{ config, pkgs, ... }: let host = "cloud.dgnum.eu"; in { services.nextcloud = { enable = true; hostName = host; package = pkgs.nextcloud27; https = true; config = { overwriteProtocol = "https"; dbtype = "pgsql"; adminpassFile = config.age.secrets."nextcloud-adminpass_file".path; adminuser = "thubrecht"; defaultPhoneRegion = "FR"; trustedProxies = [ "::1" ]; objectstore.s3 = { enable = true; hostname = "s3.dgnum.eu"; region = "garage"; usePathStyle = true; port = 443; bucket = "nextcloud-dgnum"; key = "GKda5367c73ca607c349d83c35"; autocreate = false; secretFile = config.age.secrets."nextcloud-s3_secret_file".path; }; }; poolSettings = { pm = "dynamic"; "pm.max_children" = 64; "pm.max_requests" = "500"; "pm.max_spare_servers" = "8"; "pm.min_spare_servers" = "4"; "pm.start_servers" = "6"; }; phpOptions = { short_open_tag = "Off"; expose_php = "Off"; error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT"; display_errors = "stderr"; "opcache.enable_cli" = "1"; "opcache.interned_strings_buffer" = "32"; "opcache.max_accelerated_files" = "10000"; "opcache.memory_consumption" = "128"; "opcache.revalidate_freq" = "1"; "opcache.fast_shutdown" = "1"; "openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt"; catch_workers_output = "yes"; }; systemd.services.nextcloud-preview = { script = "nextcloud-occ preview:pre-generate -vvv"; startAt = "*-*-* 01:00:00 UTC"; }; notify_push = { enable = true; }; database.createLocally = true; configureRedis = true; autoUpdateApps.enable = true; enableBrokenCiphersForSSE = false; extraOptions = { overwritehost = host; "overwrite.cli.url" = "https://${host}"; updatechecker = false; allow_local_remote_servers = true; }; }; services.nginx.virtualHosts.${host} = { enableACME = true; forceSSL = true; }; environment.systemPackages = with pkgs; [ ffmpeg_6-headless jpegoptim exif perl perlPackages.ImageExifTool ]; dgn-secrets.matches."^nextcloud-.*$" = { owner = "nextcloud"; }; }