From e8a72aa38306dd2c7c07c1347c0c2e8ccf45271c Mon Sep 17 00:00:00 2001
From: a-kenji <aks.kenji@protonmail.com>
Date: Tue, 2 Apr 2024 10:32:53 +0200
Subject: [PATCH] init: nextcloud

---
 clanModules/flake-module.nix |  1 +
 clanModules/nextcloud.nix    | 82 ++++++++++++++++++++++++++++++++++++
 2 files changed, 83 insertions(+)
 create mode 100644 clanModules/nextcloud.nix

diff --git a/clanModules/flake-module.nix b/clanModules/flake-module.nix
index 24ade7af..4d40f4fb 100644
--- a/clanModules/flake-module.nix
+++ b/clanModules/flake-module.nix
@@ -12,6 +12,7 @@
     deltachat = ./deltachat.nix;
     matrix-synapse = ./matrix-synapse.nix;
     moonlight = ./moonlight.nix;
+    nextcloud = ./nextcloud.nix;
     sunshine = ./sunshine.nix;
     syncthing = ./syncthing.nix;
     sshd = ./sshd.nix;
diff --git a/clanModules/nextcloud.nix b/clanModules/nextcloud.nix
new file mode 100644
index 00000000..c78b3a07
--- /dev/null
+++ b/clanModules/nextcloud.nix
@@ -0,0 +1,82 @@
+{
+  pkgs,
+  config,
+  ...
+}:
+{
+
+   # services.nginx.virtualHosts."cloud.local".listen = [{ addr = "127.0.0.1"; port = 8009; }];
+
+
+   services = {
+    nginx.virtualHosts = {
+      "cloud.local" = {
+        # forceSSL = true;
+        # enableACME = true;
+      #  locations = {
+      #   "cloud.clan" = {
+      #     # proxyPass = "http://[::1]:6167";
+      #     proxyPass = "http://127.0.0.1/8009";
+      #     extraConfig = ''
+      #       proxy_set_header Host $host;
+      #       proxy_buffering off;
+      #     '';
+      #   };
+      # };
+
+      };
+
+      "onlyoffice.example.com" = {
+        # forceSSL = true;
+        # enableACME = true;
+      };
+    };
+  };
+
+  services.nextcloud = {
+    enable = true;
+    hostName = "cloud.local";
+    package = pkgs.nextcloud28;
+    database.createLocally = true;
+    # datadir = "/var/lib/nextcloud/data";
+    home = "/var/lib/nextcloud";
+    config = {
+      adminpassFile = "/var/lib/nextcloud/adminPassword";
+      dbtype = "pgsql";
+      dbname = "nextcloud";
+      trustedProxies = [ "localhost" "127.0.0.1" ];
+      # extraTrustedDomains = [ "cloud.local" ];
+    };
+    settings = {
+      "trusted_domains" = [ "cloud.local" ];
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    # "d '/var/lib/nextcloud' 0770 'nextcloud' 'nextcloud' - -"
+    # "d '/var/lib/nextcloud/data' 0770 'nextcloud' 'nextcloud' - -"
+    "C '/var/lib/nextcloud/adminPassword' 0644 'nextcloud' 'nextcloud' - ${
+      config.clanCore.facts.services.nextcloud.secret.adminPassword.path or ""
+    }"
+    "C '/var/lib/nextcloud/databasePassword' 0644 'nextcloud' 'nextcloud' - ${
+      config.clanCore.facts.services.nextcloud.secret.databasePassword.path or ""
+    }"
+  ];
+
+  clanCore.state.nextcloud.folders = [ "/var/lib/nextcloud" ];
+
+  clanCore.facts.services.nextcloud = {
+    secret."adminPassword" = { };
+    secret."databasePassword" = { };
+    generator.prompt = ''
+    Please set your nextcloud administration password:
+    '';
+    generator.path = [
+      pkgs.coreutils
+    ];
+    generator.script = ''
+      echo $prompt_value > "$secrets"/adminPassword
+      echo $prompt_value > "$secrets"/databasePassword
+    '';
+  };
+}