{ services.postgresql = { ensureDatabases = [ "nextcloud" ]; ensureUsers = [ { name = "nextcloud"; ensureDBOwnership = true; } ]; }; containers.nextcloud = { autoStart = true; privateNetwork = true; hostAddress = "192.168.0.1"; localAddress = "192.168.0.3"; config = { config, pkgs, lib, ... }: { environment.etc."nextcloud-admin-pass".text = "admin"; nixpkgs.config.allowUnfree = true; services = { nextcloud = { enable = true; hostName = "nextcloud.thewordnerd.info"; package = pkgs.nextcloud30; configureRedis = true; maxUploadSize = "16G"; # autoUpdateApps.enable = true; notify_push = { enable = true; bendDomainToLocalhost = true; }; webfinger = true; settings = { overwriteprotocol = "https"; trusted_proxies = [ "192.168.0.1" ]; default_phone_region = "US"; # loglevel = 0; }; config = { dbtype = "pgsql"; dbhost = "/run/postgresql"; adminpassFile = "/etc/nextcloud-admin-pass"; }; phpOptions."opcache.interned_strings_buffer" = "23"; }; resolved.enable = true; }; programs.nix-ld.enable = true; networking = { firewall.allowedTCPPorts = [ 80 ]; useHostResolvConf = lib.mkForce false; }; virtualisation.docker.enable = true; users.users.nextcloud.extraGroups = [ "docker" ]; environment.systemPackages = [ (pkgs.writeScriptBin "occ" '' #!${pkgs.bash}/bin/bash exec nextcloud-occ "$@" '') ]; }; # https://discourse.nixos.org/t/podman-docker-in-nixos-container-ideally-in-unprivileged-one/22909/12 additionalCapabilities = [ ''all" --system-call-filter="add_key keyctl bpf" --capability="all'' ]; bindMounts = { "/run/postgresql" = { hostPath = "/run/postgresql"; }; }; }; services.caddy.virtualHosts."nextcloud.thewordnerd.info".extraConfig = '' reverse_proxy nextcloud header Strict-Transport-Security max-age=31536000; ''; services.caddy.virtualHosts."collabora.thewordnerd.info".extraConfig = '' reverse_proxy nextcloud:9980 ''; }