{ config, container, lib, pkgs, ... }: let cfg = config.container.module.cloud; postgres = config.container.module.postgres; proxy = config.container.module.proxy; in { options.container.module.cloud = { enable = lib.mkEnableOption "the file cloud service."; address = lib.mkOption { default = "10.1.0.13"; type = lib.types.str; }; port = lib.mkOption { default = 80; type = lib.types.int; }; domain = lib.mkOption { default = "cloud.${config.container.domain}"; type = lib.types.str; }; storage = lib.mkOption { default = "${config.container.storage}/cloud"; type = lib.types.str; }; }; config = lib.mkIf cfg.enable { systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ]; containers.cloud = container.mkContainer cfg { bindMounts = { "/var/lib/nextcloud" = { hostPath = "${cfg.storage}/data"; isReadOnly = false; }; }; config = { config, ... }: container.mkContainerConfig cfg { services.nextcloud = { enable = true; hostName = cfg.domain; # package = pkgs.nextcloud29; # phpOptions = { # memory_limit = lib.mkForce "20G"; # }; config = { adminpassFile = "${pkgs.writeText "NextcloudPassword" "root"}"; adminuser = "root"; dbhost = postgres.address; dbname = "nextcloud"; dbpassFile = "${pkgs.writeText "NextcloudDbPassword" "nextcloud"}"; dbtype = "pgsql"; dbuser = "nextcloud"; }; extraApps = { inherit (config.services.nextcloud.package.packages.apps) contacts calendar onlyoffice; }; extraAppsEnable = true; settings = { allow_local_remote_servers = true; trusted_domains = [ cfg.address cfg.domain ]; trusted_proxies = [ proxy.address ]; }; }; # HACK: This is required for TCP postgres connection. systemd = { services = { nextcloud-setup = { serviceConfig.PrivateNetwork = lib.mkForce false; wantedBy = lib.mkForce [ ]; }; nextcloud-update-db = { serviceConfig.PrivateNetwork = lib.mkForce false; wantedBy = lib.mkForce [ ]; }; }; timers.fixsystemd = { timerConfig = { OnBootSec = 5; Unit = "nextcloud-setup.service"; }; wantedBy = [ "timers.target" ]; }; }; }; }; }; }