{ config, ... }: let adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path; smtppassword = config.sops.templates."nextcloud-smtp".content; nextcloudUserId = config.users.users.nix-apps.uid; nextcloudGroupId = config.users.groups.jallen-nas.gid; in { containers.nextcloud = { autoStart = true; privateNetwork = true; hostAddress = "10.0.1.18"; localAddress = "10.0.2.18"; bindMounts = { secrets = { hostPath = "/run/secrets/jallen-nas/nextcloud"; isReadOnly = true; mountPoint = "/run/secrets/jallen-nas/nextcloud"; }; data = { hostPath = "/media/nas/main/nextcloud"; isReadOnly = false; mountPoint = "/data"; }; "/var/lib/nextcloud" = { hostPath = "/media/nas/ssd/nix-app-data/nextcloud"; isReadOnly = false; mountPoint = "/var/lib/nextcloud"; }; "/var/lib/onlyoffice" = { hostPath = "/media/nas/ssd/nix-app-data/onlyoffice"; isReadOnly = false; mountPoint = "/var/lib/onlyoffice"; }; }; config = { pkgs, lib, ... }: { nixpkgs.config.allowUnfree = true; services = { nextcloud = { enable = true; package = pkgs.nextcloud30; # datadir = "/data"; database.createLocally = true; hostName = "cloud.mjallen.dev"; appstoreEnable = true; caching.redis = true; configureRedis = true; enableImagemagick = true; https = true; config = { adminuser = "mjallen"; adminpassFile = adminpass; dbhost = "localhost"; dbtype = "sqlite"; dbname = "nextcloud"; dbuser = "nextcloud"; }; settings = { allow_local_remote_servers = true; upgrade.disable-web = false; datadirectory = "/data"; trusted_domains = [ "10.0.1.18:9988" "10.0.1.18:9943" "10.0.2.18:80" "10.0.2.18:443" "cloud.mjallen.dev" ]; trusted_proxies = [ "10.0.1.18" ]; maintenance_window_start = 6; default_phone_region = "US"; mail_from_address = "matt.l.jallen"; mail_smtpmode = "smtp"; mail_sendmailmode = "smtp"; mail_domain = "gmail.com"; mail_smtpauth = 1; mail_smtpname = "matt.l.jallen"; mail_smtppassword = smtppassword; mail_smtpsecure = "ssl"; mail_smtphost = "smtp.gmail.com"; mail_smtpport = 465; enable_previews = true; enabledPreviewProviders = [ "OC\\\\Preview\\\\PNG" "OC\\\\Preview\\\\JPEG" "OC\\\\Preview\\\\GIF" "OC\\\\Preview\\\\BMP" "OC\\\\Preview\\\\XBitmap" "OC\\\\Preview\\\\MP3" "OC\\\\Preview\\\\TXT" "OC\\\\Preview\\\\MarkDown" "OC\\\\Preview\\\\OpenDocument" "OC\\\\Preview\\\\Krita" "OC\\\\Preview\\\\HEIC" ]; installed = true; user_oidc = { auto_provision = false; soft_auto_provision = false; }; }; }; onlyoffice = { enable = true; port = 8000; hostname = "office.mjallen.dev"; }; }; # System packages environment.systemPackages = with pkgs; [ nextcloud30 onlyoffice-documentserver sqlite ]; # Create required users and groups users.users.nextcloud = { isSystemUser = true; uid = lib.mkForce nextcloudUserId; group = "nextcloud"; }; users.users.onlyoffice = { group = lib.mkForce "nextcloud"; }; users.groups = { nextcloud = { gid = lib.mkForce nextcloudGroupId; }; downloads = {}; }; # Create and set permissions for required directories system.activationScripts.nextcloud-dirs = '' mkdir -p /data chown -R nextcloud:nextcloud /data chown -R nextcloud:nextcloud /run/secrets/jallen-nas/nextcloud chmod -R 775 /data chmod -R 750 /run/secrets/jallen-nas/nextcloud ''; system.stateVersion = "23.11"; networking = { firewall = { enable = true; allowedTCPPorts = [ 80 443 ]; }; # Use systemd-resolved inside the container # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 useHostResolvConf = lib.mkForce false; }; services.resolved.enable = true; }; }; networking.nat = { forwardPorts = [ { destination = "10.0.2.18:443"; sourcePort = 9943; } { destination = "10.0.2.18:80"; sourcePort = 9988; } { destination = "10.0.2.18:8000"; sourcePort = 8000; } ]; }; }