diff --git a/services/self_host/nextcloud.nix b/services/self_host/nextcloud.nix index b101fa4..5e8b2d6 100644 --- a/services/self_host/nextcloud.nix +++ b/services/self_host/nextcloud.nix @@ -2,6 +2,8 @@ let cfg = config.service.selfhost.nextcloud; + nextcloud-admin-pass = config.age.secrets."nextcloud-admin-pass".path; + nextcloud-database = config.age.secrets."nextcloud-database".path; dataDir = "/mnt/data/nextcloud"; in { @@ -16,10 +18,51 @@ in ]; }; - systemd.tmpfiles.rules = [ - "d /mnt/data 2770 root datausers -" - ]; + systemd = { + tmpfiles.rules = [ + "d /mnt/data 2770 root datausers -" + "d /mnt/data/nextcloud 0750 nextcloud nextcloud -" + "d /mnt/data/nextcloud/config 0750 nextcloud nextcloud -" + "d /mnt/data/nextcloud/data 0750 nextcloud nextcloud -" + ]; + services."nextcloud-setup" = { + requires = [ + "postgresql.service" + ]; + after = [ + "postgresql.service" + ]; + }; + }; + services = { + postgresql = { + enable = true; + ensureDatabases = [ + "nextcloud" + ]; + ensureUsers = [ + { + name = "nextcloud"; + ensureDBOwnership = true; + } + ]; + }; + postgresqlBackup = { + enable = true; + location = "/data/backup/nextclouddb"; + databases = [ + "nextcloud" + ]; + startAt = "*-*-* 23:15:00"; + }; + redis.servers.nextcloud = { + enable = true; + user = "nextcloud"; + group = "nextcloud"; + unixSocket = "/run/redis-nextcloud/redis.sock"; + unixSocketPerm = 770; + }; nextcloud = { enable = true; https = true; @@ -27,9 +70,13 @@ in hostName = "nextcloud.enium.eu"; datadir = dataDir; config = { - adminpassFile = "/etc/nextcloud-pass.txt"; + adminpassFile = nextcloud-admin-pass; adminuser = "OwnedByTheEniumTeam"; - dbtype = "sqlite"; + dbtype = "pgsql"; + dbname = "nextcloud"; + dbhost = "localhost"; + dbuser = "nextcloud"; + dbpassFile = nextcloud-database; }; settings = { trusted_domains = [ @@ -38,6 +85,7 @@ in ]; default_phone_region = "FR"; }; + configureRedis = true; }; nginx.virtualHosts."nextcloud.enium.eu" = { enableACME = true;