nextcloud: init on server2

1 files changed, 78 insertions, 0 deletions

diff --git a/modules/by-name/ne/nextcloud/module.nix b/modules/by-name/ne/nextcloud/module.nix
new file mode 100644
index 0000000..2e40970
--- /dev/null
+++ b/modules/by-name/ne/nextcloud/module.nix
@@ -0,0 +1,78 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  cfg = config.vhack.nextcloud;
+in {
+  options.vhack.nextcloud = {
+    enable = lib.mkEnableOption "a sophisticated nextcloud setup";
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.nextcloud31;
+      description = "The nextcloud package to use";
+    };
+    hostname = lib.mkOption {
+      type = lib.types.str;
+      description = "The nextcloud hostname (fqdn)";
+    };
+    adminpassFile = lib.mkOption {
+      type = lib.types.path;
+      description = "The age encrypted admin password file";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    vhack = {
+      nginx.enable = true;
+      postgresql.enable = true;
+      persist.directories = [
+        "/var/lib/nextcloud"
+      ];
+    };
+    age.secrets = {
+      adminpassFile = {
+        file = cfg.adminpassFile;
+        mode = "0700";
+        owner = "nextcloud";
+        group = "nextcloud";
+      };
+    };
+
+    services = {
+      nextcloud = {
+        enable = true;
+        configureRedis = true;
+        config = {
+          adminuser = "admin";
+          adminpassFile = config.age.secrets.adminpassFile.path;
+          dbname = "nextcloud";
+          dbuser = "nextcloud";
+          dbtype = "pgsql";
+        };
+        database.createLocally = true;
+        hostName = cfg.hostname;
+        https = true;
+        maxUploadSize = "5G";
+        package = cfg.package;
+        settings = {
+          default_phone_region = "DE";
+        };
+      };
+      nginx.virtualHosts.${cfg.hostname} = {
+        forceSSL = true;
+        enableACME = true;
+      };
+    };
+    users = {
+      users = {
+        "nextcloud".uid = config.vhack.constants.ids.uids.nextcloud;
+        "redis-nextcloud".uid = config.vhack.constants.ids.uids.redis-nextcloud;
+      };
+      groups = {
+        "nextcloud".gid = config.vhack.constants.ids.gids.nextcloud;
+        "redis-nextcloud".gid = config.vhack.constants.ids.gids.redis-nextcloud;
+      };
+    };
+  };
+}