{ config, ... }: let adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path; dbpass = config.sops.secrets."jallen-nas/nextcloud/dbpassword".path; smtppassword = config.sops.templates."nextcloud-smtp".content; nextcloudUserId = config.users.users.nix-apps.uid; nextcloudGroupId = config.users.groups.jallen-nas.gid; in { containers.nextcloud = { autoStart = true; privateNetwork = true; hostAddress = "10.0.1.18"; localAddress = "10.0.2.18"; bindMounts = { secrets = { hostPath = "/run/secrets/jallen-nas/nextcloud"; isReadOnly = true; mountPoint = "/run/secrets/jallen-nas/nextcloud"; }; data = { hostPath = "/media/nas/main/nextcloud"; isReadOnly = false; mountPoint = "/data"; }; }; config = { pkgs, lib, ... }: { services = { nextcloud = { enable = true; package = pkgs.nextcloud30; # datadir = "/data"; hostName = "localhost"; appstoreEnable = true; caching.redis = true; configureRedis = true; config = { adminuser = "mjallen"; adminpassFile = adminpass; dbhost = "10.0.1.18:3306"; dbtype = "mysql"; dbname = "jallen_nextcloud"; dbuser = "nextcloud"; dbpassFile = dbpass; }; settings = { datadirectory = "/data"; trusted_domains = [ "10.0.1.18:9988" "10.0.1.18:9943" "10.0.2.18:80" "10.0.2.18:443" "cloud.mjallen.dev" ]; trusted_proxies = [ "10.0.1.18" ]; maintenance_window_start = 6; default_phone_region = "US"; mail_from_address = "matt.l.jallen"; mail_smtpmode = "smtp"; mail_sendmailmode = "smtp"; mail_domain = "gmail.com"; mail_smtpauth = 1; mail_smtpname = "matt.l.jallen"; mail_smtppassword = smtppassword; mail_smtpsecure = "ssl"; mail_smtphost = "smtp.gmail.com"; mail_smtpport = 465; enable_previews = true; enabledPreviewProviders = [ "OC\\\\Preview\\\\PNG" "OC\\\\Preview\\\\JPEG" "OC\\\\Preview\\\\GIF" "OC\\\\Preview\\\\BMP" "OC\\\\Preview\\\\XBitmap" "OC\\\\Preview\\\\MP3" "OC\\\\Preview\\\\TXT" "OC\\\\Preview\\\\MarkDown" "OC\\\\Preview\\\\OpenDocument" "OC\\\\Preview\\\\Krita" "OC\\\\Preview\\\\HEIC" ]; installed = true; # config_is_read_only = true; }; }; }; # Create required users and groups users.users.nextcloud = { isSystemUser = true; uid = lib.mkForce nextcloudUserId; group = "nextcloud"; }; users.groups = { nextcloud = { gid = lib.mkForce nextcloudGroupId; }; downloads = {}; }; # Create and set permissions for required directories system.activationScripts.radarr-dirs = '' mkdir -p /data chown -R nextcloud:nextcloud /data chmod -R 775 /data ''; system.stateVersion = "23.11"; networking = { firewall = { enable = true; allowedTCPPorts = [ 80 443 ]; }; # Use systemd-resolved inside the container # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 useHostResolvConf = lib.mkForce false; }; services.resolved.enable = true; }; }; networking.nat = { forwardPorts = [ { destination = "10.0.2.18:443"; sourcePort = 9943; } { destination = "10.0.2.18:80"; sourcePort = 9988; } ]; }; }