os/hosts/chonk/nextcloud.nix
2023-11-11 01:06:36 +01:00

125 lines
2.8 KiB
Nix

{
flake,
pkgs,
config,
lib,
...
}: let
notifyPushPort = 7867;
in {
imports = [
./nextcloud-apps.nix
./nextcloud-collabora.nix
];
age.secrets.nextcloud_db_pass = {
owner = "nextcloud";
group = "nextcloud";
file = "${flake.self}/secrets/chonk_nextcloud_db_pass.age";
};
age.secrets.nextcloud_admin_pass = {
owner = "nextcloud";
group = "nextcloud";
file = "${flake.self}/secrets/chonk_nextcloud_admin_pass.age";
};
# HTTP
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
virtualHosts."data.gssws.de" = {
enableACME = true;
forceSSL = true;
};
};
# DATABASES
services.postgresql = {
enable = true;
package = pkgs.postgresql_11;
settings = {
max_connections = "200";
};
ensureDatabases = ["nextcloud"];
ensureUsers = [
{
name = "nextcloud";
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
}
];
};
# NOTIFY PUSH
services.nextcloud.notify_push.enable = true;
# REDIS
services.redis.servers."nextcloud".enable = true;
users.groups."redis-nextcloud".members = ["nextcloud"];
# NEXTCLOUD
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
services.nextcloud = {
enable = true;
package = pkgs.nextcloud27;
enableBrokenCiphersForSSE = false;
hostName = "data.gssws.de";
https = true;
datadir = "/mnt/internal/nextcloud";
caching.apcu = true;
caching.redis = true;
phpPackage = lib.mkForce pkgs.php82;
poolSettings = {
"pm" = "dynamic";
"pm.max_children" = "128";
"pm.start_servers" = "64";
"pm.min_spare_servers" = "32";
"pm.max_spare_servers" = "76";
"pm.max_requests" = "500";
};
phpOptions = {
short_open_tag = "Off";
expose_php = "Off";
error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT";
display_errors = "stderr";
"opcache.enable_cli" = "1";
"opcache.interned_strings_buffer" = "32";
"opcache.max_accelerated_files" = "100000";
"opcache.memory_consumption" = "256";
"opcache.revalidate_freq" = "1";
"opcache.fast_shutdown" = "1";
"openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt";
catch_workers_output = "yes";
};
config = {
overwriteProtocol = "https";
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "127.0.0.1:5432";
dbname = "nextcloud";
dbpassFile = "/run/agenix/nextcloud_db_pass";
adminpassFile = "/run/agenix/nextcloud_admin_pass";
adminuser = "admin";
trustedProxies = ["80.244.242.2"];
defaultPhoneRegion = "DE";
};
};
}