nextcloud service

2025-07-16 14:17:11 +07:00
parent 0510e56534
commit ba9b6868e4
5 changed files with 114 additions and 0 deletions
--- a/modules/clan/nextcloud/default.nix
+++ b/modules/clan/nextcloud/default.nix
@@ -0,0 +1,83 @@
+{
+  _class = "clan.service";
+  manifest.name = "nextcloud";
+  manifest.description = "Nextcloud server, a safe home for all your data";
+  manifest.categories = [ "System" ];
+
+  roles.default = {
+    interface =
+      { lib, pkgs, ... }:
+      {
+        options = {
+          domain = lib.mkOption {
+            type = lib.types.str;
+            default = "cloud";
+            description = "Sub domain for Nextcloud to run.";
+          };
+          package = lib.mkOption {
+            type = lib.types.package;
+            description = "Which package to use for the Nextcloud instance.";
+          };
+        };
+      };
+
+    perInstance =
+      {
+        settings,
+        ...
+      }:
+      {
+        nixosModule =
+          {
+            config,
+            pkgs,
+            ...
+          }:
+          let
+            domain = "${settings.domain}.${config.networking.fqdn}";
+            nextcloudUser = "nextcloud";
+          in
+          {
+            clan.core.vars.generators.nextcloud = {
+              files = {
+                adminpassFile = {
+                  owner = nextcloudUser;
+                  group = nextcloudUser;
+                  secret = true;
+                };
+              };
+              script = ''
+                xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/adminpassFile
+              '';
+              runtimeInputs = [
+                pkgs.xkcdpass
+              ];
+            };
+            services.nextcloud = {
+              enable = true;
+              hostName = domain;
+              package = pkgs.nextcloud31;
+              database.createLocally = true;
+              config = {
+                dbtype = "pgsql";
+                dbhost = "/run/postgresql";
+                dbuser = nextcloudUser;
+                dbname = nextcloudUser;
+                adminuser = "admin";
+                adminpassFile = config.clan.core.vars.generators.nextcloud.files.adminpassFile.path;
+              };
+
+              settings = {
+                overwriteprotocol = "https";
+                trusted_domains = [ ];
+                trusted_proxies = [ ];
+              };
+            };
+            services.nginx.virtualHosts."${domain}" = {
+              useACMEHost = "${config.networking.fqdn}";
+              forceSSL = true;
+            };
+          };
+      };
+  };
+}