{ config, pkgs, ... }@all: with all; let user = "nextcloud"; in { sops.secrets = let ss = { owner = user; group = user; mode = "600"; }; in { "nx2site/nextcloud/admin_pass" = ss; "nx2site/nextcloud/db_pass" = ss; "nx2site/nextcloud/lennart_pass" = ss; "nx2site/nextcloud/daniel_pass" = ss; "nx2site/nextcloud/diane_pass" = ss; "nx2site/nextcloud/georg_pass" = ss; "nx2site/nextcloud/tessa_pass" = ss; "nx2site/smtp2go/nextcloud_api_key" = ss; }; users.users."${user}" = { isSystemUser = true; isNormalUser = false; group = user; }; # users.groups."${user}" = {}; users.groups.nextcloud.members = [ "nextcloud" config.services.nginx.user ]; services.nextcloud = { enable = true; hostName = "n.${hyper.domain}"; # Need to manually increment with every major upgrade. package = pkgs.nextcloud33; # Let NixOS install and configure the database automatically. # database.createLocally = false; # Let NixOS install and configure Redis caching automatically. configureRedis = true; # Increase the maximum file upload size. maxUploadSize = "16G"; https = true; # autoUpdateApps.enable = true; appstoreEnable = false; extraAppsEnable = true; extraApps = with config.services.nextcloud.package.packages.apps; { inherit calendar contacts mail notes tasks; }; settings = { overwriteProtocol = "https"; default_phone_region = "DE"; # # local # "mail_smtpmode" = "smtp"; # "mail_smtphost" = "127.0.0.1"; # "mail_smtpport" = 2525; # "mail_from_address" = "nextcloud"; # "mail_domain" = hyper.domain; # "mail_smtpsecure" = ""; # = STARTTLS "mail_smtpmode" = "smtp"; "mail_smtphost" = "mail-eu.smtp2go.com"; "mail_smtpport" = 2525; "mail_from_address" = "nextcloud"; "mail_domain" = hyper.domain; "mail_smtpsecure" = ""; # = STARTTLS "mail_smtpauth" = true; "mail_smtpauthtype" = "LOGIN"; "mail_smtpname" = "nextcloud@${hyper.domain}"; }; secrets."mail_smtppassword" = config.sops.secrets."nx2site/smtp2go/nextcloud_api_key".path; # secrets.settings."mail_smtppassword" = config.sops.secrets."nx2site/maddy/nextcloud_password".path; config = { adminpassFile = config.sops.secrets."nx2site/nextcloud/admin_pass".path; dbtype = "pgsql"; adminuser = "nextcloud"; # dbhost = "localhost:5432"; dbhost = "/run/postgresql"; dbname = "nextcloud"; dbuser = "nextcloud"; dbpassFile = config.sops.secrets."nx2site/nextcloud/db_pass".path; }; phpOptions = { "memory_limit" = pkgs.lib.mkForce "2G"; "opcache.interned_strings_buffer" = "16"; }; }; systemd.services.nextcloud-ensure-users = let users = pkgs.lib.mergeAttrsList (pkgs.lib.map (name: { "${name}" = { email = "${name}@nx2.site"; passwordFile = config.sops.secrets."nx2site/nextcloud/${name}_pass".path; }; }) [ "lennart" "daniel" "diane" "georg" "tessa" ]); in { enable = true; script = let occ = "${config.services.nextcloud.occ}/bin/nextcloud-occ"; in /* bash */ '' ${pkgs.lib.optionalString (users != {}) '' ${pkgs.lib.concatStringsSep "\n" (pkgs.lib.mapAttrsToList (name: cfg: '' if ${occ} user:info "${name}" | grep "user not found"; then export OC_PASS="$(cat ${pkgs.lib.escapeShellArg cfg.passwordFile})" ${occ} user:add --password-from-env "${name}" fi ${pkgs.lib.optionalString (cfg.email != null) '' ${occ} user:setting "${name}" settings email "${cfg.email}" ''} '') users)} ''} ''; wantedBy = [ "multi-user.target" ]; after = [ "nextcloud-setup.service" ]; }; services.phpfpm.pools.nextcloud.settings = pkgs.lib.mkIf config.services.nextcloud.enable { "listen.owner" = config.services.nginx.user; "listen.group" = config.services.nginx.group; }; }