kylekrein/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos-config/systems/x86_64-linux/stargate/services/nextcloud.nix

173 lines
5 KiB
Nix
Raw Blame History

{
lib,
pkgs,
inputs,
namespace,
system,
target,
format,
virtual,
systems,
config,
...
}:
with lib;
with lib.custom; let
# find link here: https://apps.nextcloud.com/
intros = pkgs.fetchNextcloudApp {
sha256 = "sha256-qcr81qUd3Sd7nTzoDoc63IXiVXlyZ/s+3RMCAxbMoTo=";
url = "https://packages.framasoft.org/projects/nextcloud-apps/intros/intros-1.2.0-frama.tar.gz";
license = "gpl3";
};
external = pkgs.fetchNextcloudApp {
sha256 = "sha256-xVrnahqgXIXjk9gukrFgpwZiT2poUIDl83xV8hXPisw=";
url = "https://github.com/nextcloud-releases/external/releases/download/v6.0.2/external-v6.0.2.tar.gz";
license = "gpl3";
};
welcome = pkgs.fetchNextcloudApp {
sha256 = "sha256-tiSkoIiqGrkawpzWgNvTIgGwzM4OjYVKNp42A+6UmlE=";
url = "https://github.com/nextcloud-releases/welcome/releases/download/v1.3.0/welcome-v1.3.0.tar.gz";
license = "gpl3";
};
in {
sops.secrets."services/nextcloud/dbPassword" = {owner = "nextcloud";};
sops.secrets."services/nextcloud/whiteboard" = {owner = "nextcloud";};
services.nextcloud = {
enable = true;
package = pkgs.nextcloud32;
database.createLocally = true;
config = {
dbtype = "pgsql";
adminpassFile = config.sops.secrets."services/nextcloud/dbPassword".path;
};
phpOptions = {
"opcache.interned_strings_buffer" = "64";
"opcache.memory_consumption" = "256";
};
settings = {
"maintenance_window_start" = 1;
log_type = "syslog";
default_locale = "ru_RU";
default_phone_region = "DE";
allow_user_to_change_display_name = true;
enabledPreviewProviders = [
"OC\\Preview\\BMP"
"OC\\Preview\\GIF"
"OC\\Preview\\JPEG"
"OC\\Preview\\Krita"
"OC\\Preview\\MarkDown"
"OC\\Preview\\MP3"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\PNG"
"OC\\Preview\\TXT"
"OC\\Preview\\XBitmap"
"OC\\Preview\\Movie"
"OC\\Preview\\MSOffice2003"
"OC\\Preview\\MSOffice2007"
"OC\\Preview\\MSOfficeDoc"
"OC\\Preview\\PDF"
"OC\\Preview\\Photoshop"
"OC\\Preview\\SVG"
"OC\\Preview\\TIFF"
];
};
hostName = "nextcloud.kylekrein.com";
https = true;
# https://github.com/NixOS/nixpkgs/blob/nixpkgs-unstable/pkgs/servers/nextcloud/packages/nextcloud-apps.json
extraApps = {
inherit
(config.services.nextcloud.package.packages.apps)
contacts
calendar
tasks
whiteboard
#twofactor_totp
spreed
integration_paperless
deck
notes
bookmarks
richdocuments
mail
;
inherit
intros
external
#welcome
;
};
autoUpdateApps.enable = true;
extraAppsEnable = true;
configureRedis = true;
#appstoreEnable = true;
};
environment.systemPackages = with pkgs; [
config.services.nextcloud.occ
];
services.nextcloud-whiteboard-server = {
enable = true;
settings = {
NEXTCLOUD_URL = "https://nextcloud.kylekrein.com";
};
secrets = [
config.sops.secrets."services/nextcloud/whiteboard".path
];
};
# https://diogotc.com/blog/collabora-nextcloud-nixos/
services.collabora-online = {
enable = true;
port = 9980;
settings = {
# Rely on reverse proxy for SSL
ssl = {
enable = false;
termination = true;
};
# Listen on loopback interface only, and accept requests from ::1
net = {
listen = "loopback";
post_allow.host = ["::1"];
};
# Restrict loading documents from WOPI Host nextcloud.kylekrein.com
storage.wopi = {
"@allow" = true;
host = ["nextcloud.kylekrein.com"];
};
# Set FQDN of server
server_name = "collabora.kylekrein.com";
};
};
systemd.services.nextcloud-config-collabora = let
inherit (config.services.nextcloud) occ;
wopi_url = "http://[::1]:${toString config.services.collabora-online.port}";
public_wopi_url = "https://collabora.kylekrein.com";
wopi_allowlist = lib.concatStringsSep "," [
"127.0.0.1"
"::1"
];
in {
wantedBy = ["multi-user.target"];
after = ["nextcloud-setup.service" "coolwsd.service"];
requires = ["coolwsd.service"];
script = ''
${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
${occ}/bin/nextcloud-occ richdocuments:setup
'';
serviceConfig = {
Type = "oneshot";
};
};
networking.hosts = {
"127.0.0.1" = ["nextcloud.kylekrein.com" "collabora.kylekrein.com"];
"::1" = ["nextcloud.kylekrein.com" "collabora.kylekrein.com"];
};
# https://najigram.com/2024/01/setup-signaling-server-high-performance-backend-for-nextcloud-talk/
}
Reference in a new issue View git blame Copy permalink