From 2257a6dff8fe4c8298562bc1189d57cc5c5ab629 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20R=C3=B6ger?= <jonas.roeger@tu-dortmund.de>
Date: Thu, 3 Apr 2025 14:52:56 +0200
Subject: [PATCH] first working nc setup

---
 hosts/harbor/configuration.nix          |  3 +-
 modules/services/nextcloud-instance.nix | 66 +++++++++++++++++++++----
 2 files changed, 58 insertions(+), 11 deletions(-)

diff --git a/hosts/harbor/configuration.nix b/hosts/harbor/configuration.nix
index 8b0b634..e05e211 100644
--- a/hosts/harbor/configuration.nix
+++ b/hosts/harbor/configuration.nix
@@ -36,7 +36,8 @@
   };
 
   services.nextcloud-instance.enable = true;
-  services.nextcloud-instance.instanceFQDN = "replace.me";
+  services.nextcloud-instance.ssl = false;
+  services.nextcloud-instance.instanceFQDN = "replace-me";
 
   # Allow unfree packages
   nixpkgs.config.allowUnfree = true;
diff --git a/modules/services/nextcloud-instance.nix b/modules/services/nextcloud-instance.nix
index 6d17e89..f7949be 100644
--- a/modules/services/nextcloud-instance.nix
+++ b/modules/services/nextcloud-instance.nix
@@ -14,29 +14,75 @@ in {
       example = "nextcloud.example.com";
       description = "Fully qualified domain name of the Nextcloud instance";
     };
+
+    ssl = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "Use SSL and auto-update certificates";
+    };
   };
 
   config = lib.mkIf cfg.enable {
     environment.etc."nc-admin-pass.txt".text = "replace-me-with-a-sops-secret";
 
     services.nextcloud = {
+      # Instance
       enable = true;
       hostName = cfg.instanceFQDN;
-      https = false;
-      config.dbtype = "mysql";
+      https = cfg.ssl;
+      configureRedis = true;
+
+      # DB
+      config.dbtype = "pgsql";
+      config.dbhost = "/run/postgresql";
       config.adminpassFile = "/etc/nc-admin-pass.txt"; # FIXME: sops
+
+      #Mail
+      settings = {
+        mail_smtpmode = "sendmail";
+        mail_sendmailmode = "pipe";
+      };
+
+      # Apps
+      extraAppsEnable = true;
+      extraApps = {
+        inherit
+          (config.services.nextcloud.package.packages.apps)
+          calendar
+          contacts
+          maps
+          tasks
+          ;
+        drop_account = pkgs.fetchNextcloudApp {
+          sha256 = "sha256-AAWAR5i8moGlyGMaNqJwQPqPAHqWvIf4mvZ4U0dfg/A=";
+          url = "https://packages.framasoft.org/projects/nextcloud-apps/drop-account/drop_account-2.7.1.tar.gz";
+          license = "agpl3Only";
+        };
+      };
     };
 
-    services.nginx.virtualHosts.${cfg.instanceFQDN}.listen = [
-      {
-        port = 8080;
-        addr = "0.0.0.0";
-      }
-    ];
+    # SSL setup
+    services.nginx.virtualHosts.${cfg.instanceFQDN} = lib.mkIf cfg.ssl {
+      forceSSL = true;
+      enableACME = true;
+    };
+    security.acme = lib.mkIf cfg.ssl {
+      acceptTerms = true;
+      certs = {
+        ${cfg.instanceFQDN}.email = "jonas.roeger+acme@gmail.com";
+      };
+    };
 
-    services.mysql = {
+    # DB setup
+    services.postgresql = {
       enable = true;
-      package = pkgs.mariadb;
+      ensureDatabases = ["nextcloud"];
+      ensureUsers = [
+        {
+          name = "nextcloud";
+          ensureDBOwnership = true;
+        }
+      ];
     };
   };
 }