Clean up Nextcloud config

2025-04-01 00:39:43 +03:00 · 2025-04-01 00:39:43 +03:00 · 8bde1eb549
commit 8bde1eb549
parent c544ae4771
2 changed files with 44 additions and 29 deletions
--- a/machine-confs/nextcloud.nix
+++ b/machine-confs/nextcloud.nix
@ -1,6 +1,7 @@
 { ... }:
 {
  networking.hostName = "nextcloud";
+  custom.nextcloud_domain = "nextcloud.vsinerva.fi";

  imports = [
    ../base.nix
--- a/services/nextcloud.nix
+++ b/services/nextcloud.nix
@ -1,39 +1,53 @@
-{ config, pkgs, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 {
  imports = [ ./cert-store-client.nix ];

-  networking.firewall.allowedTCPPorts = [ 443 ];
-  networking.firewall.allowedUDPPorts = [ 443 ];
+  options.custom.nextcloud_domain = lib.mkOption {
+    type = lib.types.str;
+    description = "Domain used by Nextcloud";
+  };

-  services = {
-    nextcloud = {
-      package = pkgs.nextcloud31;
-      enable = true;
-      hostName = "nextcloud.vsinerva.fi";
-      autoUpdateApps.enable = true;
-      https = true;
-      maxUploadSize = "10G";
-      config = {
-        adminpassFile = "/var/lib/nextcloud/adminpass";
+  config = {
+    networking.firewall.allowedTCPPorts = [ 443 ];
+
+    services = {
+      nextcloud = {
+        package = pkgs.nextcloud31;
+        enable = true;
+        hostName = config.custom.nextcloud_domain;
+        autoUpdateApps.enable = true;
+        https = true;
+        maxUploadSize = "512M"; # Default
+        config = {
+          adminpassFile = "/var/lib/nextcloud/adminpass";
+        };
+        settings = {
+          overwriteprotocol = "https";
+          default_phone_region = "FI";
+          maintenance_window_start = 1;
+        };
+        phpOptions = {
+          "opcache.interned_strings_buffer" = 32;
+        };
      };
-      settings = {
-        overwriteprotocol = "https";
-        maintenancce_window_start = 1;
-        opcache.interned_strings_buffer = 32;
-      };
-    };

-    nginx = {
-      recommendedGzipSettings = true;
-      recommendedOptimisation = true;
-      recommendedTlsSettings = true;
-      recommendedProxySettings = true;
+      nginx = {
+        recommendedGzipSettings = true;
+        recommendedOptimisation = true;
+        recommendedTlsSettings = true;
+        recommendedProxySettings = true;

-      virtualHosts.${config.services.nextcloud.hostName} = {
-        forceSSL = true;
-        kTLS = true;
-        sslCertificate = "/mnt/acme/fullchain.pem";
-        sslCertificateKey = "/mnt/acme/key.pem";
+        virtualHosts.${config.services.nextcloud.hostName} = {
+          forceSSL = true;
+          kTLS = true;
+          sslCertificate = "/mnt/acme/fullchain.pem";
+          sslCertificateKey = "/mnt/acme/key.pem";
+        };
      };
    };
  };