{ pkgs, config, ... }: let inherit (config.serverConfig) ports vhosts; in { services.postgresql = { enable = true; ensureDatabases = [ "nextcloud" ]; ensureUsers = [ { name = "nextcloud"; ensureDBOwnership = true; } ]; }; age.secrets = { nextcloud_admin_pass = { file = ../secrets/nextcloud_admin_pass.age; owner = "nextcloud"; group = "nextcloud"; mode = "0600"; }; nextcloud_server_key = { file = ../secrets/nextcloud_server_key.age; owner = "nextcloud"; group = "nextcloud"; mode = "0600"; }; }; services.redis.servers.nextcloud = { enable = true; bind = "::1"; port = ports.redis_nextcloud_port.port; }; systemd.services.nextcloud-setup.serviceConfig.ExecStartPost = pkgs.writeScript "nextcloud-redis.sh" '' #!${pkgs.runtimeShell} nextcloud-occ config:system:set redis 'host' --value '::1' --type string nextcloud-occ config:system:set redis '${builtins.toString config.services.redis.servers.nextcloud.port}' --value 6379 --type integer nextcloud-occ config:system:set memcache.local --value '\OC\Memcache\Redis' --type string nextcloud-occ config:system:set memcache.locking --value '\OC\Memcache\Redis' --type string ''; services.nextcloud = { enable = true; https = true; hostName = vhosts.nextcloud_host.host; package = pkgs.nextcloud30; caching.redis = true; extraApps = { inherit (config.services.nextcloud.package.packages.apps) calendar tasks; }; config = { adminpassFile = config.age.secrets.nextcloud_admin_pass.path; dbuser = "nextcloud"; dbhost = "localhost:${builtins.toString config.services.postgresql.settings.port}"; dbtype = "pgsql"; }; settings = { overwriteProtocol = "https"; defaultPhoneRegion = "DE"; filelocking.enabled = true; sseCKeyFile = config.age.secrets.nextcloud_server_key; redis = { host = "localhost"; port = config.services.redis.servers.nextcloud.port; timeout = 0.0; }; }; phpOptions = { "opcache.interned_strings_buffer" = "12"; }; }; }