nixos-config/hosts/x86_64-linux/beleth/nextcloud.nix

{
  config,
  lib,
  pkgs,
  ...
}: {
  imports = [
    "${fetchTarball {
      url = "https://github.com/onny/nixos-nextcloud-testumgebung/archive/fa6f062830b4bc3cedb9694c1dbf01d5fdf775ac.tar.gz";
      sha256 = "0gzd0276b8da3ykapgqks2zhsqdv4jjvbv97dsxg0hgrhb74z0fs";
    }}/nextcloud-extras.nix"
  ];

  sops.secrets."nextcloud_password" = {
    path = "/etc/nx_pass";
    owner = "nextcloud";
    group = "nextcloud";
  };

  services.nextcloud = {
    webserver = "caddy";
  };

  services.postgresql = {
    enable = true;
    identMap = ''
      # ArbitraryMapName systemUser DBUser
      superuser_map      root       postgres
      superuser_map      postgres   postgres
      # Let other names login as themselves
      superuser_map      /^(.*)$   \1
    '';
    authentication = pkgs.lib.mkOverride 10 ''
      #type database  DBuser  auth-method optional_ident_map
      local sameuser  all     peer        map=superuser_map
    '';
  };

  services.nextcloud = {
    enable = true;
    package = pkgs.nextcloud29;
    hostName = "cloud.heroin.trade";
    https = true;

    database.createLocally = true;
    config = {
      dbtype = "pgsql";
      adminpassFile = "/etc/nx_pass";
    };
    configureRedis = true;
    maxUploadSize = "4G";
    phpOptions."opcache.interned_strings_buffer" = "32";

    extraApps = {
      inherit
        (config.services.nextcloud.package.packages.apps)
        contacts
        calendar
        notes
        # previewgenerator
        ;
      recognize = pkgs.fetchNextcloudApp {
        sha256 = "sha256-hg8uY7cvdYnmEh6vKC36vkORDC+MSZA8lFqGQK2RbkE=";
        url = "https://github.com/nextcloud/recognize/releases/download/v7.0.2/recognize-7.0.2.tar.gz";
        license = "agpl3Only";
      };
    };
    extraAppsEnable = true;

    settings = {
      maintenance_window_start = 100;
      default_phone_region = "DE";
      log_type = "file";
      enabledPreviewProviders = [
        "OC\\Preview\\BMP"
        "OC\\Preview\\GIF"
        "OC\\Preview\\JPEG"
        "OC\\Preview\\Krita"
        "OC\\Preview\\MarkDown"
        "OC\\Preview\\MP3"
        "OC\\Preview\\OpenDocument"
        "OC\\Preview\\PNG"
        "OC\\Preview\\TXT"
        "OC\\Preview\\XBitmap"
        "OC\\Preview\\HEIC"
        "OC\\Preview\\Font"
        "OC\\Preview\\HEIC"
        "OC\\Preview\\Illustrator"
        "OC\\Preview\\Movie"
        "OC\\Preview\\MSOffice2003"
        "OC\\Preview\\MSOffice2007"
        "OC\\Preview\\MSOfficeDoc"
        "OC\\Preview\\PDF"
        "OC\\Preview\\Photoshop"
        "OC\\Preview\\Postscript"
        "OC\\Preview\\StarOffice"
        "OC\\Preview\\SVG"
        "OC\\Preview\\TIFF"
        "OC\\Preview\\EMF"
      ];
    };

    # secretFile = "/etc/nx_sc_opt";
  };

  # Execute `nextcloud-occ preview:generate-all` before running this timer!
  systemd.timers."nextcloud-previewgenerator" = {
    wantedBy = ["timers.target"];
    timerConfig = {
      OnBootSec = "15m";
      OnUnitActiveSec = "15m";
      Unit = "nextcloud-previewgenerator.service";
    };
  };
  systemd.services."nextcloud-previewgenerator" = {
    script = ''
      ${config.services.nextcloud.occ}/bin/nextcloud-occ preview:pre-generate
    '';
    serviceConfig = {
      Type = "oneshot";
      User = "root";
    };
  };

  environment.systemPackages = with pkgs; [
    # previewgenerator
    ghostscript
    ffmpeg-headless
    # recognize
    gnumake
    nodejs_20
    nodejs_20.pkgs.node-pre-gyp
    python3
    util-linux
  ];
}