{ config, lib, pkgs, ... }: let cfg = config.services.nextcloud-instance; in { options.services.nextcloud-instance = { enable = lib.mkEnableOption "Enable the Nextcloud instance"; instanceFQDN = lib.mkOption { type = lib.types.str; example = "nextcloud.example.com"; description = "Fully qualified domain name of the Nextcloud instance"; }; ssl = lib.mkOption { type = lib.types.bool; default = true; description = "Use SSL and auto-update certificates"; }; }; config = lib.mkIf cfg.enable { environment.etc."nc-admin-pass.txt".text = "replace-me-with-a-sops-secret"; services.nextcloud = { # Instance enable = true; hostName = cfg.instanceFQDN; https = cfg.ssl; configureRedis = true; # DB config.dbtype = "pgsql"; config.dbhost = "/run/postgresql"; config.adminpassFile = "/etc/nc-admin-pass.txt"; # FIXME: sops #Mail settings = { mail_smtpmode = "sendmail"; mail_sendmailmode = "pipe"; }; # Apps extraAppsEnable = true; extraApps = { inherit (config.services.nextcloud.package.packages.apps) calendar contacts maps tasks ; drop_account = pkgs.fetchNextcloudApp { sha256 = "sha256-AAWAR5i8moGlyGMaNqJwQPqPAHqWvIf4mvZ4U0dfg/A="; url = "https://packages.framasoft.org/projects/nextcloud-apps/drop-account/drop_account-2.7.1.tar.gz"; license = "agpl3Only"; }; }; }; # SSL setup services.nginx.virtualHosts.${cfg.instanceFQDN} = lib.mkIf cfg.ssl { forceSSL = true; enableACME = true; }; security.acme = lib.mkIf cfg.ssl { acceptTerms = true; certs = { ${cfg.instanceFQDN}.email = "jonas.roeger+acme@gmail.com"; }; }; # DB setup services.postgresql = { enable = true; ensureDatabases = ["nextcloud"]; ensureUsers = [ { name = "nextcloud"; ensureDBOwnership = true; } ]; }; }; }