nixos-conf/modules/services/nextcloud.nix

{
  config,
  lib,
  pkgs,
  ...
}:
let
  cfg = config.custom.nextcloud;
in
{
  options.custom = {
    nextcloud = {
      enable = lib.mkOption {
        type = lib.types.bool;
        default = false;
      };
      domain = lib.mkOption {
        type = with lib.types; nullOr str;
        default = null;
      };
      collabora = {
        enable = lib.mkOption {
          type = lib.types.bool;
          default = false;
        };
        domain = lib.mkOption {
          type = with lib.types; nullOr str;
          default = null;
        };
      };
    };
  };

  config = lib.mkIf cfg.enable (
    lib.mkMerge [
      {
        custom = {
          nginxHttpsServer.enable = true;
          certStoreClient.enable = true;
        };

        environment.persistence."/persist".directories = [
          {
            directory = config.services.nextcloud.home;
            user = "nextcloud";
            group = "nextcloud";
            mode = "u=rwx,g=rx,o=";
          }
        ];
        sops.secrets.admin-pass.sopsFile = ../../secrets/nextcloud.yaml;

        services = {
          nextcloud = {
            package = pkgs.nextcloud31;
            enable = true;
            hostName = cfg.domain;
            autoUpdateApps.enable = true;
            https = true;
            maxUploadSize = "512M"; # Default
            config = {
              dbtype = "sqlite";
              adminpassFile = config.sops.secrets.admin-pass.path;
            };
            settings = {
              overwriteprotocol = "https";
              default_phone_region = "FI";
              maintenance_window_start = 1;
            };
            phpOptions = {
              "opcache.interned_strings_buffer" = 32;
            };
          };

          nginx.virtualHosts.${config.services.nextcloud.hostName} = { };
        };
      }
      (
        # Optional Collabora Client
        lib.mkIf cfg.collabora.enable {
          services = {
            collabora-online = {
              enable = true;
              port = 9980; # default
              settings = {
                ssl = {
                  enable = false;
                  termination = true;
                };

                net = {
                  listen = "loopback";
                  post_allow.host = [
                    "127.0.0.1"
                    "::1"
                  ];
                };

                storage.wopi = {
                  "@allow" = true;
                  host = [ config.services.nextcloud.hostName ] ++ config.services.nextcloud.settings.trusted_domains;
                };

                server_name = cfg.collabora.domain;
              };
            };

            nginx.virtualHosts.${config.services.collabora-online.settings.server_name} = {
              locations."/" = {
                proxyPass = "http://localhost:${toString config.services.collabora-online.port}";
                proxyWebsockets = true; # collabora uses websockets
              };
            };

            nextcloud = {
              appstoreEnable = true;
              extraAppsEnable = true;
              extraApps = with config.services.nextcloud.package.packages.apps; {
                inherit
                  richdocuments
                  ;
              };
            };
          };
        }
      )
    ]
  );
}
Massive refactoring into module-based approach 2025-07-06 01:16:28 +03:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}:`
			`let`
			`cfg = config.custom.nextcloud;`
			`in`
			`{`
			`options.custom = {`
			`nextcloud = {`
			`enable = lib.mkOption {`
			`type = lib.types.bool;`
			`default = false;`
			`};`
			`domain = lib.mkOption {`
			`type = with lib.types; nullOr str;`
			`default = null;`
			`};`
			`collabora = {`
			`enable = lib.mkOption {`
			`type = lib.types.bool;`
			`default = false;`
			`};`
			`domain = lib.mkOption {`
			`type = with lib.types; nullOr str;`
			`default = null;`
			`};`
			`};`
			`};`
			`};`

			`config = lib.mkIf cfg.enable (`
			`lib.mkMerge [`
			`{`
			`custom = {`
			`nginxHttpsServer.enable = true;`
			`certStoreClient.enable = true;`
			`};`

			`environment.persistence."/persist".directories = [`
			`{`
			`directory = config.services.nextcloud.home;`
			`user = "nextcloud";`
			`group = "nextcloud";`
			`mode = "u=rwx,g=rx,o=";`
			`}`
			`];`
			`sops.secrets.admin-pass.sopsFile = ../../secrets/nextcloud.yaml;`

			`services = {`
			`nextcloud = {`
			`package = pkgs.nextcloud31;`
			`enable = true;`
			`hostName = cfg.domain;`
			`autoUpdateApps.enable = true;`
			`https = true;`
			`maxUploadSize = "512M"; # Default`
			`config = {`
			`dbtype = "sqlite";`
			`adminpassFile = config.sops.secrets.admin-pass.path;`
			`};`
			`settings = {`
			`overwriteprotocol = "https";`
			`default_phone_region = "FI";`
			`maintenance_window_start = 1;`
			`};`
			`phpOptions = {`
			`"opcache.interned_strings_buffer" = 32;`
			`};`
			`};`

			`nginx.virtualHosts.${config.services.nextcloud.hostName} = { };`
			`};`
			`}`
			`(`
			`# Optional Collabora Client`
			`lib.mkIf cfg.collabora.enable {`
			`services = {`
			`collabora-online = {`
			`enable = true;`
			`port = 9980; # default`
			`settings = {`
			`ssl = {`
			`enable = false;`
			`termination = true;`
			`};`

			`net = {`
			`listen = "loopback";`
			`post_allow.host = [`
			`"127.0.0.1"`
			`"::1"`
			`];`
			`};`

			`storage.wopi = {`
			`"@allow" = true;`
			`host = [ config.services.nextcloud.hostName ] ++ config.services.nextcloud.settings.trusted_domains;`
			`};`

			`server_name = cfg.collabora.domain;`
			`};`
			`};`

			`nginx.virtualHosts.${config.services.collabora-online.settings.server_name} = {`
			`locations."/" = {`
			`proxyPass = "http://localhost:${toString config.services.collabora-online.port}";`
			`proxyWebsockets = true; # collabora uses websockets`
			`};`
			`};`

			`nextcloud = {`
			`appstoreEnable = true;`
			`extraAppsEnable = true;`
			`extraApps = with config.services.nextcloud.package.packages.apps; {`
			`inherit`
			`richdocuments`
			`;`
			`};`
			`};`
			`};`
			`}`
			`)`
			`]`
			`);`
			`}`