More individualizing. Pretty cool

modules/system/services/server/nextcloud/default.nix

@@ -0,0 +1,33 @@
+{ config, lib, pkgs, ... }:
+{
+  imports = [
+    ./nginx
+    ./user
+  ];
+
+  config = lib.mkIf config.services.nextcloud.enable {
+    services.nextcloud = {
+      package = pkgs.nextcloud30;
+      hostName = "files.nixfox.ca";
+      https = true;
+      config = {
+        adminuser = config.sysusers.main;
+        adminpassFile = "${pkgs.writeText "initial" config.secrets.initialPass}";
+      };
+      settings = {
+        trusted_proxies = [ "127.0.0.1" ];
+        trusted_domains = [ config.services.nextcloud.hostName ];
+        overwriteprotocol = "https";
+        mail_smtphost = "mx.nixfox.ca";
+        mail_domain = "nixfox.ca";
+        mail_from_address = "noreply";
+        mail_smtpauth = "true";
+        mail_smtpname = "noreply@nixfox.ca";
+        mail_smtppassword = config.secrets.mailPass.nixfoxNoReply;
+        mail_smtpmode = "smtp";
+        mail_smtpport = 587;
+      };
+    };
+    environment.persistence."/persist".directories = [ "/var/lib/nextcloud" ];
+  };
+}

modules/system/services/server/nextcloud/nginx/default.nix

@@ -0,0 +1,18 @@
+{ config, lib, ... }:
+{
+  services.nginx.virtualHosts."files.nixfox.ca" = lib.mkIf config.services.nextcloud.enable {
+    enableACME = true;
+    addSSL = true;
+    locations."/" = {
+      proxyWebsockets = true;
+      extraConfig = ''
+        location /.well-known/carddav {
+          return 301 $scheme://$host/remote.php/dav;
+        }
+        location /.well-known/caldav {
+          return 301 $scheme://$host/remote.php/dav;
+        }
+     '';
+    };
+  };
+}

modules/system/services/server/nextcloud/user/default.nix

@@ -0,0 +1,12 @@
+{ config, lib, ... }:
+{
+  users = lib.mkIf config.services.nextcloud.enable {
+    users.nextcloud = {
+      group = "nextcloud";
+      extraGroups = [ "nfsShare" ];
+      isSystemUser = true;
+      uid = 218;
+    };
+    groups.nextcloud = {};
+  };
+}