{ pkgs, config, ... }: { environment.systemPackages = [ config.services.nextcloud.occ ]; age.secrets."nextcloud-admin-password" = { file = ../../secrets/nextcloud-admin-password.age; owner = "nextcloud"; group = "nextcloud"; }; age.secrets."nextcloud-s3-token" = { file = ../../secrets/nextcloud-s3-token.age; owner = "nextcloud"; group = "nextcloud"; }; services.nextcloud = { enable = true; configureRedis = true; database.createLocally = true; package = pkgs.nextcloud30; https = true; hostName = "nuage.luj.fr"; autoUpdateApps.enable = true; config = { dbtype = "pgsql"; adminuser = "admin"; adminpassFile = config.age.secrets."nextcloud-admin-password".path; objectstore.s3 = { enable = true; hostname = "s3.luj.fr"; usePathStyle = true; port = 443; region = "paris"; bucket = "nextcloud-bucket"; key = "GK5e980f5f3c7e2780b931ccd0"; secretFile = config.age.secrets."nextcloud-s3-token".path; autocreate = false; }; }; settings = { overwriteprotocol = "https"; overwritehost = "nuage.luj.fr"; "overwrite.cli.url" = "https://nuage.luj.fr"; updatechecker = false; default_phone_region = "FR"; "memories.exiftool" = "${pkgs.exiftool}/bin/exiftool"; "memories.vod.ffmpeg" = "${pkgs.ffmpeg-headless}/bin/ffmpeg"; "memories.vod.ffprobe" = "${pkgs.ffmpeg-headless}/bin/ffprobe"; trusted_proxies = [ "::1" ]; allow_local_remote_servers = true; allow_user_to_change_display_name = false; lost_password_link = "disabled"; }; poolSettings = { "pm" = "dynamic"; "pm.max_children" = "32"; "pm.start_servers" = "8"; "pm.min_spare_servers" = "2"; "pm.max_spare_servers" = "16"; "pm.max_requests" = "500"; }; phpOptions = { "opcache.enable_cli" = "1"; "opcache.interned_strings_buffer" = "32"; "opcache.max_accelerated_files" = "10000"; "opcache.memory_consumption" = "256"; "opcache.revalidate_freq" = "1"; "opcache.fast_shutdown" = "0"; "openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt"; }; }; services.nginx.virtualHosts."nuage.luj.fr" = { enableACME = true; forceSSL = true; extraConfig = '' proxy_max_temp_file_size 4096m; ''; }; }