kopatz/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b7fb4909c236c9bb37f4ad89e7f625b05e834907
nix-config/modules/services/nextcloud.nix
Kopatz 8a78e618bb format all
2025-10-30 21:59:31 +01:00

85 lines
2.1 KiB
Nix
Raw Blame History

{
config,
pkgs,
lib,
inputs,
vars,
...
}:
let
wireguardIp = vars.wireguardIp;
fqdn = "nextcloud.home.arpa";
useHttps = config.services.step-ca.enable;
in
{
imports = [ ./postgres.nix ];
security.acme.certs."${fqdn}".server = "https://127.0.0.1:8443/acme/kop-acme/directory";
services.nginx = {
enable = true;
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# Only allow PFS-enabled ciphers with AES256
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
# Setup Nextcloud virtual host to listen on ports
virtualHosts = {
"${fqdn}" = {
serverAliases = [ wireguardIp ];
## Force HTTP redirect to HTTPS
forceSSL = useHttps;
enableACME = useHttps;
locations."~ \\.php(?:$|/)".extraConfig = ''
client_max_body_size 20G;
'';
};
};
};
age.secrets.nextcloud-admin = {
file = ../../secrets/nextcloud-admin.age;
owner = "nextcloud";
group = "nextcloud";
};
services.nextcloud = {
enable = true;
package = pkgs.nextcloud28;
https = true;
hostName = "nextcloud.home.arpa";
config.adminpassFile = config.age.secrets.nextcloud-admin.path;
config.dbtype = "pgsql";
database.createLocally = true;
settings.trusted_domains = [
wireguardIp
"nextcloud.home.arpa"
];
home = "/mnt/250ssd/nextcloud";
extraApps = with config.services.nextcloud.package.packages.apps; {
inherit onlyoffice calendar mail;
};
phpOptions = {
upload_max_filesize = lib.mkForce "20G";
post_max_size = lib.mkForce "20G";
};
extraAppsEnable = true;
settings.enabledPreviewProviders = [
"OC\\Preview\\BMP"
"OC\\Preview\\GIF"
"OC\\Preview\\JPEG"
"OC\\Preview\\Krita"
"OC\\Preview\\MarkDown"
"OC\\Preview\\MP3"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\PNG"
"OC\\Preview\\TXT"
"OC\\Preview\\XBitmap"
"OC\\Preview\\HEIC"
];
};
}
Reference in New Issue View Git Blame Copy Permalink