infra/modules/nextcloud/default.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

163 lines
4.7 KiB
Nix
Raw Normal View History

{
config,
pkgs,
flake,
...
2023-11-05 22:47:06 +00:00
}:
{
2023-10-28 16:53:02 +00:00
age.secrets."nextcloud-secrets" = {
file = "${flake.self}/secrets/nextcloud-secrets.age";
mode = "400";
owner = "nextcloud";
};
age.secrets."nextcloud-admin-pass" = {
file = "${flake.self}/secrets/nextcloud-admin-pass.age";
mode = "400";
owner = "nextcloud";
2023-10-28 16:53:02 +00:00
};
services.nginx.virtualHosts."cloud.${config.pub-solar-os.networking.domain}" = {
2023-10-28 19:34:47 +00:00
enableACME = true;
forceSSL = true;
};
services.nextcloud = {
hostName = "cloud.${config.pub-solar-os.networking.domain}";
home = "/var/lib/nextcloud";
enable = true;
flake: update inputs • Updated input 'element-themes': 'github:aaronraimist/element-themes/2368b58c16d2c4aabb82a245f036d228cbb6e5f5' (2024-02-12) → 'github:aaronraimist/element-themes/6ed3a981191cbd59f03ea530f16e096b9a4c278c' (2024-05-28) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/8dc45382d5206bd292f9c2768b8058a8fd8311d9' (2024-05-16) → 'github:hercules-ci/flake-parts/2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8' (2024-06-01) • Updated input 'flake-parts/nixpkgs-lib': 'https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz?narHash=sha256-QBx10%2Bk6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94%3D' (2024-05-02) → 'https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz?narHash=sha256-lIbdfCsf8LMFloheeE6N31%2BBMIeixqyQWbSr2vk79EQ%3D' (2024-06-01) • Updated input 'home-manager': 'github:nix-community/home-manager/2c78a57c544dd19b07442350727ced097e1aa6e6' (2024-05-26) → 'github:nix-community/home-manager/095ef64aa3b2ab4a4f1bf07f29997e21e3a5576a' (2024-06-04) • Updated input 'nix-darwin': 'github:lnl7/nix-darwin/0bea8222f6e83247dd13b055d83e64bce02ee532' (2024-05-24) → 'github:lnl7/nix-darwin/c0d5b8c54d6828516c97f6be9f2d00c63a363df4' (2024-05-29) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/46397778ef1f73414b03ed553a3368f0e7e33c2f' (2024-05-22) → 'github:nixos/nixpkgs/a62e6edd6d5e1fa0329b8653c801147986f8d446' (2024-05-31) • Updated input 'unstable': 'github:nixos/nixpkgs/bfb7a882678e518398ce9a31a881538679f6f092' (2024-05-24) → 'github:nixos/nixpkgs/57610d2f8f0937f39dbd72251e9614b1561942d8' (2024-05-31)
2024-05-31 15:45:21 +00:00
package = pkgs.nextcloud29;
https = true;
2023-10-28 16:53:02 +00:00
secretFile = config.age.secrets."nextcloud-secrets".path; # secret
maxUploadSize = "1G";
configureRedis = true;
notify_push = {
enable = true;
bendDomainToLocalhost = true;
};
config = {
adminuser = "admin";
adminpassFile = config.age.secrets."nextcloud-admin-pass".path;
dbuser = "nextcloud";
dbtype = "pgsql";
dbname = "nextcloud";
dbtableprefix = "oc_";
};
settings = {
overwrite.cli.url = "http://cloud.${config.pub-solar-os.networking.domain}";
overwriteprotocol = "https";
installed = true;
default_phone_region = "+49";
mail_sendmailmode = "smtp";
mail_from_address = "nextcloud";
mail_smtpmode = "smtp";
mail_smtpauthtype = "PLAIN";
mail_domain = "pub.solar";
mail_smtpname = "admins@pub.solar";
mail_smtpsecure = "ssl";
mail_smtpauth = true;
mail_smtphost = "mail.pub.solar";
mail_smtpport = "465";
# This is to allow connections to collabora and keycloak, among other services
# running on the same host
#
# https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html?highlight=allow_local_remote_servers%20true
# https://github.com/ONLYOFFICE/onlyoffice-nextcloud/issues/293
allow_local_remote_servers = true;
enable_previews = true;
enabledPreviewProviders = [
"OC\\Preview\\PNG"
"OC\\Preview\\JPEG"
"OC\\Preview\\GIF"
"OC\\Preview\\BMP"
"OC\\Preview\\XBitmap"
"OC\\Preview\\Movie"
"OC\\Preview\\PDF"
"OC\\Preview\\MP3"
"OC\\Preview\\TXT"
"OC\\Preview\\MarkDown"
];
preview_max_x = "1024";
preview_max_y = "768";
preview_max_scale_factor = "1";
auth.bruteforce.protection.enabled = true;
trashbin_retention_obligation = "auto,7";
skeletondirectory = "./nextcloud-skeleton";
defaultapp = "file";
activity_expire_days = "14";
integrity.check.disabled = false;
updater.release.channel = "stable";
loglevel = 2;
debug = false;
maintenance_window_start = "1";
# maintenance = false;
app_install_overwrite = [
"pdfdraw"
"integration_whiteboard"
];
htaccess.RewriteBase = "/";
theme = "";
simpleSignUpLink.shown = false;
};
phpOptions = {
"opcache.interned_strings_buffer" = "32";
"opcache.max_accelerated_files" = "16229";
"opcache.memory_consumption" = "256";
# https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache
"opcache.revalidate_freq" = "60";
# https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#:~:text=opcache.jit%20%3D%201255%20opcache.jit_buffer_size%20%3D%20128m
"opcache.jit" = "1255";
"opcache.jit_buffer_size" = "128M";
};
# Calculated with 4GiB RAM, 80MiB process size available on
# https://spot13.com/pmcalculator/
poolSettings = {
pm = "dynamic";
"pm.max_children" = "52";
"pm.max_requests" = "500";
"pm.max_spare_servers" = "39";
"pm.min_spare_servers" = "13";
"pm.start_servers" = "13";
};
caching.redis = true;
autoUpdateApps.enable = true;
database.createLocally = true;
};
2023-11-18 21:28:12 +00:00
services.restic.backups.nextcloud-storagebox = {
paths = [
"/var/lib/nextcloud/data"
"/tmp/nextcloud-backup.sql"
];
timerConfig = {
OnCalendar = "*-*-* 01:00:00 Etc/UTC";
2023-11-18 21:28:12 +00:00
};
initialize = true;
passwordFile = config.age.secrets."restic-repo-storagebox-nachtigall".path;
2023-11-18 21:28:12 +00:00
repository = "sftp:u377325@u377325.your-storagebox.de:/backups";
backupPrepareCommand = ''
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d nextcloud > /tmp/nextcloud-backup.sql
'';
backupCleanupCommand = ''
rm /tmp/nextcloud-backup.sql
'';
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 4"
"--keep-monthly 3"
];
2023-11-18 21:28:12 +00:00
};
}