{ self, pkgs, config, ... }: { age.secrets.nextcloud_db_pass = { owner = "nextcloud"; group = "nextcloud"; file = "${self}/secrets/cube_nextcloud_db_pass.age"; }; age.secrets.nextcloud_admin_pass = { owner = "nextcloud"; group = "nextcloud"; file = "${self}/secrets/cube_nextcloud_admin_pass.age"; }; # HTTP services.nginx = { enable = true; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; virtualHosts."data.gssws.de" = { enableACME = true; forceSSL = true; }; }; # DATABASES services.postgresql = { enable = true; package = pkgs.postgresql_11; ensureDatabases = [ "nextcloud" ]; ensureUsers = [ { name = "nextcloud"; ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; } ]; }; systemd.services."nextcloud-setup" = { requires = [ "postgresql.service" ]; after = [ "postgresql.service" ]; }; # NEXTCLOUD services.nextcloud = { enable = true; package = pkgs.nextcloud24; hostName = "data.gssws.de"; https = true; datadir = "/mnt/internal/nextcloud"; autoUpdateApps.enable = true; autoUpdateApps.startAt = "05:00:00"; config = { # Further forces Nextcloud to use HTTPS overwriteProtocol = "https"; dbtype = "pgsql"; dbuser = "nextcloud"; dbhost = "/run/postgresql"; dbname = "nextcloud"; dbpassFile = "/run/agenix/nextcloud_db_pass"; adminpassFile = "/run/agenix/nextcloud_admin_pass"; adminuser = "admin"; }; }; }