Merge pull request 'feat(nextcloud): adding nextcloud)' (#1) from nextcloud into main

Reviewed-on: https://git.cnix.dev/cnst/cnix/pulls/1

hosts/kima/default.nix

@@ -46,8 +46,6 @@ in
   environment.variables = {
     NH_FLAKE = "/home/cnst/.nix-config";
     GEMINI_API_KEY = config.age.secrets.gcapi.path;
-    QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
-    NIXOS_OZONE_WL = "1";
   };
 
   #   # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion

hosts/sobotka/server.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   server = {
     enable = true;
     email = "adam@cnst.dev";
@@ -52,6 +53,14 @@
         credentialsFile = config.age.secrets.vaultwardenCloudflared.path;
       };
     };
+    nextcloud = {
+      enable = true;
+      url = "cloud.cnst.dev";
+      cloudflared = {
+        tunnelId = "fdd98086-6a4c-44f2-bba0-eb86b833cce5";
+        credentialsFile = config.age.secrets.nextcloudCloudflared.path;
+      };
+    };
     fail2ban = {
       enable = true;
       apiKeyFile = config.age.secrets.cloudflareFirewallApiKey.path;

modules/home/programs/pkgs/default.nix

@@ -92,7 +92,6 @@ in
           adwaita-icon-theme
           qt5.qtwayland
           qt6.qtwayland
-          wl-clipboard
           wpa_supplicant
           unrar
           material-icons

modules/nixos/programs/niri/default.nix

@@ -15,9 +15,17 @@ in
   };
   config = mkIf cfg.enable {
     nixpkgs.overlays = [ inputs.niri.overlays.niri ];
-    environment.systemPackages = with pkgs; [
-      xwayland-satellite-unstable
-    ];
+    environment = {
+      variables = {
+        NIXOS_OZONE_WL = "1";
+        QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
+      };
+      systemPackages = with pkgs; [
+        xwayland-satellite-unstable
+        wl-clipboard
+        wayland-utils
+      ];
+    };
     systemd.user.services.niri-flake-polkit.enable = false;
     programs.niri = {
       enable = true;

modules/server/nextcloud/default.nix

@@ -0,0 +1,138 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  unit = "nextcloud";
+  cfg = config.server.${unit};
+  srv = config.server;
+in
+{
+  options.server.${unit} = {
+    enable = lib.mkEnableOption {
+      description = "Enable ${unit}";
+    };
+    adminUser = lib.mkOption {
+      type = lib.types.str;
+      default = "cnst";
+    };
+    adminPass = lib.mkOption {
+      type = lib.types.path;
+    };
+    configDir = lib.mkOption {
+      type = lib.types.str;
+      default = "/var/lib/${unit}";
+    };
+    url = lib.mkOption {
+      type = lib.types.str;
+      default = "cloud.${srv.domain}";
+    };
+    homepage.name = lib.mkOption {
+      type = lib.types.str;
+      default = "Nextcloud";
+    };
+    homepage.description = lib.mkOption {
+      type = lib.types.str;
+      default = "A safe home for all your data";
+    };
+    homepage.icon = lib.mkOption {
+      type = lib.types.str;
+      default = "nextcloud.svg";
+    };
+    homepage.category = lib.mkOption {
+      type = lib.types.str;
+      default = "Services";
+    };
+    cloudflared = {
+      credentialsFile = lib.mkOption {
+        type = lib.types.str;
+        example = lib.literalExpression ''
+          pkgs.writeText "cloudflare-credentials.json" '''
+          {"AccountTag":"secret"."TunnelSecret":"secret","TunnelID":"secret"}
+          '''
+        '';
+      };
+      tunnelId = lib.mkOption {
+        type = lib.types.str;
+        example = "00000000-0000-0000-0000-000000000000";
+      };
+    };
+
+  };
+  config = lib.mkIf cfg.enable {
+    server = {
+      postgresql.databases = [
+        {
+          database = "nextcloud";
+        }
+      ];
+      fail2ban = lib.mkIf config.server.fail2ban.enable {
+        jails = {
+          nextcloud = {
+            serviceName = "phpfm-nextcloud";
+            failRegex = "^.*Login failed:.*(Remote IP: <HOST>).*$";
+          };
+        };
+      };
+    };
+
+    services = {
+      cloudflared = {
+        enable = true;
+        tunnels.${cfg.cloudflared.tunnelId} = {
+          credentialsFile = cfg.cloudflared.credentialsFile;
+          default = "http_status:404";
+          ingress."${cfg.url}".service = "http://127.0.0.1:8083";
+        };
+      };
+
+      ${unit} = {
+        enable = true;
+        package = pkgs.nextcloud31;
+        hostName = "nextcloud";
+        configureRedis = true;
+        caching = {
+          redis = true;
+        };
+        maxUploadSize = "50G";
+        settings = {
+          trusted_proxies = [ "127.0.0.1" ];
+          overwriteprotocol = "https";
+          overwritehost = "cloud.${srv.domain}";
+          overwrite.cli.url = "https://cloud.${srv.domain}";
+          mail_smtpmode = "sendmail";
+          mail_sendmailmode = "pipe";
+          user_oidc = {
+            allow_multiple_user_backends = 0;
+          };
+          forwarded_for_headers = [
+            "HTTP_CF_CONNECTING_IP"
+          ];
+          enabledPreviewProviders = [
+            "OC\\Preview\\BMP"
+            "OC\\Preview\\GIF"
+            "OC\\Preview\\JPEG"
+            "OC\\Preview\\Krita"
+            "OC\\Preview\\MarkDown"
+            "OC\\Preview\\MP3"
+            "OC\\Preview\\OpenDocument"
+            "OC\\Preview\\PNG"
+            "OC\\Preview\\TXT"
+            "OC\\Preview\\XBitmap"
+            "OC\\Preview\\HEIC"
+          ];
+        };
+        config = {
+          dbtype = "pgsql";
+          dbuser = "nextcloud";
+          dbhost = "/run/postgresql";
+          dbname = "nextcloud";
+          adminuser = cfg.adminUser;
+          adminpassFile = cfg.adminPass;
+        };
+      };
+    };
+  };
+}