nixos/hosts/architect/nextcloud.nix

{ pkgs, config, lib, ... }:

let
  domain = "cloud.giugl.io";
  redis_port = 6379;

  utilities = import ./utilities.nix { inherit lib config; };
  inherit (utilities) architectInterfaceAddress;
in
{
  age.secrets = {
    nextcloud-admin = {
      file = ../../secrets/nextcloud-admin.age;
      owner = "nextcloud";
      group ="nginx";
    };
    nextcloud-database = {
      file = ../../secrets/nextcloud-database.age;
      owner = "nextcloud";
      group = "nginx";
    };
  };

  environment.systemPackages = with pkgs; [
    nodejs-18_x
    libtensorflow
    ffmpeg
  ];

  services = {
    nginx.virtualHosts.${domain} = {
      forceSSL = true;
      enableACME = true;
      extraConfig = ''
        aio threads;
        directio 1M;
        output_buffers 3 1M;

        sendfile on;
        sendfile_max_chunk 0;

        autoindex on;
      '';
    };

    mysql = {
      enable = true;
      package = pkgs.mariadb_1011;
    };

    redis = {
      vmOverCommit = true;
      servers."nextcloud" = {
        enable = true;
        port = redis_port;
      };
    };

    nextcloud = {
      enable = true;
      hostName = domain;
      https = true;
      package = pkgs.nextcloud30;
      datadir = "/services/nextcloud";
      configureRedis = true;
      caching = {
        redis = true;
      };

      autoUpdateApps.enable = true;
      autoUpdateApps.startAt = "05:00:00";

      maxUploadSize = "50G";

      settings = {
        overwriteprotocol = "https";
      };

      config = {
        dbtype = "mysql";
        dbuser = "nextcloud";
        dbhost = "localhost";
        dbname = "nextcloud";
        dbpassFile = config.age.secrets.nextcloud-database.path;
        adminpassFile = config.age.secrets.nextcloud-admin.path;
      };
    };
  };

  systemd.services."nextcloud-setup" = {
    requires = [ "mysql.service" ];
    after = [ "mysql.service" ];
  };

  networking.extraHosts = ''
    ${architectInterfaceAddress "lan"} ${domain}
    ${architectInterfaceAddress "tailscale"} ${domain}
  '';

}
architect: services use new networking attrset 2023-05-12 22:05:10 +01:00			`{ pkgs, config, lib, ... }:`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00
removed implicit use of network.nix. use domain names in each service conf file. restrict access to gdevices to sensitive services. 2021-12-08 16:39:00 +00:00			`let`
			`domain = "cloud.giugl.io";`
nextcloud: Updates to service 2022-10-28 12:32:49 +01:00			`redis_port = 6379;`
architect: services use new networking attrset 2023-05-12 22:05:10 +01:00
			`utilities = import ./utilities.nix { inherit lib config; };`
			`inherit (utilities) architectInterfaceAddress;`
Formatting 2023-02-11 02:29:48 +00:00			`in`
			`{`
feat(nextcloud): switch to age-protected secrets 2024-12-06 21:17:00 +00:00			`age.secrets = {`
			`nextcloud-admin = {`
			`file = ../../secrets/nextcloud-admin.age;`
			`owner = "nextcloud";`
fix(nextcloud.nix): add group "nginx" to nextcloud-admin and nextcloud-database secrets 2024-12-09 10:36:10 +00:00			`group ="nginx";`
feat(nextcloud): switch to age-protected secrets 2024-12-06 21:17:00 +00:00			`};`
			`nextcloud-database = {`
			`file = ../../secrets/nextcloud-database.age;`
			`owner = "nextcloud";`
fix(nextcloud.nix): add group "nginx" to nextcloud-admin and nextcloud-database secrets 2024-12-09 10:36:10 +00:00			`group = "nginx";`
feat(nextcloud): switch to age-protected secrets 2024-12-06 21:17:00 +00:00			`};`
			`};`

nextcloud: fixed mariadb 10.11. add nodejs, ffmpeg and libtensorflow in system packages for recognize, the plugin 2023-06-11 00:30:34 +01:00			`environment.systemPackages = with pkgs; [`
			`nodejs-18_x`
			`libtensorflow`
			`ffmpeg`
			`];`

moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00			`services = {`
architect: services use new networking attrset 2023-05-12 22:05:10 +01:00			`nginx.virtualHosts.${domain} = {`
			`forceSSL = true;`
			`enableACME = true;`
nextcloud: push to 27 2023-06-26 22:24:04 +01:00			`extraConfig = ''`
			`aio threads;`
			`directio 1M;`
			`output_buffers 3 1M;`

