nextcloud-container/nextcloud-container.nix

{ config, lib, pkgs, ... }@toplevel:

with lib;
let
  cfg = config.services.nextcloudContainer;

  hostname = config.instance.hostname;

  hostSecrets = config.fudo.secrets.host-secrets."${hostname}";

  mkEnvFile = envVars:
    let
      envLines =
        mapAttrsToList (var: val: ''${var}="${toString val}"'') envVars;
    in pkgs.writeText "envFile" (concatStringsSep "\n" envLines);

  mkUserMap = uid: "${toString uid}:${toString uid}";

  postgresPasswdFile =
    pkgs.lib.passwd.stablerandom-passwd-file "nextcloud-postgres-passwd"
    config.instance.build-seed;

in {
  options.services.nextcloudContainer = with types; {
    enable = mkEnableOption "Enable Nextcloud running in an Arion container.";

    state-directory = mkOption {
      type = str;
      description = "Directory at which to store server state data.";
    };

    hostname = mkOption {
      type = str;
      description = "Hostname at which the server is available.";
    };

    package = mkOption {
      type = package;
      description = "NextCloud package to use.";
    };

    extra-apps = mkOption {
      type = attrsOf package;
      description = "List of other apps to enable.";
      default = { };
    };

    uids = {
      nextcloud = mkOption {
        type = int;
        default = 740;
      };

      postgres = mkOption {
        type = int;
        default = 741;
      };
    };

    port = mkOption {
      type = port;
      description = "Intenal port on which to listen for requests.";
      default = 6093;
    };

    timezone = mkOption {
      type = str;
      default = "America/Winnipeg";
    };
  };

  config = mkIf cfg.enable {
    systemd = {
      tmpfiles.rules = [
        "d ${cfg.state-directory}/home     0700 nextcloud root - -"
        "d ${cfg.state-directory}/data     0700 nextcloud root - -"
        "d ${cfg.state-directory}/postgres 0700 nextcloud root - -"
      ];
    };

    users.users = {
      nextcloud = {
        isSystemUser = true;
        group = "nextcloud";
        uid = cfg.uids.nextcloud;
      };
    };

    fudo.secrets.host-secrets."${hostname}" = {
      nextcloudAdminPasswd = {
        source-file =
          pkgs.lib.passwd.stablerandom-passwd-file "nextcloud-admin-passwd"
          config.instance.build-seed;
        target-file = "/run/nextcloud/admin.passwd";
      };
    };

    virtualisation.arion.projects.nextcloud.settings = let
      image = { ... }: {
        project.name = "nextcloud";
        services = {
          nextcloud = { pkgs, lib, ... }: {
            nixos = {
              useSystemd = true;
              configuration = {
                boot.tmpOnTmpfs = true;
                system.nssModules = lib.mkForce [ ];
                services = {
                  nscd.enable = false;
                  postgresql.enable = true;
                  nextcloud = {
                    enable = true;
                    package = cfg.package;
                    hostName = cfg.hostname;
                    home = "/var/lib/nextcloud/home";
                    datadir = "/var/lib/nextcloud/data";
                    configureRedis = true;
                    extraAppsEnable = true;
                    extraApps = cfg.extra-apps;
                    enableBrokenCiphersForSSE = false;
                    database.createLocally = true;
                    config = {
                      dbtype = "pgsql";
                      adminpassFile = "/run/nextcloud/admin.passwd";
                    };
                  };
                };
              };
            };
            service = {
              restart = "always";
              volumes = [
                "${cfg.state-directory}/home:/var/lib/nextcloud/home"
                "${cfg.state-directory}/data:/var/lib/nextcloud/data"
                "${hostSecrets.nextcloudAdminPasswd.target-file}:/run/nextcloud/admin.passwd:ro,Z"
                "${cfg.state-directory}/postgres:/var/lib/postgresql/data"
              ];
              user = mkUserMap cfg.uids.nextcloud;
              ports = [ "${toString cfg.port}:80" ];
            };
          };
        };
      };
    in { imports = [ image ]; };
  };
}
Initial commit 2023-08-31 14:48:31 -07:00			`{ config, lib, pkgs, ... }@toplevel:`

			`with lib;`
			`let`
			`cfg = config.services.nextcloudContainer;`

			`hostname = config.instance.hostname;`

Define hostSecrets 2023-08-31 15:16:38 -07:00			`hostSecrets = config.fudo.secrets.host-secrets."${hostname}";`

Initial commit 2023-08-31 14:48:31 -07:00			`mkEnvFile = envVars:`
			`let`
			`envLines =`
			`mapAttrsToList (var: val: ''${var}="${toString val}"'') envVars;`
			`in pkgs.writeText "envFile" (concatStringsSep "\n" envLines);`

			`mkUserMap = uid: "${toString uid}:${toString uid}";`

			`postgresPasswdFile =`
			`pkgs.lib.passwd.stablerandom-passwd-file "nextcloud-postgres-passwd"`
			`config.instance.build-seed;`

			`in {`
			`options.services.nextcloudContainer = with types; {`
			`enable = mkEnableOption "Enable Nextcloud running in an Arion container.";`

			`state-directory = mkOption {`
			`type = str;`
			`description = "Directory at which to store server state data.";`
			`};`

