125 lines
2.8 KiB
Nix
125 lines
2.8 KiB
Nix
{
|
|
flake,
|
|
pkgs,
|
|
config,
|
|
lib,
|
|
...
|
|
}: let
|
|
notifyPushPort = 7867;
|
|
in {
|
|
imports = [
|
|
./nextcloud-apps.nix
|
|
./nextcloud-collabora.nix
|
|
];
|
|
|
|
age.secrets.nextcloud_db_pass = {
|
|
owner = "nextcloud";
|
|
group = "nextcloud";
|
|
file = "${flake.self}/secrets/chonk_nextcloud_db_pass.age";
|
|
};
|
|
|
|
age.secrets.nextcloud_admin_pass = {
|
|
owner = "nextcloud";
|
|
group = "nextcloud";
|
|
file = "${flake.self}/secrets/chonk_nextcloud_admin_pass.age";
|
|
};
|
|
|
|
# HTTP
|
|
services.nginx = {
|
|
enable = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
|
|
virtualHosts."data.gssws.de" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
};
|
|
};
|
|
|
|
# DATABASES
|
|
services.postgresql = {
|
|
enable = true;
|
|
package = pkgs.postgresql_11;
|
|
|
|
settings = {
|
|
max_connections = "200";
|
|
};
|
|
|
|
ensureDatabases = ["nextcloud"];
|
|
ensureUsers = [
|
|
{
|
|
name = "nextcloud";
|
|
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
|
|
}
|
|
];
|
|
};
|
|
|
|
# NOTIFY PUSH
|
|
services.nextcloud.notify_push.enable = true;
|
|
|
|
# REDIS
|
|
services.redis.servers."nextcloud".enable = true;
|
|
users.groups."redis-nextcloud".members = ["nextcloud"];
|
|
|
|
# NEXTCLOUD
|
|
systemd.services."nextcloud-setup" = {
|
|
requires = ["postgresql.service"];
|
|
after = ["postgresql.service"];
|
|
};
|
|
|
|
services.nextcloud = {
|
|
enable = true;
|
|
package = pkgs.nextcloud27;
|
|
enableBrokenCiphersForSSE = false;
|
|
hostName = "data.gssws.de";
|
|
https = true;
|
|
datadir = "/mnt/internal/nextcloud";
|
|
|
|
caching.apcu = true;
|
|
caching.redis = true;
|
|
|
|
phpPackage = lib.mkForce pkgs.php82;
|
|
|
|
poolSettings = {
|
|
"pm" = "dynamic";
|
|
"pm.max_children" = "128";
|
|
"pm.start_servers" = "64";
|
|
"pm.min_spare_servers" = "32";
|
|
"pm.max_spare_servers" = "76";
|
|
"pm.max_requests" = "500";
|
|
};
|
|
|
|
phpOptions = {
|
|
short_open_tag = "Off";
|
|
expose_php = "Off";
|
|
error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT";
|
|
display_errors = "stderr";
|
|
"opcache.enable_cli" = "1";
|
|
"opcache.interned_strings_buffer" = "32";
|
|
"opcache.max_accelerated_files" = "100000";
|
|
"opcache.memory_consumption" = "256";
|
|
"opcache.revalidate_freq" = "1";
|
|
"opcache.fast_shutdown" = "1";
|
|
"openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt";
|
|
catch_workers_output = "yes";
|
|
};
|
|
|
|
config = {
|
|
overwriteProtocol = "https";
|
|
|
|
dbtype = "pgsql";
|
|
dbuser = "nextcloud";
|
|
dbhost = "127.0.0.1:5432";
|
|
dbname = "nextcloud";
|
|
dbpassFile = "/run/agenix/nextcloud_db_pass";
|
|
adminpassFile = "/run/agenix/nextcloud_admin_pass";
|
|
adminuser = "admin";
|
|
|
|
trustedProxies = ["80.244.242.2"];
|
|
defaultPhoneRegion = "DE";
|
|
};
|
|
};
|
|
}
|