{config, pkgs, ...}: { # Enable Nginx services.nginx = { enable = true; # Use recommended settings recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; # Only allow PFS-enabled ciphers with AES256 sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; # Setup Nextcloud virtual host to listen on ports virtualHosts = { "next.atlanticaweb.fr" = { ## Force HTTP redirect to HTTPS forceSSL = true; ## LetsEncrypt enableACME = true; }; }; }; security.acme.defaults.email = "lucazeau.alexandre@gmail.com"; security.acme.acceptTerms = true; # Actual Nextcloud Config services.nextcloud = { enable = true; package = pkgs.nextcloud24; hostName = "next.atlanticaweb.fr"; # Enable built-in virtual host management # Takes care of somewhat complicated setup # See here: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/web-apps/nextcloud.nix#L529 # Use HTTPS for links https = true; # Auto-update Nextcloud Apps autoUpdateApps.enable = true; # Set what time makes sense for you autoUpdateApps.startAt = "05:00:00"; config = { # Further forces Nextcloud to use HTTPS overwriteProtocol = "https"; # Nextcloud PostegreSQL database configuration, recommended over using SQLite dbtype = "pgsql"; dbuser = "nextcloud"; dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself dbname = "nextcloud"; dbpassFile = "/run/nextcloud-db"; adminpassFile = "/run/nextcloud-admin"; adminuser = "admin"; }; }; # Enable PostgreSQL services.postgresql = { enable = true; # Ensure the database, user, and permissions always exist ensureDatabases = [ "nextcloud" ]; ensureUsers = [ { name = "nextcloud"; ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; } ]; }; # Ensure that postgres is running before running the setup systemd.services."nextcloud-setup" = { requires = ["postgresql.service"]; after = ["postgresql.service"]; }; }