nixos/services/self_host/nextcloud.nix

{ config, pkgs, lib, ... }:

let
  cfg = config.service.selfhost.nextcloud;
  nextcloud-admin-pass = config.age.secrets."nextcloud-admin-pass".path;
  nextcloud-database = config.age.secrets."nextcloud-database".path;
  dataDir = "/mnt/data/nextcloud";
in
  {
  config = lib.mkIf cfg {
    environment.systemPackages = with pkgs; [
      php
    ];
    users = {
      groups.datausers = { };
      users.nextcloud.extraGroups = [
        "datausers"
      ];
    };

    systemd = {
      tmpfiles.rules = [
        "d /mnt/data 2770 root datausers -"
        "d /mnt/data/nextcloud 0750 nextcloud nextcloud -"
        "d /mnt/data/nextcloud/config 0750 nextcloud nextcloud -"
        "d /mnt/data/nextcloud/data 0750 nextcloud nextcloud -"
      ];
      services."nextcloud-setup" = {
        requires = [
          "postgresql.service"
        ];
        after = [
          "postgresql.service"
        ];
      };
    };

    services = {
      postgresql = {
        enable = true;
        ensureDatabases = [
          "nextcloud"
        ];
        ensureUsers = [
          {
            name = "nextcloud";
            ensureDBOwnership = true;
          }
        ];
      };
      postgresqlBackup = {
        enable = true;
        location = "/data/backup/nextclouddb";
        databases = [
          "nextcloud"
        ];
        startAt = "*-*-* 23:15:00";
      };
      redis.servers.nextcloud = {
        enable = true;
        user = "nextcloud";
        group = "nextcloud";
        unixSocket = "/run/redis-nextcloud/redis.sock";
        unixSocketPerm = 770;
      };
      nextcloud = {
        enable = true;
        https = true;
        package = pkgs.nextcloud32;
        hostName = "nextcloud.enium.eu";
        datadir = dataDir;
        config = {
          adminpassFile = nextcloud-admin-pass;
          adminuser = "OwnedByTheEniumTeam";
          dbtype = "pgsql";
          dbname = "nextcloud";
          dbhost = "localhost";
          dbuser = "nextcloud";
          dbpassFile = nextcloud-database;
        };
        settings = {
          trusted_domains = [
            "192.168.1.254"
            "nextcloud.enium.eu"
          ];
          default_phone_region = "FR";
        };
        configureRedis = true;
      };
      nginx.virtualHosts."nextcloud.enium.eu" = {
        enableACME = true;
        forceSSL = true;
        locations."~ \.php$".extraConfig = ''
          fastcgi_pass unix:/run/phpfpm-nextcloud.sock;
        '';
      };
    };
  };
}