feat(gustave): bootstrap a new nextcloud

machines/gustave/default.nix

@@ -14,6 +14,7 @@
     ./pages.nix
     ./readeck.nix
     ./plausible.nix
+    ./nextcloud.nix
   ];
 
   machine.meta = {

machines/gustave/nextcloud.nix

@@ -0,0 +1,91 @@
+{ pkgs, config, ... }:
+
+{
+
+  environment.systemPackages = [ config.services.nextcloud.occ ];
+
+  age.secrets."nextcloud-admin-password" = {
+    file = ../../secrets/nextcloud-admin-password.age;
+    owner = "nextcloud";
+    group = "nextcloud";
+  };
+
+  age.secrets."nextcloud-s3-token" = {
+    file = ../../secrets/nextcloud-s3-token.age;
+    owner = "nextcloud";
+    group = "nextcloud";
+  };
+
+  services.nextcloud = {
+    enable = true;
+    configureRedis = true;
+    database.createLocally = true;
+    package = pkgs.nextcloud30;
+    https = true;
+    hostName = "nuage.luj.fr";
+    autoUpdateApps.enable = true;
+
+    config = {
+      dbtype = "pgsql";
+      adminuser = "admin";
+      adminpassFile = config.age.secrets."nextcloud-admin-password".path;
+      objectstore.s3 = {
+        enable = true;
+        hostname = "s3.luj.fr";
+        usePathStyle = true;
+        port = 443;
+        region = "paris";
+        bucket = "nextcloud-bucket";
+        key = "GK5e980f5f3c7e2780b931ccd0";
+        secretFile = config.age.secrets."nextcloud-s3-token".path;
+        autocreate = false;
+      };
+
+    };
+
+    settings = {
+      overwriteprotocol = "https";
+      overwritehost = "nuage.luj.fr";
+      "overwrite.cli.url" = "https://nuage.luj.fr";
+      updatechecker = false;
+      default_phone_region = "FR";
+      "memories.exiftool" = "${pkgs.exiftool}/bin/exiftool";
+      "memories.vod.ffmpeg" = "${pkgs.ffmpeg-headless}/bin/ffmpeg";
+      "memories.vod.ffprobe" = "${pkgs.ffmpeg-headless}/bin/ffprobe";
+      trusted_proxies = [ "::1" ];
+      allow_local_remote_servers = true;
+      allow_user_to_change_display_name = false;
+      lost_password_link = "disabled";
+
+    };
+
+    poolSettings = {
+      "pm" = "dynamic";
+      "pm.max_children" = "32";
+      "pm.start_servers" = "8";
+      "pm.min_spare_servers" = "2";
+      "pm.max_spare_servers" = "16";
+      "pm.max_requests" = "500";
+    };
+
+    phpOptions = {
+      "opcache.enable_cli" = "1";
+      "opcache.interned_strings_buffer" = "32";
+      "opcache.max_accelerated_files" = "10000";
+      "opcache.memory_consumption" = "256";
+      "opcache.revalidate_freq" = "1";
+      "opcache.fast_shutdown" = "0";
+      "openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt";
+    };
+
+  };
+
+  services.nginx.virtualHosts."nuage.luj.fr" = {
+    enableACME = true;
+    forceSSL = true;
+    extraConfig = ''
+      proxy_max_temp_file_size 4096m;
+    '';
+  };
+
+}