diff --git a/modules/nextcloud-setup.nix b/modules/nextcloud-setup.nix index 1f0fafe..a83329b 100644 --- a/modules/nextcloud-setup.nix +++ b/modules/nextcloud-setup.nix @@ -1,5 +1,10 @@ # ~/nixconfig/modules/nextcloud-setup.nix -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let nextcloudExternalDomain = "cloud.death916.xyz"; # Domain used by NPM @@ -20,11 +25,15 @@ in { # --- PostgreSQL & Redis setup ... (as before) --- services.postgresql = { - enable = true; package = pkgs.postgresql_14; ensureDatabases = [ "nextcloud" ]; + enable = true; + package = pkgs.postgresql_14; + ensureDatabases = [ "nextcloud" ]; ensureUsers = [ { name = "nextcloud"; } ]; }; services.redis.servers.nextcloud = { - enable = true; user = "nextcloud"; unixSocket = "/run/redis-nextcloud/redis.sock"; + enable = true; + user = "nextcloud"; + unixSocket = "/run/redis-nextcloud/redis.sock"; port = 0; }; systemd.tmpfiles.rules = [ "d /run/redis-nextcloud 0750 nextcloud nextcloud - -" ]; @@ -33,40 +42,44 @@ in services.nextcloud = { enable = true; package = pkgs.nextcloud31; # Verify this version - + # For the path through NPM, hostName should match the external domain. # For direct Tailscale access, users will use the Tailscale IP/MagicDNS name. - hostName = nextcloudExternalDomain; - + hostName = nextcloudExternalDomain; + https = false; # NPM handles HTTPS. Nextcloud serves HTTP internally. datadir = nextcloudDataPath; maxUploadSize = "2G"; config = { - dbtype = "pgsql"; dbuser = "nextcloud"; dbhost = "/run/postgresql"; - dbname = "nextcloud"; dbpassFile = dbPassFilePath; - adminuser = "death916"; adminpassFile = adminPassFilePath; + dbtype = "pgsql"; + dbuser = "nextcloud"; + dbhost = "/run/postgresql"; + dbname = "nextcloud"; + dbpassFile = dbPassFilePath; + adminuser = "death916"; + adminpassFile = adminPassFilePath; }; settings = { # --- Trusted Domains: CRITICAL --- # Add all ways Nextcloud will be accessed. trusted_domains = [ - nextcloudExternalDomain # For access via NPM - homelabTailscaleIP # For direct access via Tailscale IP - homelabMagicDNSName # For direct access via Tailscale MagicDNS name + nextcloudExternalDomain # For access via NPM + homelabTailscaleIP # For direct access via Tailscale IP + homelabMagicDNSName # For direct access via Tailscale MagicDNS name # "localhost" # If you run occ commands directly on homelab ]; - + # --- Trusted Proxies: For NPM path --- - trusted_proxies = [ nginxProxyManagerTailscaleIP ]; + trusted_proxies = [ nginxProxyManagerTailscaleIP ]; # --- Overwrite Parameters: Primarily for the NPM path --- # These tell Nextcloud how it looks when accessed via NPM (HTTPS, external domain). # When accessed directly via Tailscale IP/MagicDNS name over HTTP, these *might* # cause Nextcloud to generate HTTPS links, which could be an issue if you haven't # set up HTTPS directly on the homelab Tailscale interface. - overwriteprotocol = "https"; + overwriteprotocol = "https"; overwritehost = nextcloudExternalDomain; "overwrite.cli.url" = "https://${nextcloudExternalDomain}"; # For occ commands @@ -81,15 +94,21 @@ in "memcache.distributed" = "\\OC\\Memcache\\Redis"; "memcache.locking" = "\\OC\\Memcache\\Redis"; filelocking.enabled = true; - redis = { host = "/run/redis-nextcloud/redis.sock"; port = 0; }; + redis = { + host = "/run/redis-nextcloud/redis.sock"; + port = 0; + }; }; - - caching.redis = true; - phpOptions = lib.mkForce { "memory_limit" = "2G"; }; + + caching.redis = true; + phpOptions = lib.mkForce { "memory_limit" = "4G"; }; }; - users.users.nextcloud = { isSystemUser = true; group = "nextcloud"; }; - users.groups.nextcloud = {}; + users.users.nextcloud = { + isSystemUser = true; + group = "nextcloud"; + }; + users.groups.nextcloud = { }; # Firewall on homelab: # Allows NPM (and direct Tailscale clients) to connect to Nextcloud's internal HTTP port. @@ -97,4 +116,3 @@ in # this is mainly for Tailscale access. networking.firewall.allowedTCPPorts = [ internalNextcloudHttpPort ]; # Port 80 } - diff --git a/nixos/homelab.nix b/nixos/homelab.nix index 64de89f..af154d0 100644 --- a/nixos/homelab.nix +++ b/nixos/homelab.nix @@ -186,7 +186,7 @@ services.qbittorrent = { enable = true; - dataDir = "/media/storage/media/downloads"; + dataDir = "/storage/services/qbittorrent/config"; user = "qbittorrent"; group = "qbittorrent";