{ lib, pkgs, config, myhost, ... }: let cfg = config.services.nextcloud; srv = cfg.settings.server; in with lib; { options = { nextcloud = { enable = mkEnableOption "enables nextcloud"; port = lib.mkOption { type = lib.types.int; default = 8003; description = "The port that Nextcloud is served on."; }; domain = lib.mkOption { type = lib.types.str; default = "files.wastring.com"; description = "The hostname that Nextcloud is served on."; }; }; }; config = mkMerge [ (mkIf config.nextloud.enable { services.nginx = { virtualHosts.${config.nextcloud.domain} = { forceSSL = true; enableACME = true; }; }; sops.secrets.nextcloud-admin-password = { }; sops.secrets.nextcloud-fw-password = { }; sops.secrets.nextcloud-disa-password = { }; services.nextcloud = { enable = true; package = pkgs.nextcloud31; hostName = config.nextcloud.domain; https = true; configureRedis = true; config.adminpassFile = config.sops.secrets.nextcloud-admin-password.path; config.dbtype = "sqlite"; ensureUsers = { fw = { email = "fredrik@wastring.com"; passwordFile = config.sops.secrets.nextcloud-fw-password.path; }; disa = { email = "disahorner@hotmail.com"; passwordFile = config.sops.secrets.nextcloud-disa-password.path; }; }; extraApps = { inherit (config.services.nextcloud.package.packages.apps) contacts calendar onlyoffice ; }; extraAppsEnable = true; settings.enabledPreviewProviders = [ "OC\\Preview\\BMP" "OC\\Preview\\GIF" "OC\\Preview\\JPEG" "OC\\Preview\\Krita" "OC\\Preview\\MarkDown" "OC\\Preview\\MP3" "OC\\Preview\\OpenDocument" "OC\\Preview\\PNG" "OC\\Preview\\TXT" "OC\\Preview\\XBitmap" "OC\\Preview\\HEIC" ]; }; services.fail2ban = { enable = true; jails = { nextcloud.settings = { backend = "systemd"; journalmatch = "SYSLOG_IDENTIFIER=Nextcloud"; enabled = true; port = 443; protocol = "tcp"; filter = "nextcloud"; maxretry = 3; bantime = 86400; findtime = 43200; }; }; }; }) ]; }