{ config, pkgs, ... }: { environment.systemPackages = with pkgs; [ # Default packages install system-wide appimage-run ]; services.nextcloud = { enable = true; hostName = "cloud.kabtop.de"; https = true; package = pkgs.nextcloud30; database.createLocally = false; notify_push.enable = true; caching = { redis = true; apcu = false; }; settings = { log_type = "file"; logfile = "nextcloud.log"; overwriteprotocol = "https"; default_phone_region = "DE"; redis = { host = "/run/redis-nextcloud/redis.sock"; port = 0; }; "memcache.local" = "\\OC\\Memcache\\Redis"; "memcache.distributed" = "\\OC\\Memcache\\Redis"; "memcache.locking" = "\\OC\\Memcache\\Redis"; "maintenance_window_start" = "1"; }; config = { dbtype = "pgsql"; dbuser = "nextcloud"; dbhost = "localhost"; dbname = "nextclouddb"; adminuser = "kabbone"; adminpassFile = config.age.secrets."services/nextcloud/adminpassFile".path; dbpassFile = config.age.secrets."services/nextcloud/dbpassFile".path; }; phpOptions = { "opcache.interned_strings_buffer" = "16"; }; #autoUpdateApps.enable = true; }; services.onlyoffice = { enable = true; hostname = "docs.cloud.kabtop.de"; postgresName = "onlyoffice"; postgresHost = "localhost"; postgresUser = "onlyoffice"; postgresPasswordFile = config.age.secrets."services/nextcloud/onlyofficedb".path; jwtSecretFile = config.age.secrets."services/nextcloud/onlyofficejwt".path; }; services.redis = { vmOverCommit = true; servers.nextcloud = { enable = true; user = "nextcloud"; port = 0; }; }; services.nginx = { enable = true; virtualHosts = { "${config.services.nextcloud.hostName}" = { enableACME = true; forceSSL = true; }; "${config.services.onlyoffice.hostname}" = { enableACME = true; forceSSL = true; }; }; }; age.secrets."services/nextcloud/dbpassFile" = { file = ../../../secrets/services/nextcloud/dbpassFile.age; owner = "nextcloud"; }; age.secrets."services/nextcloud/adminpassFile" = { file = ../../../secrets/services/nextcloud/adminpassFile.age; owner = "nextcloud"; }; age.secrets."services/nextcloud/onlyofficedb" = { file = ../../../secrets/services/nextcloud/onlyofficedb.age; owner = "onlyoffice"; }; age.secrets."services/nextcloud/onlyofficejwt" = { file = ../../../secrets/services/nextcloud/onlyofficejwt.age; owner = "onlyoffice"; }; systemd.services."nextcloud-setup" = { requires = ["postgresql.service"]; after = ["postgresql.service"]; }; security.acme.defaults.email = "webmaster@kabtop.de"; security.acme.defaults.webroot = "/var/lib/acme/acme-challenge"; security.acme.acceptTerms = true; }