Table of Contents
Defined in /modules/services/nextcloud-server.nix
.
This NixOS module is a service that sets up a Nextcloud Server.
Declarative Apps Configuration - no need to configure those with the UI.
LDAP app: enables app and sets up integration with an existing LDAP server.
OIDC app: enables app and sets up integration with an existing OIDC server.
Preview Generator app: enables app and sets up required cron job.
External Storage app: enables app and optionally configures one local mount.
Only Office app: enables app and sets up Only Office service.
Any other app through the shb.nextcloud.extraApps option.
Access through subdomain using reverse proxy.
Access through HTTPS using reverse proxy.
Automatic setup of PostgreSQL database.
Automatic setup of Redis database for caching.
Backup of the shb.nextcloud.dataDir
through the backup block.
Monitoring of reverse proxy, PHP-FPM, and database backups through the monitoring block.
Tests system cron job is setup correctly.
Tests initial admin user and password are setup correctly.
Tests admin user can create and retrieve a file through WebDAV.
Access to advanced options not exposed here thanks to how NixOS modules work.
All the secrets should be readable by the nextcloud user.
Secret should not be stored in the nix store. If you’re using
sops-nix and assuming your secrets file is located at
./secrets.yaml
, you can define a secret with:
sops.secrets."nextcloud/adminpass" = {
sopsFile = ./secrets.yaml;
mode = "0400";
owner = "nextcloud";
group = "nextcloud";
restartUnits = [ "phpfpm-nextcloud.service" ];
};
Then you can use that secret:
shb.nextcloud.adminPassFile = config.sops.secrets."nextcloud/adminpass".path;
This section corresponds to the basic
section of the Nextcloud
demo.
This will set up a Nextcloud service that runs on the NixOS target machine, reachable at
http://nextcloud.example.com
. If the shb.ssl
block is enabled, the
instance will be reachable at https://nextcloud.example.com
.
shb.nextcloud = {
enable = true;
domain = "example.com";
subdomain = "nextcloud";
dataDir = "/var/lib/nextcloud";
adminPassFile = <path/to/secret>;
};
After deploying, the Nextcloud server will be reachable at http://nextcloud.example.com
.
If the dataDir
exists in a mount point, it is highly recommended to make the various Nextcloud
services wait on the mount point before starting. Doing that is just a matter of setting the mountPointServices
option.
Assuming a mount point on /var
, the configuration would look like so:
fileSystems."/var".device = "...";
shb.nextcloud.mountPointServices = [ "var.mount" ];
This section corresponds to the ldap
section of the Nextcloud
demo.
We will build upon the Basic Configuration section, so please read that first.
We will use the LDAP block provided by Self Host Blocks to setup a LLDAP service.
shb.ldap = {
enable = true;
domain = "example.com";
subdomain = "ldap";
ldapPort = 3890;
webUIListenPort = 17170;
dcdomain = "dc=example,dc=com";
ldapUserPasswordFile = <path/to/ldapUserPasswordSecret>;
jwtSecretFile = <path/to/ldapJwtSecret>;
};
We also need to configure the nextcloud
Self Host Blocks service to talk to the LDAP server we
just defined:
shb.nextcloud.apps.ldap
enable = true;
host = "127.0.0.1";
port = config.shb.ldap.ldapPort;
dcdomain = config.shb.ldap.dcdomain;
adminName = "admin";
adminPasswordFile = <path/to/ldapUserPasswordSecret>;
userGroup = "nextcloud_user";
};
The shb.nextcloud.apps.ldap.adminPasswordFile
must be the same as the
shb.ldap.ldapUserPasswordFile
. The other secret can be randomly generated with nix run nixpkgs#openssl -- rand -hex 64
.
And that’s it. Now, go to the LDAP server at http://ldap.example.com
, create the nextcloud_user
group, create a user and add it to the group. When that’s done, go back to the Nextcloud server at
http://nextcloud.example.com
and login with that user.
Note that we cannot create an admin user from the LDAP server, so you need to create a normal user like above, login with it once so it is known to Nextcloud, then logout, login with the admin Nextcloud user and promote that new user to admin level.
This section corresponds to the sso
section of the Nextcloud
demo.
We will build upon the Basic Configuration and With LDAP Support sections, so please read those first and setup the LDAP app as described above.
