feat: add nextcloud

rpi4.nix

@@ -27,6 +27,7 @@ in with builtins; {
     ./services/owntracks.nix
     ./services/miniflux.nix
     ./services/paperless.nix
+    ./services/nextcloud.nix
   ];
 
   nixpkgs.config.allowUnfree = true;
@@ -66,6 +67,7 @@ in with builtins; {
     passwordFile = "/etc/nixos/secrets/cfdyndns-apikey";
     domains = [
       "home.felschr.com"
+      "cloud.felschr.com"
       "media.felschr.com"
       "news.felschr.com"
       "mqtt.felschr.com"

services/nextcloud.nix

@@ -0,0 +1,39 @@
+{ config, pkgs, ... }:
+
+let host = "cloud.felschr.com";
+in {
+  services.nextcloud = {
+    enable = true;
+    package = pkgs.nextcloud23;
+    hostName = host;
+    https = true;
+    maxUploadSize = "10G";
+    config = {
+      adminuser = "admin";
+      adminpassFile = "/etc/nixos/secrets/nextcloud/admin";
+      dbtype = "pgsql";
+      dbhost = "/run/postgresql";
+    };
+    autoUpdateApps.enable = true;
+  };
+
+  services.nginx.virtualHosts.${hostName} = {
+    forceSSL = true;
+    enableACME = true;
+  };
+
+  services.postgresql = with config.services.nextcloud.config; {
+    enable = true;
+    ensureDatabases = [ dbname ];
+    ensureUsers = [{
+      name = dbuser;
+      ensurePermissions."DATABASE ${dbname}" = "ALL PRIVILEGES";
+    }];
+  };
+
+  # ensure that postgres is running *before* running the setup
+  systemd.services."nextcloud-setup" = {
+    requires = [ "postgresql.service" ];
+    after = [ "postgresql.service" ];
+  };
+}