{ _class = "clan.service"; manifest.name = "nextcloud"; manifest.description = "Nextcloud server, a safe home for all your data"; manifest.categories = [ "System" ]; roles.default = { interface = { lib, pkgs, ... }: { options = { domain = lib.mkOption { type = lib.types.str; default = "cloud"; description = "Sub domain for Nextcloud to run."; }; package = lib.mkOption { type = lib.types.package; description = "Which package to use for the Nextcloud instance."; }; }; }; perInstance = { settings, ... }: { nixosModule = { config, pkgs, ... }: let domain = "${settings.domain}.${config.networking.fqdn}"; nextcloudUser = "nextcloud"; in { clan.core.vars.generators.nextcloud = { files = { adminpassFile = { owner = nextcloudUser; group = nextcloudUser; secret = true; }; }; script = '' xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/adminpassFile ''; runtimeInputs = [ pkgs.xkcdpass ]; }; services.nextcloud = { enable = true; hostName = domain; package = pkgs.nextcloud31; database.createLocally = true; config = { dbtype = "pgsql"; dbhost = "/run/postgresql"; dbuser = nextcloudUser; dbname = nextcloudUser; adminuser = "admin"; adminpassFile = config.clan.core.vars.generators.nextcloud.files.adminpassFile.path; }; settings = { overwriteprotocol = "https"; trusted_domains = [ ]; trusted_proxies = [ ]; }; }; services.nginx.virtualHosts."${domain}" = { useACMEHost = "${config.networking.fqdn}"; forceSSL = true; }; }; }; }; }