nixos-hypervisor/services/nextcloud/default.nix

{
  lib,
  config,
  pkgs,
  ...
}: let
  cfg = config.services.vm_nextcloud;
in {
  options.services.vm_nextcloud = {
    enable = lib.mkEnableOption "Enable minimal config";
    proxy_ip = lib.mkOption {
      type = lib.types.str;
      description = "The Nginx proxy IP address";
    };
    db_ip = lib.mkOption {
      type = lib.types.str;
      description = "Gitea database IP address";
    };
  };
  config = lib.mkIf cfg.enable {
    environment.etc = {
      "fail2ban/filter.d/nextcloud.conf".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
        [Definition]
        _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
        failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
                    ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Two-factor challenge failed:
                    ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
        datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
      '');
    };
    services = {
      fail2ban = {
        jails = {
          nextcloud = ''
            backend  = auto
            enabled  = true
            port     = http,https
            filter   = nextcloud
            maxretry = 3
            bantime = 86400
            findtime = 43200
            logpath  = /var/lib/nextcloud/data/nextcloud.log
          '';
        };
      };
      nextcloud = {
        enable = true;
        hostName = "${config.services.vm.vm_ip}";
        home = "/var/lib/nextcloud";
        maxUploadSize = "10240M";
        caching.redis = true;
        configureRedis = true;
        database.createLocally = false;
        phpOptions = {
          "opcache.interned_strings_buffer" = "16";
          "opcache.memory_consumption" = "512";
        };
        settings = {
          trusted_proxies = ["${cfg.proxy_ip}"];
          trusted_domains = ["${cfg.proxy_ip}"];
          overwriteprotocol = "http";
          overwrite.cli.url = "http://${cfg.proxy_ip}/cloud/";
          "overwritehost" = "${cfg.proxy_ip}";
          "overwritewebroot" = "/cloud";
          htaccess.RewriteBase = "/cloud";
          log_type = "file";
        };
        config = {
          dbhost = "${cfg.db_ip}:5432";
          dbname = "nextcloud";
          dbuser = "nextcloud";
          dbtype = "pgsql";
          dbpassFile = "/run/secrets/nextcloud/nextcloud-dbpass";
          adminuser = "tbarnouin";
          adminpassFile = "/run/secrets/nextcloud/nextcloud-adminpass";
        };
      };
    };
    networking.firewall.allowedTCPPorts = [80];
  };
}
Add other services 2024-09-09 15:19:57 +02:00			`{`
Format using alejandra 2025-01-23 14:13:19 +01:00			`lib,`
			`config,`
			`pkgs,`
			`...`
			`}: let`
			`cfg = config.services.vm_nextcloud;`
			`in {`
Add other services 2024-09-09 15:19:57 +02:00			`options.services.vm_nextcloud = {`
			`enable = lib.mkEnableOption "Enable minimal config";`
			`proxy_ip = lib.mkOption {`
			`type = lib.types.str;`
			`description = "The Nginx proxy IP address";`
			`};`
			`db_ip = lib.mkOption {`
			`type = lib.types.str;`
			`description = "Gitea database IP address";`
			`};`
			`};`
			`config = lib.mkIf cfg.enable {`
			`environment.etc = {`
			`"fail2ban/filter.d/nextcloud.conf".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter ''`
			`[Definition]`
			`_groupsre = (?:(?:,?\s"\w+":(?:"[^"]+"\|\w+)))`
			`failregex = ^\{%(_groupsre)s,?\s"remoteAddr":"<HOST>"%(_groupsre)s,?\s"message":"Login failed:`
			`^\{%(_groupsre)s,?\s"remoteAddr":"<HOST>"%(_groupsre)s,?\s"message":"Two-factor challenge failed:`
			`^\{%(_groupsre)s,?\s"remoteAddr":"<HOST>"%(_groupsre)s,?\s"message":"Trusted domain error.`
			`datepattern = ,?\s"time"\s:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"`
			`'');`
			`};`
			`services = {`
			`fail2ban = {`
			`jails = {`
			`nextcloud = ''`
			`backend = auto`
			`enabled = true`
			`port = http,https`
			`filter = nextcloud`
			`maxretry = 3`
			`bantime = 86400`
			`findtime = 43200`
			`logpath = /var/lib/nextcloud/data/nextcloud.log`
			`'';`
			`};`
			`};`
			`nextcloud = {`
			`enable = true;`
			`hostName = "${config.services.vm.vm_ip}";`
			`home = "/var/lib/nextcloud";`
			`maxUploadSize = "10240M";`
			`caching.redis = true;`
			`configureRedis = true;`
			`database.createLocally = false;`
			`phpOptions = {`
			`"opcache.interned_strings_buffer" = "16";`
			`"opcache.memory_consumption" = "512";`
			`};`
			`settings = {`
Format using alejandra 2025-01-23 14:13:19 +01:00			`trusted_proxies = ["${cfg.proxy_ip}"];`
			`trusted_domains = ["${cfg.proxy_ip}"];`
Add other services 2024-09-09 15:19:57 +02:00			`overwriteprotocol = "http";`
			`overwrite.cli.url = "http://${cfg.proxy_ip}/cloud/";`
			`"overwritehost" = "${cfg.proxy_ip}";`
			`"overwritewebroot" = "/cloud";`
			`htaccess.RewriteBase = "/cloud";`
			`log_type = "file";`
			`};`
			`config = {`
			`dbhost = "${cfg.db_ip}:5432";`
			`dbname = "nextcloud";`
			`dbuser = "nextcloud";`
			`dbtype = "pgsql";`
			`dbpassFile = "/run/secrets/nextcloud/nextcloud-dbpass";`
Format using alejandra 2025-01-23 14:13:19 +01:00			`adminuser = "tbarnouin";`
Add other services 2024-09-09 15:19:57 +02:00			`adminpassFile = "/run/secrets/nextcloud/nextcloud-adminpass";`
			`};`
			`};`
			`};`
Format using alejandra 2025-01-23 14:13:19 +01:00			`networking.firewall.allowedTCPPorts = [80];`
Add other services 2024-09-09 15:19:57 +02:00			`};`
			`}`