{ lib, config, pkgs, namespace, ... }: with lib; let name = "nextcloud"; cfg = config.${namespace}.services.${name}; nextcloudConfig = lib.${namespace}.mkModule { inherit config name; serviceName = "nextcloud"; description = "Nextcloud - Secure file sync and sharing platform"; options = { }; moduleConfig = { # Override the empty systemd service created by mkModule. # The native NixOS nextcloud module doesn't create a persistent "nextcloud.service" # (it uses PHP-FPM pools and cron instead), so we clear this to avoid the error: # "Service has no ExecStart=, ExecStop=, or SuccessAction=. Refusing." systemd.services.nextcloud = lib.mkForce { }; # Setup the native NixOS Nextcloud service services.nextcloud = { enable = true; package = pkgs.nextcloud33; hostName = "cloud.mjallen.dev"; home = "${cfg.configDir}/nextcloud"; datadir = "${cfg.dataDir}/nextcloud"; configureRedis = true; enableImagemagick = true; appstoreEnable = true; # extraApps = with pkgs.${namespace}; { # richdocumentscode = nextcloud-code-server; # # richdocuments = nextcloud-richdocuments; # }; # Use PostgreSQL for database config = { dbtype = "pgsql"; dbname = "nextcloud"; dbuser = "nextcloud"; dbhost = "/run/postgresql"; # Socket directory # dbpassFile = config.sops.secrets."jallen-nas/nextcloud/dbpassword".path; adminuser = "mjallen"; adminpassFile = config.sops.secrets."matt_password".path; }; # PHP settings phpOptions = lib.mkOverride 90 { memory_limit = "512M"; upload_max_filesize = "10G"; post_max_size = "10G"; output_buffering = "0"; "opcache.interned_strings_buffer" = "16"; "opcache.max_accelerated_files" = "10000"; "opcache.memory_consumption" = "128"; "opcache.save_comments" = "1"; "opcache.revalidate_freq" = "1"; }; # Configure caching for better performance caching = { apcu = true; redis = true; memcached = false; }; # Auto-update apps autoUpdateApps = { enable = false; startAt = "05:00:00"; }; # Configure HTTPS if enabled https = false; settings = { installed = true; auth.bruteforce.protection.enabled = true; user_oidc = { auto_provision = false; }; overwrite.cli.url = "https://cloud.mjallen.dev"; overwriteprotocol = "https"; overwritehost = "cloud.mjallen.dev"; log_type = "file"; default_phone_region = "US"; trusted_proxies = [ "10.0.1.3" "127.0.0.1" "::1" ]; trusted_domains = [ "cloud.mjallen.dev" "10.0.1.3:${toString cfg.port}" ]; enabledPreviewProviders = [ "OC\\Preview\\PNG" "OC\\Preview\\JPEG" "OC\\Preview\\GIF" "OC\\Preview\\BMP" "OC\\Preview\\XBitmap" "OC\\Preview\\Krita" "OC\\Preview\\WebP" "OC\\Preview\\MarkDown" "OC\\Preview\\TXT" "OC\\Preview\\OpenDocument" ]; }; }; users.users.nextcloud.isSystemUser = lib.mkForce true; users.users.nextcloud.isNormalUser = lib.mkForce false; users.groups.nextcloud = { }; # Ensure nextcloud services start after PostgreSQL is ready. # The upstream NixOS module only adds this ordering when services.postgresql.enable # is true in the same config, but here PostgreSQL is managed separately. systemd.services.nextcloud-setup = { after = [ "postgresql.service" ]; requires = [ "postgresql.service" ]; }; systemd.services.nextcloud-update-db = { after = [ "postgresql.service" ]; requires = [ "postgresql.service" ]; }; # Configure web server services.nginx = { enable = true; group = "jallen-nas"; virtualHosts.${config.services.nextcloud.hostName} = { listen = [ { addr = "0.0.0.0"; port = cfg.port; ssl = false; } ]; }; }; }; }; in { imports = [ nextcloudConfig ]; }