# NixOps configuration for the hosts running Nextcloud { config, pkgs, lib, ... }: { imports = [ ../secrets/nextcloud.nix ]; services.nextcloud = { enable = true; # Enable Nextcloud hostName = "cloud.mcwhirter.io"; # FQDN for the Nextcloud instance https = true; # Use HTTPS for links config = { # Configure Nextcloud dbtype = "pgsql"; # Set the database type dbname = "nextcloud"; # Set the database name dbhost = "/run/postgresql"; # Set the database connection dbuser = "nextcloud"; # Set the database user dbpassFile = "/run/keys/nextcloud-dbpass"; # Where to find the database password adminpassFile = "/run/keys/nextcloud-admin"; # Where to find the admin password adminuser = "root"; # Set the admin user name overwriteProtocol = "https"; # Force Nextcloud to always use HTTPS defaultPhoneRegion = "AU"; # Country code for automatic phone-number detection }; autoUpdateApps = { enable = true; # Run regular auto update of all apps installed startAt = "01:00:00"; # When to run the update }; package = pkgs.nextcloud22; }; services.postgresql = { enable = true; # Ensure postgresql is enabled ensureDatabases = [ "nextcloud" ]; # Ensure the database persists ensureUsers = [{ name = "nextcloud"; # Ensure the database user persists ensurePermissions = { # Ensure the database permissions persist "DATABASE nextcloud" = "ALL PRIVILEGES"; "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; }; }]; }; services.nginx = { enable = true; # Enable Nginx recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts."cloud.mcwhirter.io" = { # Nextcloud hostname enableACME = true; # Use ACME certs forceSSL = true; # Force SSL }; virtualHosts."owncloud.mcwhirter.io" = { # Hostname to be redirected globalRedirect = "cloud.mcwhirter.io"; # Redirect permanently to the host }; }; systemd.services."nextcloud-setup" = { # Ensure PostgreSQL is running first requires = [ "postgresql.service" ]; after = [ "postgresql.service" ]; }; security.acme = { acceptTerms = true; certs = { "cloud.mcwhirter.io" = { email = "craige@mcwhirter.io"; }; }; }; users.groups.keys.members = [ "nextcloud" ]; # Required due to NixOps issue #1204 users.groups.nextcloud.members = [ "nextcloud" ]; # Added for keys permissions networking.firewall.allowedTCPPorts = [ 80 443 ]; # Open the required firewall ports }