			`sendfile on;`
			`sendfile_max_chunk 0;`

			`autoindex on;`
			`'';`
architect: services use new networking attrset 2023-05-12 22:05:10 +01:00			`};`
nextcloud: switched to mariadb. increased max upload size to 50GB 2023-06-05 03:43:42 +01:00
nextcloud: Updates to service 2022-10-28 12:32:49 +01:00			`mysql = {`
			`enable = true;`
nextcloud: fixed mariadb 10.11. add nodejs, ffmpeg and libtensorflow in system packages for recognize, the plugin 2023-06-11 00:30:34 +01:00			`package = pkgs.mariadb_1011;`
nextcloud: Updates to service 2022-10-28 12:32:49 +01:00			`};`
formatting 2021-11-25 11:42:32 +00:00
nextcloud: Updates to service 2022-10-28 12:32:49 +01:00			`redis = {`
			`vmOverCommit = true;`
			`servers."nextcloud" = {`
			`enable = true;`
			`port = redis_port;`
			`};`
			`};`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00
			`nextcloud = {`
			`enable = true;`
nextcloud: Updates to service 2022-10-28 12:32:49 +01:00			`hostName = domain;`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00			`https = true;`
fix(nextcloud.nix): update Nextcloud package to version 30 2024-11-17 20:30:21 +00:00			`package = pkgs.nextcloud30;`
flake: Removed proxy host 2022-12-01 13:28:10 +00:00			`datadir = "/services/nextcloud";`
nextcloud: switched to mariadb. increased max upload size to 50GB 2023-06-05 03:43:42 +01:00			`configureRedis = true;`
nextcloud: Updates to service 2022-10-28 12:32:49 +01:00			`caching = {`
			`redis = true;`
			`};`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00
			`autoUpdateApps.enable = true;`
			`autoUpdateApps.startAt = "05:00:00";`

nextcloud: switched to mariadb. increased max upload size to 50GB 2023-06-05 03:43:42 +01:00			`maxUploadSize = "50G";`
nextcloud: fixed mariadb 10.11. add nodejs, ffmpeg and libtensorflow in system packages for recognize, the plugin 2023-06-11 00:30:34 +01:00
Bump to 24.05 2024-06-01 11:41:26 +01:00			`settings = {`
			`overwriteprotocol = "https";`
			`};`
feat(nextcloud): switch to age-protected secrets 2024-12-06 21:17:00 +00:00
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00			`config = {`
			`dbtype = "mysql";`
nextcloud: switched to mariadb. increased max upload size to 50GB 2023-06-05 03:43:42 +01:00			`dbuser = "nextcloud";`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00			`dbhost = "localhost";`
nextcloud: switched to mariadb. increased max upload size to 50GB 2023-06-05 03:43:42 +01:00			`dbname = "nextcloud";`
feat(nextcloud): switch to age-protected secrets 2024-12-06 21:17:00 +00:00			`dbpassFile = config.age.secrets.nextcloud-database.path;`
			`adminpassFile = config.age.secrets.nextcloud-admin.path;`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00			`};`
			`};`
			`};`

			`systemd.services."nextcloud-setup" = {`
formatting 2021-11-25 11:42:32 +00:00			`requires = [ "mysql.service" ];`
			`after = [ "mysql.service" ];`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00			`};`

			`networking.extraHosts = ''`
architect: services use new networking attrset 2023-05-12 22:05:10 +01:00			`${architectInterfaceAddress "lan"} ${domain}`
			`${architectInterfaceAddress "tailscale"} ${domain}`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00			`'';`

			`}`