tilpner/nextcloud.nix Secret

## nextcloud.nix
{ config, pkgs, lib, ... }:

let
  cfg = config.services.nextcloud;
  domain = "...";
  wrappers = config.security.wrapperDir;
  pg = config.services.postgresql.package;
in {
  services.nextcloud = {
    enable = true;

    hostName = domain;
    https = true;

    nginx.enable = true;
    maxUploadSize = "2048M";

    caching = {
      apcu = true;
      redis = true;
    };

    config = {
      dbtype = "pgsql";
      dbuser = "nextcloud";
      dbhost = "/tmp"; # nextcloud will add /.s.PGSQL.5432 by itself
      dbname = "nextcloud";
      adminuser = "root";
      adminpassFile = "${config.services.nextcloud.home}/adminpass";
    };
  };

  /*nixpkgs.overlays = [ (self: super: {
    inherit (pkgs.nixos-unstable-small) nextcloud;
  }) ];*/

  services.redis.enable = true;

  services.nginx.virtualHosts.${domain} = {
    forceSSL = true;
    enableACME = true;
  };

  services.postgresql = {
    enable = true;
    /*initialScript = pkgs.writeText "psql-init" ''
      CREATE ROLE nextcloud WITH LOGIN;
      CREATE DATABASE nextcloud WITH OWNER nextcloud;
    '';*/
  };

  # ensure that postgres is running *before* running the setup
  systemd.services.nextcloud-setup = {
    requires = [ "postgresql.service" ];
    after = [ "postgresql.service" ];

    preStart = lib.mkBefore ''
      if ! test -e "${cfg.home}/db-created"; then
        ${wrappers}/sudo -u postgres \
          ${pg}/bin/createuser \
            --login \
            --no-createdb \
            --no-createrole \
            --encrypted \
            nextcloud

        ${wrappers}/sudo -u postgres \
          ${pg}/bin/createdb \
            --owner=nextcloud \
            --encoding=UTF8 \
            nextcloud

        touch "${cfg.home}/db-created"
      fi
    '';
  };
}
	{ config, pkgs, lib, ... }:

	let
	cfg = config.services.nextcloud;
	domain = "...";
	wrappers = config.security.wrapperDir;
	pg = config.services.postgresql.package;
	in {
	services.nextcloud = {
	enable = true;

	hostName = domain;
	https = true;

	nginx.enable = true;
	maxUploadSize = "2048M";

	caching = {
	apcu = true;
	redis = true;
	};

	config = {
	dbtype = "pgsql";
	dbuser = "nextcloud";
	dbhost = "/tmp"; # nextcloud will add /.s.PGSQL.5432 by itself
	dbname = "nextcloud";
	adminuser = "root";
	adminpassFile = "${config.services.nextcloud.home}/adminpass";
	};
	};

	/*nixpkgs.overlays = [ (self: super: {
	inherit (pkgs.nixos-unstable-small) nextcloud;
	}) ];*/

	services.redis.enable = true;

	services.nginx.virtualHosts.${domain} = {
	forceSSL = true;
	enableACME = true;
	};

	services.postgresql = {
	enable = true;
	/*initialScript = pkgs.writeText "psql-init" ''
	CREATE ROLE nextcloud WITH LOGIN;
	CREATE DATABASE nextcloud WITH OWNER nextcloud;
	'';*/
	};

	# ensure that postgres is running before running the setup
	systemd.services.nextcloud-setup = {
	requires = [ "postgresql.service" ];
	after = [ "postgresql.service" ];

	preStart = lib.mkBefore ''
	if ! test -e "${cfg.home}/db-created"; then
	${wrappers}/sudo -u postgres \
	${pg}/bin/createuser \
	--login \
	--no-createdb \
	--no-createrole \
	--encrypted \
	nextcloud

	${wrappers}/sudo -u postgres \
	${pg}/bin/createdb \
	--owner=nextcloud \
	--encoding=UTF8 \
	nextcloud

	touch "${cfg.home}/db-created"
	fi
	'';
	};
	}