Move nextcloud to nixos-modules

2025-03-21 19:50:44 +02:00 · 2025-03-21 19:50:44 +02:00 · 0abeadc533
commit 0abeadc533
parent d216ee6f3f
6 changed files with 141 additions and 125 deletions
--- a/nixos-modules/cloud/README.md
+++ b/nixos-modules/cloud/README.md
@ -0,0 +1,17 @@
+# Nextcloud
+
+Running on [cloud.qo.is](https://cloud.qo.is), contact someone from the board for administrative tasks.
+
+At this time, we do not enforce any size limits or alike.
+
+We have some globally configured shared folders for our family members.
+
+For user documentation, refer to the [upstream Nextcloud docs](https://docs.nextcloud.com/server/stable/user_manual/en/). Clients can be downloaded from [nextcloud.com/install](https://nextcloud.com/install/).
+
+## Backup / Restore
+
+1. Stop all related services: nextcloud, php-fpm, redis etc.
+2. (mabe dump redis data?)
+3. Import Database Backup
+4. Restore `/var/lib/nextcloud`, which is currently a bind mount on `lindberg`'s `/mnt/data` volume
+5. Resync nextcloud files and database, see [nextcloud docs](https://docs.nextcloud.com/server/latest/admin_manual/maintenance/restore.html)
--- a/nixos-modules/cloud/default.nix
+++ b/nixos-modules/cloud/default.nix
@ -0,0 +1,134 @@
+# Default configuration for hosts
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  cfg = config.qois.cloud;
+in
+with lib;
+{
+  options.qois.cloud = {
+    enable = mkEnableOption "Enable qois cloud service";
+
+    domain = mkOption {
+      type = types.str;
+      default = "cloud.qo.is";
+      description = "Domain, under which the service is served.";
+    };
+
+    package = mkOption {
+      type = types.package;
+      description = "Which package to use for the Nextcloud instance.";
+      relatedPackages = [
+        "nextcloud28"
+        "nextcloud29"
+        "nextcloud30"
+      ];
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    services.nginx.virtualHosts."${cfg.domain}" = {
+      forceSSL = true;
+      enableACME = true;
+      kTLS = true;
+    };
+
+    sops.secrets."nextcloud/admin" = with config.users.users.nextcloud; {
+      inherit group;
+      owner = name;
+    };
+
+    services.postgresql.enable = true;
+    qois.backup-client.includePaths = [ config.services.nextcloud.home ];
+
+    services.nextcloud = {
+      inherit (cfg) package;
+      enable = true;
+      hostName = cfg.domain;
+      https = true;
+      webfinger = true;
+      maxUploadSize = "10G";
+
+      database.createLocally = true;
+
+      config = {
+        adminpassFile = config.sops.secrets."nextcloud/admin".path;
+        adminuser = "root";
+        dbtype = "pgsql";
+      };
+
+      appstoreEnable = false;
+      extraApps = {
+        inherit (config.services.nextcloud.package.passthru.packages.apps)
+          calendar
+          contacts
+          deck
+          groupfolders
+          maps
+          memories
+          music
+          news
+          notes
+          notify_push
+          tasks
+          twofactor_webauthn
+          ;
+      };
+
+      phpOptions = {
+        "opcache.interned_strings_buffer" = "23";
+      };
+
+      poolSettings = {
+        "pm" = "dynamic";
+        "pm.max_children" = "256";
+        "pm.max_requests" = "500";
+        "pm.max_spare_servers" = "16";
+        "pm.min_spare_servers" = "2";
+        "pm.start_servers" = "8";
+      };
+
+      configureRedis = true;
+      caching.redis = true;
+
+      notify_push = {
+        enable = true;
+        bendDomainToLocalhost = true;
+      };
+
+      settings = {
+        log_type = "syslog";
+        syslog_tag = "nextcloud";
+        "memories.exiftool" = "${lib.getExe pkgs.exiftool}";
+        "memories.vod.ffmpeg" = "${lib.getExe pkgs.ffmpeg-headless}";
+        "memories.vod.ffprobe" = "${pkgs.ffmpeg-headless}/bin/ffprobe";
+        preview_ffmpeg_path = "${lib.getExe pkgs.ffmpeg-headless}";
+        mail_smtpmode = "sendmail";
+        mail_domain = "qo.is";
+        default_phone_region = "CH";
+      };
+    };
+
+    services.phpfpm.pools.nextcloud.settings = {
+      "pm.max_children" = lib.mkForce "256";
+      "pm.max_spare_servers" = lib.mkForce "16";
+      "pm.start_servers" = lib.mkForce "8";
+    };
+
+    users.users.nextcloud.extraGroups = [ "postdrop" ];
+
+    systemd.services.nextcloud-cron = {
+      path = [ pkgs.perl ];
+    };
+
+    environment.systemPackages = with pkgs; [
+      nodejs # required for Recognize
+    ];
+  };
+}