{ config, lib, pkgs, unstable, ... }: let dn = "staff.tfcconnection.org"; in with lib; { services = { nextcloud = { enable = true; hostName = dn; home = "/storage/nextcloud"; # Need to manually increment with every major upgrade. package = pkgs.nextcloud31; # Let NixOS install and configure the database automatically. database.createLocally = true; # Let NixOS install and configure Redis caching automatically. configureRedis = true; # Increase the maximum file upload size. maxUploadSize = "25G"; https = true; autoUpdateApps.enable = true; extraAppsEnable = true; appstoreEnable = true; webfinger = true; extraApps = with config.services.nextcloud.package.packages.apps; { # List of apps we want to install and are already packaged in # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json inherit calendar contacts collectives recognize deck integration_openai mail groupfolders memories tasks app_api previewgenerator richdocuments; # Custom app example. # socialsharing_telegram = pkgs.fetchNextcloudApp rec { # url = # "https://github.com/nextcloud-releases/socialsharing/releases/download/v3.0.1/socialsharing_telegram-v3.0.1.tar.gz"; # license = "agpl3"; # sha256 = "sha256-8XyOslMmzxmX2QsVzYzIJKNw6rVWJ7uDhU1jaKJ0Q8k="; # }; }; settings = { overwriteWebroot = "staff.tfcconnection.org"; overwriteProtocol = "https"; default_phone_region = "US"; trusted_domains = [ dn ]; trusted_proxies = [ "127.0.0.1" "24.225.22.143" "0.0.0.0" ]; maintenance_window_start = 1; preview_libreoffice_path = "${pkgs.libreoffice}/bin/libreoffice"; log_type = "file"; enabledPreviewProviders = [ "OC\Preview\BMP" "OC\Preview\GIF" "OC\Preview\JPEG" "OC\Preview\Krita" "OC\Preview\MarkDown" "OC\Preview\MP3" "OC\Preview\OpenDocument" "OC\Preview\PNG" "OC\Preview\HEIC" "OC\Preview\SVG" "OC\Preview\MSOfficeDoc" "OC\Preview\MSOffice2007" "OC\Preview\Movie" "OC\Preview\Font" "OC\Preview\TXT" "OC\Preview\XBitmap" ]; }; config = { dbtype = "pgsql"; adminuser = "admin"; adminpassFile = "/post"; }; notify_push = { enable = true; package = unstable.nextcloud-notify_push; }; # Suggested by Nextcloud's health check. phpOptions = { "opcache.interned_strings_buffer" = "32"; "opcache.buffer" = "256"; }; }; }; services.nginx.virtualHosts.${dn} = { forceSSL = true; enableACME = true; }; services.phpfpm.pools.nextcloud.settings = { "listen.owner" = config.services.nginx.user; "listen.group" = config.services.nginx.group; }; # users.users.caddy.extraGroups = [ "nextcloud" ]; users.users.chris.extraGroups = [ "nextcloud" ]; systemd.services.phpfpm-nextcloud.serviceConfig.StateDirectoryMode = lib.mkForce "0770"; environment.systemPackages = with pkgs; [ nextcloud31 # for nextcloud memories unstable.exiftool unstable.exif ffmpeg_6 nodejs_20 unstable.perl540Packages.ImageExifTool ]; #Collabora Containers virtualisation.oci-containers.containers.collabora = { image = "docker.io/collabora/code:latest"; ports = [ "9980:9980/tcp" ]; environment = { server_name = "office.tfcconnection.org"; aliasgroup1 = "https://staff.tfcconnection.org:443"; dictionaries = "en_US"; username = "username"; password = "password"; extra_params = "--o:ssl.enable=false --o:ssl.termination=true"; }; extraOptions = [ "--pull=newer" ]; }; #Collabora Virtual Hosts services.nginx.virtualHosts.${config.virtualisation.oci-containers.containers.collabora.environment.server_name} = { enableACME = true; forceSSL = true; extraConfig = '' # static files location ^~ /browser { proxy_pass http://127.0.0.1:9980; proxy_set_header Host $host; } # WOPI discovery URL location ^~ /hosting/discovery { proxy_pass http://127.0.0.1:9980; proxy_set_header Host $host; } # Capabilities location ^~ /hosting/capabilities { proxy_pass http://127.0.0.1:9980; proxy_set_header Host $host; } # main websocket location ~ ^/cool/(.*)/ws$ { proxy_pass http://127.0.0.1:9980; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_read_timeout 36000s; } # download, presentation and image upload location ~ ^/(c|l)ool { proxy_pass http://127.0.0.1:9980; proxy_set_header Host $host; } # Admin Console websocket location ^~ /cool/adminws { proxy_pass http://127.0.0.1:9980; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_read_timeout 36000s; } ''; }; }