{ config, lib, pkgs, unstable, ... }: let dn = "staff.tfcconnection.org"; in with lib; { # security.acme = { # acceptTerms = true; # # defaults = { # # email = "chris@tfcconnection.org"; # # # dnsProvider = "cloudflare"; # # # location of your CLOUDFLARE_DNS_API_TOKEN=[value] # # # https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#EnvironmentFile= # # environmentFile = "/REPLACE/WITH/YOUR/PATH"; # # }; # }; services = { # caddy = { # virtualHosts = { # "${dn}".extraConfig = '' # encode gzip # reverse_proxy localhost:8080 # redir /.well-known/carddav /remote.php/dav 301 # redir /.well-known/caldav /remote.php/dav 301 # header { # Strict-Transport-Security "max-age=15768000; includeSubDomains; reload;" # Access-Control-Allow-Origin * # Referrer-Policy no-referrer-when-downgrade # } # redir /.well-known/oidc-configuration /apps/oidc/openid-configuration 301 # handle_path /whiteboard/* { # reverse_proxy http://127.0.0.1:3002 # } # ''; # }; # }; nextcloud = { enable = true; hostName = dn; home = "/storage/nextcloud"; # Need to manually increment with every major upgrade. package = pkgs.nextcloud31; # Let NixOS install and configure the database automatically. database.createLocally = true; # Let NixOS install and configure Redis caching automatically. configureRedis = true; # Increase the maximum file upload size. maxUploadSize = "25G"; https = true; autoUpdateApps.enable = true; extraAppsEnable = true; appstoreEnable = true; extraApps = with config.services.nextcloud.package.packages.apps; { # List of apps we want to install and are already packaged in # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json inherit calendar contacts collectives deck integration_openai mail groupfolders memories tasks user_oidc app_api previewgenerator richdocuments; # Custom app example. # socialsharing_telegram = pkgs.fetchNextcloudApp rec { # url = # "https://github.com/nextcloud-releases/socialsharing/releases/download/v3.0.1/socialsharing_telegram-v3.0.1.tar.gz"; # license = "agpl3"; # sha256 = "sha256-8XyOslMmzxmX2QsVzYzIJKNw6rVWJ7uDhU1jaKJ0Q8k="; # }; }; settings = { overwriteWebroot = "staff.tfcconnection.org"; overwriteProtocol = "https"; default_phone_region = "US"; trusted_domains = [ dn ]; trusted_proxies = [ "127.0.0.1" "24.225.22.143" "0.0.0.0" ]; maintenance_window_start = 1; }; config = { dbtype = "pgsql"; adminuser = "admin"; adminpassFile = "/post"; }; notify_push = { enable = true; }; # Suggested by Nextcloud's health check. phpOptions."opcache.interned_strings_buffer" = "16"; }; }; services.nginx.virtualHosts.${dn} = { forceSSL = true; enableACME = true; }; services.phpfpm.pools.nextcloud.settings = { "listen.owner" = config.services.nginx.user; "listen.group" = config.services.nginx.group; }; # users.users.caddy.extraGroups = [ "nextcloud" ]; users.users.chris.extraGroups = [ "nextcloud" ]; systemd.services.phpfpm-nextcloud.serviceConfig.StateDirectoryMode = lib.mkForce "0770"; environment.systemPackages = with pkgs; [ nextcloud31 # for nextcloud memories unstable.exiftool unstable.exif ffmpeg_6 nodejs_20 unstable.perl540Packages.ImageExifTool ]; #Collabora Containers virtualisation.oci-containers.containers.collabora = { image = "docker.io/collabora/code:latest"; ports = [ "9980:9980/tcp" ]; environment = { server_name = "office.tfcconnection.org"; aliasgroup1 = "https://staff.tfcconnection.org:443"; dictionaries = "en_US"; username = "username"; password = "password"; extra_params = "--o:ssl.enable=false --o:ssl.termination=true"; }; extraOptions = [ "--pull=newer" ]; }; #Collabora Virtual Hosts services.nginx.virtualHosts.${config.virtualisation.oci-containers.containers.collabora.environment.server_name} = { enableACME = true; forceSSL = true; extraConfig = '' # static files location ^~ /browser { proxy_pass http://127.0.0.1:9980; proxy_set_header Host $host; } # WOPI discovery URL location ^~ /hosting/discovery { proxy_pass http://127.0.0.1:9980; proxy_set_header Host $host; } # Capabilities location ^~ /hosting/capabilities { proxy_pass http://127.0.0.1:9980; proxy_set_header Host $host; } # main websocket location ~ ^/cool/(.*)/ws$ { proxy_pass http://127.0.0.1:9980; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_read_timeout 36000s; } # download, presentation and image upload location ~ ^/(c|l)ool { proxy_pass http://127.0.0.1:9980; proxy_set_header Host $host; } # Admin Console websocket location ^~ /cool/adminws { proxy_pass http://127.0.0.1:9980; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_read_timeout 36000s; } ''; }; }