numbus-server-module/modules/services/nextcloud.nix

{ config, pkgs, lib, ... }:

with lib;

let
  nextcloudVersion = "32.0.6";
  redisVersion = "8.6-alpine";
  databaseVersion = "11.4";
  onlyofficeVersion = "9.2";
  whiteboardVersion = "v1.5.6";
  helper = import ./lib.nix { inherit config pkgs lib; };
  cfg = config.numbus.services.nextcloud;
  cfg2 = config.numbus.services.onlyoffice;
  cfg3 = config.numbus.services.whiteboard;
in

helper.mkPodmanService {
  description = "Nextcloud, your own online office suite";
  name = "nextcloud";
  pod = "nextcloud";
  defaultPort = "11000";
  generatedSecrets = {
    DB_NAME = "xkcdpass -n 2 -d -";
    DB_USERNAME = "xkcdpass -n 2 -d -";
    DB_PASSWORD = "xkcdpass -n 8 -d -";
    REDIS_PASSWORD = "xkcdpass -n 8 -d -";
  };
  importedSecrets = {
    DOMAIN_NAME = "${config.numbus.services.domain}";
    REDIS_HOSTNAME = "immich-redis";
    DB_HOSTNAME = "immich-database";
    UPLOAD_LOCATION = "${cfg.dataDir}"; 
    DB_DATA_LOCATION = "${cfg.configDir}/database";
    TZ = "${time.timeZone}";
  };
  dirPermissions = [
    "100999:users ${cfg.dataDir}"
    "100999:users ${cfg.configDir}"
  ];

# Compose file good
  composeText = ''
    services:
      nextcloud-server:
        image: docker.io/library/nextcloud:${nextcloudVersion}
        container_name: nextcloud-server
        hostname: nextcloud-server
        networks:
          nextcloud:
        ports:
          - "${cfg.port}:80/tcp"
        volumes:
          - ${cfg.configDir}/web:/var/www/html
          - ${cfg.dataDir}:/mnt/ncdata
        environment:
          MYSQL_HOST: nextcloud-database
          MYSQL_DATABASE: $DB_NAME
          MYSQL_USER: $DB_USERNAME
          MYSQL_PASSWORD: $DB_PASSWORD
          REDIS_HOST: nextcloud-redis
          REDIS_HOST_PASSWORD: $REDIS_PASSWORD
          NEXTCLOUD_TRUSTED_DOMAINS: ${cfg.subdomain}.${config.numbus.services.domain}
          NEXTCLOUD_DATA_DIR: /mnt/ncdata
          SMTP_HOST: $SMTP_HOST
          SMTP_SECURE: tls
          SMTP_PORT: $SMTP_PORT
          SMTP_NAME: $SMTP_NAME
          SMTP_PASSWORD: $SMTP_PASSWORD
          MAIL_FROM_ADDRESS: nextcloud-noreply
          MAIL_DOMAIN: ${config.numbus.services.domain}
          APACHE_DISABLE_REWRITE_IP: 1
          TRUSTED_PROXIES: 192.168.11.5
          OVERWRITEPROTOCOL: https
        depends_on:
          - nextcloud-database
        security_opt:
          - no-new-privileges:true
        cap_drop:
          - NET_RAW
        restart: unless-stopped
      nextcloud-redis:
        image: docker.io/library/redis:${redisVersion}
        container_name: nextcloud-redis
        hostname: nextcloud-redis
        user: '1000:1000'
        networks:
          nextcloud:
        volumes:
          - ${cfg.configDir}/redis:/data
        command: redis-server --requirepass $REDIS_HOST_PASSWORD --save 60 1 --loglevel warning
        security_opt:
          - no-new-privileges:true
        cap_drop:
          - NET_RAW
        restart: unless-stopped
      nextcloud-database:
        image: docker.io/library/mariadb:${databaseVersion}
        container_name: nextcloud-database
        hostname: nextcloud-database
        user: '1000:1000'
        networks:
          nextcloud:
        volumes:
          - ${cfg.configDir}/database:/var/lib/mysql
        environment:
          MARIADB_DATABASE: $MYSQL_DATABASE
          MARIADB_USER: $MYSQL_USER
          MARIADB_PASSWORD: $MYSQL_PASSWORD
          MARIADB_RANDOM_ROOT_PASSWORD: true
        security_opt:
          - no-new-privileges:true
        cap_drop:
          - NET_RAW
        restart: unless-stopped
      nextcloud-onlyoffice:
        container_name: nextcloud-onlyoffice
        hostname: nextcloud-onlyoffice
        image: docker.io/onlyoffice/documentserver:${onlyofficeVersion}
        environment:
          - JWT_SECRET=$JWT_SECRET
        ports:
          - "${cfg2.port}:80/tcp"
        volumes:
          - ${cfg2.configDir}/log:/var/log/onlyoffice
          - ${cfg2.configDir}/cache:/var/lib/onlyoffice
          - ${cfg2.configDir}/database:/var/lib/postgresql
        security_opt:
          - no-new-privileges:true
        cap_drop:
          - NET_RAW
        restart: unless-stopped
      nextcloud-whiteboard:
        image: ghcr.io/nextcloud-releases/whiteboard:${whiteboardVersion}
        container_name: nextcloud-whiteboard
        hostname: nextcloud-whiteboard
        user: '1000:1000'
        ports:
          - "${cfg3.port}:3002/tcp"
        environment:
          NEXTCLOUD_URL: https://${cfg.subdomain}.${config.numbus.services.domain}
          JWT_SECRET_KEY: $JWT_SECRET
        security_opt:
          - no-new-privileges:true
        cap_drop:
          - NET_RAW
        restart: unless-stopped
    networks:
      nextcloud:
        name: nextcloud
        driver: bridge
  '';

}