{ lib, pkgs, config, ...} : let root_host = "grimmauld.de"; nextcloud_host = "cloud.${root_host}"; nextcloud_port = 8083; in { services.postgresql = { enable = true; ensureDatabases = [ "nextcloud" ]; ensureUsers = [ { name = "nextcloud"; ensureDBOwnership = true; } ]; }; security.acme.certs."${root_host}".extraDomainNames = [ nextcloud_host ]; age.secrets = { nextcloud_admin_pass = { file = ../secrets/nextcloud_admin_pass.age; owner = "nextcloud"; group = "nextcloud"; mode = "0600"; }; }; services.redis.servers.nextcloud = { enable = true; bind = "::1"; port = 6379; }; systemd.services.nextcloud-setup.serviceConfig.ExecStartPost = pkgs.writeScript "nextcloud-redis.sh" '' #!${pkgs.runtimeShell} nextcloud-occ config:system:set redis 'host' --value '::1' --type string nextcloud-occ config:system:set redis 'port' --value 6379 --type integer nextcloud-occ config:system:set memcache.local --value '\OC\Memcache\Redis' --type string nextcloud-occ config:system:set memcache.locking --value '\OC\Memcache\Redis' --type string ''; services.nextcloud = { enable = true; https = true; hostName = nextcloud_host; package = pkgs.nextcloud28; caching.redis = true; # extraApps = with config.services.nextcloud.package.packages.apps; [ # news contacts calendar tasks; # ]; config = { adminpassFile = config.age.secrets.nextcloud_admin_pass.path; dbuser = "nextcloud"; dbhost= "localhost:${builtins.toString config.services.postgresql.port}"; dbtype = "pgsql"; }; extraOptions = { overwriteProtocol = "https"; defaultPhoneRegion = "DE"; }; phpOptions = { "opcache.interned_strings_buffer" = "12"; }; extraOptions = { filelocking.enabled = true; redis = { host = "localhost"; port = 6379; timeout = 0.0; }; }; }; services.nginx = { enable = true; virtualHosts."${nextcloud_host}" = { serverName = nextcloud_host; forceSSL = true; useACMEHost = root_host; }; }; }