{ config, pkgs, lib, ... }: { imports = [ ./cert-store-client.nix ]; options.custom.nextcloud_domain = lib.mkOption { type = lib.types.str; description = "Domain used by Nextcloud"; }; config = { networking.firewall.allowedTCPPorts = [ 443 ]; services = { nextcloud = { package = pkgs.nextcloud31; enable = true; hostName = config.custom.nextcloud_domain; autoUpdateApps.enable = true; https = true; maxUploadSize = "512M"; # Default config = { adminpassFile = "/var/lib/nextcloud/adminpass"; }; settings = { overwriteprotocol = "https"; default_phone_region = "FI"; maintenance_window_start = 1; }; phpOptions = { "opcache.interned_strings_buffer" = 32; }; }; nginx = { recommendedGzipSettings = true; recommendedOptimisation = true; recommendedTlsSettings = true; recommendedProxySettings = true; virtualHosts.${config.services.nextcloud.hostName} = { forceSSL = true; kTLS = true; sslCertificate = "/mnt/acme/fullchain.pem"; sslCertificateKey = "/mnt/acme/key.pem"; }; }; }; }; }