initial commit

2026-04-01 08:50:01 +03:00 · 2026-04-01 08:50:01 +03:00 · 30ce0dafc2
commit 30ce0dafc2
195 changed files with 8902 additions and 0 deletions
--- a/services/nextcloud/database.nix
+++ b/services/nextcloud/database.nix
@ -0,0 +1,32 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  pgsqlEnable = config.machine.postgresql.enable;
+  cfg = config.machine.nextcloud;
+in
+with lib; mkIf cfg.enable {
+  services.nextcloud.config =
+    if pgsqlEnable then
+      {
+        dbtype = "pgsql";
+        dbhost = "localhost:${toString config.machine.postgresql.port}";
+      }
+    else
+      {
+        dbtype = "sqlite";
+        dbhost = "localhost";
+      };
+
+  services.postgresql = with lib; mkIf pgsqlEnable {
+    ensureDatabases = [ "nextcloud" ];
+    ensureUsers = [
+      {
+        name = "nextcloud";
+        ensureDBOwnership = true;
+      }
+    ];
+  };
+}
--- a/services/nextcloud/default.nix
+++ b/services/nextcloud/default.nix
@ -0,0 +1,8 @@
+{
+  imports = [
+    ./database.nix
+    ./mail.nix
+    ./options.nix
+    ./service.nix
+  ];
+}
--- a/services/nextcloud/mail.nix
+++ b/services/nextcloud/mail.nix
@ -0,0 +1,40 @@
+{
+  config,
+  lib,
+  sec,
+  ...
+}:
+let
+  inherit (config.machine.nextcloud)
+    enable
+    host
+    ;
+  address = "noreply@${host}";
+in
+with lib; mkIf enable {
+  services.nextcloud = {
+    settings = {
+      mail_smtpmode = "smtp";
+      mail_sendmailmode = "smtp";
+      mail_smtpsecure = "ssl";
+      mail_domain = host;
+      mail_from_address = "noreply";
+      mail_smtpname = address;
+      mail_smtphost = config.machine.mail.fqdn;
+      mail_smtpport = 465;
+      mail_smtpauth = true;
+    };
+    secrets = {
+      mail_smtppassword = sec."mail/servicePassword".path;
+    };
+  };
+
+  mailserver = {
+    domains = [ host ];
+    accounts.${address} = {
+      hashedPasswordFile = sec."mail/serviceHashedPassword".path;
+      aliases = [ ];
+      sendOnly = true;
+    };
+  };
+}
--- a/services/nextcloud/options.nix
+++ b/services/nextcloud/options.nix
@ -0,0 +1,12 @@
+{ lib, ... }:
+with lib;
+{
+  options.machine.nextcloud = {
+    enable = mkEnableOption "Nextcloud";
+    host = mkOption {
+      type = types.str;
+      default = "localhost";
+      description = "FQDN for the nextcloud instance.";
+    };
+  };
+}
--- a/services/nextcloud/service.nix
+++ b/services/nextcloud/service.nix
@ -0,0 +1,44 @@
+{
+  pkgs,
+  config,
+  lib,
+  sec,
+  ...
+}:
+let
+  cfg = config.machine.nextcloud;
+in
+with lib; mkIf cfg.enable {
+  services.nextcloud = {
+    inherit enable;
+    appstoreEnable = false;
+    autoUpdateApps.enable = false;
+    config.adminpassFile = sec."nextcloud/adminPassword".path;
+    hostName = cfg.host;
+    package = pkgs.nextcloud33;
+    https = if cfg.host == "localhost" then false else true;
+    settings = {
+      default_phone_region = "RU";
+      log_type = "file";
+      loglevel = 1;
+    };
+    extraAppsEnable = true;
+    extraApps = with pkgs.nextcloud33Packages.apps; {
+      inherit
+        mail
+        contacts
+        collectives
+        impersonate
+        ;
+    };
+  };
+
+  services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
+    forceSSL = true;
+    enableACME = true;
+  };
+
+  sops.secrets = {
+    "nextcloud/adminPassword" = { };
+  };
+}