{ config, lib, pkgs, ... }: { containers.nextcloud.timeoutStartSec = "10 min"; hacc.containers.nextcloud = { config = { config, lib, pkgs, ... }: { environment.systemPackages = [ pkgs.htop ]; services.nextcloud = { enable = true; # must be set manually; may not be incremented by more than one at # a time, otherwise nextcloud WILL break package = pkgs.nextcloud30; home = "/persist/nextcloud"; https = true; hostName = "cloud.infra4future.de"; config = { dbtype = "pgsql"; dbuser = "nextcloud"; dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself dbname = "nextcloud"; # socket auth does not needs this, but the module insists it does adminpassFile = "/persist/adminpassfile"; adminuser = "root"; }; # multiple pools may be doable using services.phpfpm.pools, # but i have not tried this yet. The nextcloud module defines a # pool "nextcloud" poolSettings = { pm = "dynamic"; "pm.max_children" = "32"; "pm.max_requests" = "500"; "pm.max_spare_servers" = "4"; "pm.min_spare_servers" = "2"; "pm.start_servers" = "2"; }; settings = { instanceid = "ocxlphb7fbju"; datadirectory = "/persist/nextcloud/data"; loglevel = 0; "overwrite.cli.url" = "https://cloud.infra4future.de"; }; }; services.postgresql = { enable = true; package = pkgs.postgresql_15; ensureDatabases = [ "nextcloud" ]; ensureUsers = [ { # by default, postgres has unix sockets enabled, and allows a # system user `nextcloud` to log in without other authentication name = "nextcloud"; ensureDBOwnership = true; } ]; }; services.postgresqlBackup = { enable = true; databases = [ "nextcloud" ]; startAt = "*-*-* 23:45:00"; location = "/persist/backups/postgres"; }; # ensure that postgres is running *before* running the setup systemd.services."nextcloud-setup" = { requires = ["postgresql.service"]; after = ["postgresql.service"]; }; }; }; services.nginx.virtualHosts."cloud.infra4future.de" = { locations."/".proxyPass = "http://${config.containers.nextcloud.localAddress}:80"; enableACME = true; forceSSL = true; extraConfig = '' proxy_buffering off; client_max_body_size 0; add_header Cache-Control "no-store, no-cache, must-revalidate"; ''; }; }