nixos/services/nextcloud.nix

70 lines
1.7 KiB
Nix
Raw Normal View History

2023-09-11 20:23:04 +02:00
{
config,
lib,
pkgs,
fn,
...
}:
with lib;
mkIf (elem "nextcloud" config.machine.services) {
services =
let
2023-09-11 20:23:04 +02:00
cfg = config.machine;
2023-09-11 21:20:14 +02:00
inherit ((findFirst (s: s.service == "nextcloud") cfg cfg.vHosts)) domain;
in
{
2023-09-11 20:23:04 +02:00
nextcloud = {
enable = true;
home = "/var/lib/nextcloud";
hostName = domain;
https = true;
maxUploadSize = "1024M";
2024-05-09 00:01:50 +02:00
package = pkgs.nextcloud28;
2023-09-11 20:23:04 +02:00
config = {
adminuser = mkDefault (elemAt cfg.administrators 0).name;
adminpassFile = config.sops.secrets."services/nextcloud/adminPass".path;
dbtype = "mysql";
2024-02-26 16:31:13 +01:00
dbhost = "localhost:3306";
2023-09-11 20:23:04 +02:00
dbuser = "nextcloud";
dbpassFile = config.sops.secrets."services/nextcloud/dbPass".path;
dbname = "nextcloud";
dbtableprefix = "oc_";
2024-02-26 16:31:13 +01:00
};
settings = {
trusted_domains = cfg.extraDomains;
2023-09-11 20:23:04 +02:00
};
caching = {
apcu = true;
memcached = true;
redis = false;
};
};
2023-09-11 20:23:04 +02:00
# Turn Server used for nextcloud-talk
# This stuff is still untested.
coturn = mkIf (elem "nextcloud-talk" config.machine.services) {
# TLS is not needed as WebRTC is already encrypted.
enable = true;
realm = domain;
listening-port = 3478;
use-auth-secret = true;
extraConfig = ''
fingerprint
total-quota=100
bps-capacity=0
stale-nonce
no-multicast-peers
'';
};
2019-02-26 13:44:40 +01:00
};
sops.secrets =
fn.sopsHelper (name: "services/nextcloud/${name}")
[
"adminPass"
"dbPass"
]
2023-09-11 20:23:04 +02:00
{
owner = "nextcloud";
group = "nextcloud";
};
}