feat(self_host/nextcloud): the nextcloud is now using a postgrep database

2025-12-16 15:13:07 +01:00 · 2025-12-16 15:13:07 +01:00 · 8f654ef58e
commit 8f654ef58e
parent e9903081fe
1 changed files with 53 additions and 5 deletions
--- a/services/self_host/nextcloud.nix
+++ b/services/self_host/nextcloud.nix
@ -2,6 +2,8 @@

 let
  cfg = config.service.selfhost.nextcloud;
+  nextcloud-admin-pass = config.age.secrets."nextcloud-admin-pass".path;
+  nextcloud-database = config.age.secrets."nextcloud-database".path;
  dataDir = "/mnt/data/nextcloud";
 in
  {
@ -16,10 +18,51 @@ in
      ];
    };

-    systemd.tmpfiles.rules = [
-      "d /mnt/data 2770 root datausers -"
-    ];
+    systemd = {
+      tmpfiles.rules = [
+        "d /mnt/data 2770 root datausers -"
+        "d /mnt/data/nextcloud 0750 nextcloud nextcloud -"
+        "d /mnt/data/nextcloud/config 0750 nextcloud nextcloud -"
+        "d /mnt/data/nextcloud/data 0750 nextcloud nextcloud -"
+      ];
+      services."nextcloud-setup" = {
+        requires = [
+          "postgresql.service"
+        ];
+        after = [
+          "postgresql.service"
+        ];
+      };
+    };
+
    services = {
+      postgresql = {
+        enable = true;
+        ensureDatabases = [
+          "nextcloud"
+        ];
+        ensureUsers = [
+          {
+            name = "nextcloud";
+            ensureDBOwnership = true;
+          }
+        ];
+      };
+      postgresqlBackup = {
+        enable = true;
+        location = "/data/backup/nextclouddb";
+        databases = [
+          "nextcloud"
+        ];
+        startAt = "*-*-* 23:15:00";
+      };
+      redis.servers.nextcloud = {
+        enable = true;
+        user = "nextcloud";
+        group = "nextcloud";
+        unixSocket = "/run/redis-nextcloud/redis.sock";
+        unixSocketPerm = 770;
+      };
      nextcloud = {
        enable = true;
        https = true;
@ -27,9 +70,13 @@ in
        hostName = "nextcloud.enium.eu";
        datadir = dataDir;
        config = {
-          adminpassFile = "/etc/nextcloud-pass.txt";
+          adminpassFile = nextcloud-admin-pass;
          adminuser = "OwnedByTheEniumTeam";
-          dbtype = "sqlite";
+          dbtype = "pgsql";
+          dbname = "nextcloud";
+          dbhost = "localhost";
+          dbuser = "nextcloud";
+          dbpassFile = nextcloud-database;
        };
        settings = {
          trusted_domains = [
@ -38,6 +85,7 @@ in
          ];
          default_phone_region = "FR";
        };
+        configureRedis = true;
      };
      nginx.virtualHosts."nextcloud.enium.eu" = {
        enableACME = true;