nixos nextcloud setup with collabora

gistfile1.txt

{ config, pkgs, lib, ... }:
{
  imports = [
    <nixpkgs/nixos/modules/virtualisation/linode-image.nix>
  ];

  services.nextcloud = {
    enable = true;
    package = pkgs.nextcloud27;
    hostName = "cloud.my-nextcloud.domain";
    datadir = "/var/lib/nextcloud-data";
	config.adminpassFile = "${pkgs.writeText "adminpass" "<your pwd here"}";
    config.dbtype = "mysql";
    config.dbuser = "nextcloud";
    config.dbname = "nextcloud";
    # config.dbhost = "localhost";
    # config.dbpassFile = "/var/nextcloud-dbpass";
    https = true;
    database.createLocally = true;
    appstoreEnable = true;
    logLevel=0;
  };

  security.acme = {
    acceptTerms = true;
    defaults.email = "me@myemail.com";
  };


  # location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/) {

  # new nginx block.
  services.nginx.virtualHosts."cloud.my-nextcloud.domain" = {
    enableACME = true;
    forceSSL = true;
    locations = { 
      "/".proxyWebsockets = true;
      # uh, equals what?
      "~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/)" = {};
      };
  };

  # old block
  # services.nginx.virtualHosts."cloud.my-nextcloud.domain" = {
  #   enableACME = true;
  #   forceSSL = true;
  #   locations."/".proxyWebsockets = true;
  # };

  services.nginx.virtualHosts."office.my-nextcloud.domain" = {
    forceSSL = true;
    enableACME = true;
    locations = {
      # static files
      "^~ /loleaflet" = {
        proxyPass = "http://localhost:9980";
        extraConfig = ''
          proxy_set_header Host $host;
        '';
      };
      # WOPI discovery URL
      "^~ /hosting/discovery" = {
        proxyPass = "http://localhost:9980";
        extraConfig = ''
          proxy_set_header Host $host;
        '';
      };

      # Capabilities
      "^~ /hosting/capabilities" = {
        proxyPass = "http://localhost:9980";
        extraConfig = ''
          proxy_set_header Host $host;
        '';
      };

      # download, presentation, image upload and websocket
      "~ ^/lool" = {
        proxyPass = "http://localhost:9980";
        extraConfig = ''
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "Upgrade";
          proxy_set_header Host $host;
          proxy_read_timeout 36000s;
        '';
      };

      # Admin Console websocket
      "^~ /lool/adminws" = {
        proxyPass = "http://localhost:9980";
        extraConfig = ''
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "Upgrade";
          proxy_set_header Host $host;
          proxy_read_timeout 36000s;
        '';
      };
    };
  };

  virtualisation.oci-containers = {
    backend = "docker";
    containers.collabora = {
      image = "collabora/code";
      imageFile = pkgs.dockerTools.pullImage {
        imageName = "collabora/code";
        imageDigest = "sha256:aab41379baf5652832e9237fcc06a768096a5a7fccc66cf8bd4fdb06d2cbba7f";
        sha256 = "sha256-M66lynhzaOEFnE15Sy1N6lBbGDxwNw6ap+IUJAvoCLs=";
      };
      ports = ["9980:9980"];
      environment = {
        domain = "cloud.my-nextcloud.domain";
        extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
      };
      extraOptions = ["--cap-add" "MKNOD"];
    };
  };

  environment.systemPackages = with pkgs; [
    helix
    # appimage-run
    # mysql
  ];

  networking = {
    # hostName = "cloud.my-nextcloud.domain"; # Define your hostname.
    # firewall.allowedTCPPorts = [22 80 443 8000 8010 9001 8001 9000];
    firewall.allowedTCPPorts = [22 80 443];
  };
  

  system.stateVersion = "23.05";
}