{
services.postgresql = {
ensureDatabases = [ "nextcloud" ];
ensureUsers = [
{
name = "nextcloud";
ensureDBOwnership = true;
}
];
};
containers.nextcloud = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.0.1";
localAddress = "192.168.0.3";
config =
{
config,
pkgs,
lib,
...
}:
{
environment.etc."nextcloud-admin-pass".text = "admin";
nixpkgs.config.allowUnfree = true;
services = {
nextcloud = {
enable = true;
hostName = "nextcloud.thewordnerd.info";
package = pkgs.nextcloud30;
configureRedis = true;
maxUploadSize = "16G";
# autoUpdateApps.enable = true;
notify_push = {
enable = true;
bendDomainToLocalhost = true;
};
webfinger = true;
settings = {
overwriteprotocol = "https";
trusted_proxies = [
"192.168.0.1"
];
default_phone_region = "US";
# loglevel = 0;
};
config = {
dbtype = "pgsql";
dbhost = "/run/postgresql";
adminpassFile = "/etc/nextcloud-admin-pass";
};
phpOptions."opcache.interned_strings_buffer" = "23";
};
resolved.enable = true;
};
programs.nix-ld.enable = true;
networking = {
firewall.allowedTCPPorts = [ 80 ];
useHostResolvConf = lib.mkForce false;
};
virtualisation.docker.enable = true;
users.users.nextcloud.extraGroups = [ "docker" ];
environment.systemPackages = [
(pkgs.writeScriptBin "occ" ''
#!${pkgs.bash}/bin/bash
exec nextcloud-occ "$@"
'')
];
};
# https://discourse.nixos.org/t/podman-docker-in-nixos-container-ideally-in-unprivileged-one/22909/12
additionalCapabilities = [
''all" --system-call-filter="add_key keyctl bpf" --capability="all''
];
bindMounts = {
"/run/postgresql" = {
hostPath = "/run/postgresql";
};
};
};
services.caddy.virtualHosts."nextcloud.thewordnerd.info".extraConfig = ''
reverse_proxy nextcloud
header Strict-Transport-Security max-age=31536000;
'';
services.caddy.virtualHosts."collabora.thewordnerd.info".extraConfig = ''
reverse_proxy nextcloud:9980
'';
}