{ config, lib, pkgs, ... }: with lib; mkIf (elem "nextcloud" config.machine.services) { services = let cfg = config.machine; domain = (findFirst (s: s.service == "nextcloud") cfg cfg.vHosts).domain; in { nextcloud = { enable = true; enableBrokenCiphersForSSE = false; home = "/var/lib/nextcloud"; hostName = domain; https = true; maxUploadSize = "1024M"; package = pkgs.nextcloud25; config = { adminuser = mkDefault (elemAt cfg.administrators 0).name; adminpassFile = "${cfg.secretPath}/nextcloud_admin"; dbtype = "mysql"; dbhost = "localhost"; dbport = "3306"; dbuser = "nextcloud"; dbpassFile = "${cfg.secretPath}/nextcloud_db"; dbname = "nextcloud"; dbtableprefix = "oc_"; extraTrustedDomains = cfg.extraDomains; }; caching = { apcu = true; memcached = true; redis = false; }; }; # Turn Server used for nextcloud-talk # This stuff is still untested. coturn = mkIf (elem "nextcloud-talk" config.machine.services) { # TLS is not needed as WebRTC is already encrypted. enable = true; realm = domain; listening-port = 3478; use-auth-secret = true; extraConfig = '' fingerprint total-quota=100 bps-capacity=0 stale-nonce no-multicast-peers ''; }; mysql = let cfg = config.services.nextcloud.config; in { ensureDatabases = [ cfg.dbname ]; ensureUsers = [{ name = cfg.dbuser; ensurePermissions = { "${cfg.dbname}.*" = "ALL PRIVILEGES"; }; }]; }; }; }