better performance
+          caching = {
+            apcu = true;
+            redis = true;
+            memcached = false;
+          };
+
+          # Auto-update apps
+          autoUpdateApps = {
+            enable = false;
+            startAt = "05:00:00";
+          };
+
+          # Configure HTTPS if enabled
+          https = false;
+
+          settings = {
+            installed = true;
+            auth.bruteforce.protection.enabled = false;
+            user_oidc = {
+              auto_provision = false;
+            };
+            overwrite.cli.url = "https://cloud.mjallen.dev";
+            overwriteprotocol = "https";
+            overwritehost = "cloud.mjallen.dev";
+            log_type = "file";
+            default_phone_region = "US";
+            trusted_proxies = [
+              net.hosts.nas.lan
+              "127.0.0.1"
+              "::1"
+            ];
+            trusted_domains = [
+              "cloud.mjallen.dev"
+              "${net.hosts.nas.lan}:${toString cfg.port}"
+            ];
+            enabledPreviewProviders = [
+              "OC\\Preview\\PNG"
+              "OC\\Preview\\JPEG"
+              "OC\\Preview\\GIF"
+              "OC\\Preview\\BMP"
+              "OC\\Preview\\XBitmap"
+              "OC\\Preview\\Krita"
+              "OC\\Preview\\WebP"
+              "OC\\Preview\\MarkDown"
+              "OC\\Preview\\TXT"
+              "OC\\Preview\\OpenDocument"
+            ];
+          };
+        };
+
+        nginx = {
+          enable = true;
+          group = "jallen-nas";
+          virtualHosts.${config.services.nextcloud.hostName} = {
+            listen = [
+              {
+                addr = "0.0.0.0";
+                port = cfg.port;
+                ssl = false;
+              }
+            ];
           };
-          overwrite.cli.url = "https://cloud.mjallen.dev";
-          overwriteprotocol = "https";
-          overwritehost = "cloud.mjallen.dev";
-          log_type = "file";
-          default_phone_region = "US";
-          trusted_proxies = [
-            net.hosts.nas.lan
-            "127.0.0.1"
-            "::1"
-          ];
-          trusted_domains = [
-            "cloud.mjallen.dev"
-            "${net.hosts.nas.lan}:${toString cfg.port}"
-          ];
-          enabledPreviewProviders = [
-            "OC\\Preview\\PNG"
-            "OC\\Preview\\JPEG"
-            "OC\\Preview\\GIF"
-            "OC\\Preview\\BMP"
-            "OC\\Preview\\XBitmap"
-            "OC\\Preview\\Krita"
-            "OC\\Preview\\WebP"
-            "OC\\Preview\\MarkDown"
-            "OC\\Preview\\TXT"
-            "OC\\Preview\\OpenDocument"
-          ];
         };
       };
 
-      users.users.nextcloud.isSystemUser = lib.mkForce true;
-      users.users.nextcloud.isNormalUser = lib.mkForce false;
-      users.groups.nextcloud = { };
+      users = {
+        users = {
+          nextcloud = {
+            isSystemUser = lib.mkForce true;
+            isNormalUser = lib.mkForce false;
+          };
+        };
+        groups = {
+          nextcloud = { };
+        };
+      };
 
       # Ensure nextcloud services start after PostgreSQL is ready.
       # The upstream NixOS module only adds this ordering when services.postgresql.enable
       # is true in the same config, but here PostgreSQL is managed separately.
-      systemd.services.nextcloud-setup = {
-        after = [ "postgresql.service" ];
-        requires = [ "postgresql.service" ];
-      };
-      systemd.services.nextcloud-update-db = {
-        after = [ "postgresql.service" ];
-        requires = [ "postgresql.service" ];
-      };
-
-      # Configure web server
-      services.nginx = {
-        enable = true;
-        group = "jallen-nas";
-        virtualHosts.${config.services.nextcloud.hostName} = {
-          listen = [
-            {
-              addr = "0.0.0.0";
-              port = cfg.port;
-              ssl = false;
-            }
-          ];
+      systemd = {
+        services = {
+          # Override the empty systemd service created by mkModule.
+          # The native NixOS nextcloud module doesn't create a persistent "nextcloud.service"
+          # (it uses PHP-FPM pools and cron instead), so we clear this to avoid the error:
+          # "Service has no ExecStart=, ExecStop=, or SuccessAction=. Refusing."
+          nextcloud = lib.mkForce { };
+          nextcloud-setup = {
+            after = [ "postgresql.service" ];
+            requires = [ "postgresql.service" ];
+          };
+          nextcloud-update-db = {
+            after = [ "postgresql.service" ];
+            requires = [ "postgresql.service" ];
+          };
         };
       };
     };