Switch to using arion 2023-09-04 10:44:01 -07:00			`hostname = mkOption {`
			`type = str;`
			`description = "Hostname at which the server is available.";`
			`};`

			`package = mkOption {`
			`type = package;`
			`description = "NextCloud package to use.";`
			`};`

			`extra-apps = mkOption {`
Extra apps should be attrsOf not a list 2023-09-04 18:18:26 -07:00			`type = attrsOf package;`
Switch to using arion 2023-09-04 10:44:01 -07:00			`description = "List of other apps to enable.";`
Extra apps should be attrsOf not a list 2023-09-04 18:18:26 -07:00			`default = { };`
Initial commit 2023-08-31 14:48:31 -07:00			`};`

			`uids = {`
			`nextcloud = mkOption {`
			`type = int;`
			`default = 740;`
			`};`
Switch to using arion 2023-09-04 10:44:01 -07:00
Initial commit 2023-08-31 14:48:31 -07:00			`postgres = mkOption {`
			`type = int;`
			`default = 741;`
			`};`
			`};`

			`port = mkOption {`
			`type = port;`
			`description = "Intenal port on which to listen for requests.";`
			`default = 6093;`
			`};`

			`timezone = mkOption {`
			`type = str;`
			`default = "America/Winnipeg";`
			`};`
			`};`

			`config = mkIf cfg.enable {`
			`systemd = {`
			`tmpfiles.rules = [`
Switch to using arion 2023-09-04 10:44:01 -07:00			`"d ${cfg.state-directory}/home 0700 nextcloud root - -"`
			`"d ${cfg.state-directory}/data 0700 nextcloud root - -"`
			`"d ${cfg.state-directory}/postgres 0700 nextcloud root - -"`
Initial commit 2023-08-31 14:48:31 -07:00			`];`
			`};`

			`users.users = {`
			`nextcloud = {`
			`isSystemUser = true;`
			`group = "nextcloud";`
			`uid = cfg.uids.nextcloud;`
			`};`
			`};`

			`fudo.secrets.host-secrets."${hostname}" = {`
Switch to using arion 2023-09-04 10:44:01 -07:00			`nextcloudAdminPasswd = {`
			`source-file =`
			`pkgs.lib.passwd.stablerandom-passwd-file "nextcloud-admin-passwd"`
			`config.instance.build-seed;`
			`target-file = "/run/nextcloud/admin.passwd";`
Initial commit 2023-08-31 14:48:31 -07:00			`};`
			`};`

ario -> arion 2023-08-31 14:53:44 -07:00			`virtualisation.arion.projects.nextcloud.settings = let`
Initial commit 2023-08-31 14:48:31 -07:00			`image = { ... }: {`
			`project.name = "nextcloud";`
			`services = {`
Switch to using arion 2023-09-04 10:44:01 -07:00			`nextcloud = { pkgs, lib, ... }: {`
Initial commit 2023-08-31 14:48:31 -07:00			`nixos = {`
			`useSystemd = true;`
			`configuration = {`
			`boot.tmpOnTmpfs = true;`
nssModules belongs in system? 2023-08-31 15:24:24 -07:00			`system.nssModules = lib.mkForce [ ];`
Is it important to disable nscd? 2023-09-02 10:22:08 -07:00			`services = {`
			`nscd.enable = false;`
Switch to using arion 2023-09-04 10:44:01 -07:00			`postgresql.enable = true;`
			`nextcloud = {`
Is it important to disable nscd? 2023-09-02 10:22:08 -07:00			`enable = true;`
Switch to using arion 2023-09-04 10:44:01 -07:00			`package = cfg.package;`
			`hostName = cfg.hostname;`
			`home = "/var/lib/nextcloud/home";`
			`datadir = "/var/lib/nextcloud/data";`
			`configureRedis = true;`
			`extraAppsEnable = true;`
			`extraApps = cfg.extra-apps;`
			`enableBrokenCiphersForSSE = false;`
			`database.createLocally = true;`
			`config = {`
			`dbtype = "pgsql";`
			`adminpassFile = "/run/nextcloud/admin.passwd";`
Initial commit 2023-08-31 14:48:31 -07:00			`};`
			`};`
			`};`
			`};`
			`};`
			`service = {`
Switch to using arion 2023-09-04 10:44:01 -07:00			`restart = "always";`
			`volumes = [`
			`"${cfg.state-directory}/home:/var/lib/nextcloud/home"`
			`"${cfg.state-directory}/data:/var/lib/nextcloud/data"`
			`"${hostSecrets.nextcloudAdminPasswd.target-file}:/run/nextcloud/admin.passwd:ro,Z"`
			`"${cfg.state-directory}/postgres:/var/lib/postgresql/data"`
			`];`
Try with uid again... 2023-09-04 21:44:03 -07:00			`user = mkUserMap cfg.uids.nextcloud;`
port to string 2023-09-04 18:21:44 -07:00			`ports = [ "${toString cfg.port}:80" ];`
Initial commit 2023-08-31 14:48:31 -07:00			`};`
			`};`
			`};`
			`};`
			`in { imports = [ image ]; };`
			`};`
			`}`