Here though, we must setup SSL certificates because the SSO provider only works with the https protocol. This is actually quite easy thanks to the SSL block. For example, with self-signed certificates:
shb.certs = {
cas.selfsigned.myca = {
name = "My CA";
};
certs.selfsigned = {
nextcloud = {
ca = config.shb.certs.cas.selfsigned.myca;
domain = "nextcloud.example.com";
};
auth = {
ca = config.shb.certs.cas.selfsigned.myca;
domain = "auth.example.com";
};
ldap = {
ca = config.shb.certs.cas.selfsigned.myca;
domain = "ldap.example.com";
};
};
};
We need to setup the SSO provider, here Authelia thanks to the corresponding SHB block:
shb.authelia = {
enable = true;
domain = "example.com";
subdomain = "auth";
ssl = config.shb.certs.certs.selfsigned.auth;
ldapEndpoint = "ldap://127.0.0.1:${builtins.toString config.shb.ldap.ldapPort}";
dcdomain = config.shb.ldap.dcdomain;
secrets = {
jwtSecretFile = <path/to/autheliaJwtSecret>;
ldapAdminPasswordFile = <path/to/ldapUserPasswordSecret>;
sessionSecretFile = <path/to/autheliaSessionSecret>;
storageEncryptionKeyFile = <path/to/autheliaStorageEncryptionKeySecret>;
identityProvidersOIDCHMACSecretFile = <path/to/providersOIDCHMACSecret>;
identityProvidersOIDCIssuerPrivateKeyFile = <path/to/providersOIDCIssuerSecret>;
};
};
The shb.authelia.secrets.ldapAdminPasswordFile
must be the same as the
shb.ldap.ldapUserPasswordFile
defined in the previous section. The secrets can be randomly
generated with nix run nixpkgs#openssl -- rand -hex 64
.
Now, on the Nextcloud side, you need to add the following options:
shb.nextcloud.ssl = config.shb.certs.certs.selfsigned.nextcloud;
shb.nextcloud.apps.sso = {
enable = true;
endpoint = "https://${config.shb.authelia.subdomain}.${config.shb.authelia.domain}";
clientID = "nextcloud";
fallbackDefaultAuth = false;
secretFile = <path/to/oidcNextcloudSharedSecret>;
secretFileForAuthelia = <path/to/oidcNextcloudSharedSecret>;
};
Passing the ssl
option will auto-configure nginx to force SSL connections with the given
certificate.
The shb.nextcloud.apps.sso.secretFile
and shb.nextcloud.apps.sso.secretFileForAuthelia
options
must have the same content. The former is a file that must be owned by the nextcloud
user while
the latter must be owned by the authelia
user. I want to avoid needing to define the same secret
twice with a future secrets SHB block.
shb.nextcloud.phpFpmPoolSettings = {
"pm" = "dynamic";
"pm.max_children" = 800;
"pm.start_servers" = 300;
"pm.min_spare_servers" = 300;
"pm.max_spare_servers" = 500;
"pm.max_spawn_rate" = 50;
"pm.max_requests" = 50;
"pm.process_idle_timeout" = "20s";
};
These settings will impact all databases.
shb.nextcloud.postgresSettings = {
max_connections = "100";
shared_buffers = "512MB";
effective_cache_size = "1536MB";
maintenance_work_mem = "128MB";
checkpoint_completion_target = "0.9";
wal_buffers = "16MB";
default_statistics_target = "100";
random_page_cost = "1.1";
effective_io_concurrency = "200";
work_mem = "2621kB";
huge_pages = "off";
min_wal_size = "1GB";
max_wal_size = "4GB";
};
TODO
The following snippet installs and enables the Preview Generator application as well as creates the required cron job that generates previews every 10 minutes.
shb.nextcloud.apps.previewgenerator.enable = true;
Note that you still need to generate the previews for any pre-existing files with:
nextcloud-occ -vvv preview:generate-all
The default settings generates all possible sizes which is a waste since most are not used. SHB will change the generation settings to optimize disk space and CPU usage as outlined in this article. You can opt-out with:
shb.nextcloud.apps.previewgenerator.recommendedSettings = false;
The following snippet installs and enables the External Storage application.
shb.nextcloud.apps.externalStorage.enable = true;
Optionally creates a local mount point with:
externalStorage = {
userLocalMount.rootDirectory = "/srv/nextcloud/$user";
userLocalMount.mountName = "home";
};
You can even make the external storage be at the root with:
externalStorage.userLocalMount.mountName = "/";
Recommended use of this app is to have the Nextcloud’s dataDir
on a SSD and the
userLocalRooDirectory
on a HDD. Indeed, a SSD is much quicker than a spinning hard drive, which is
well suited for randomly accessing small files like thumbnails. On the other side, a spinning hard
drive can store more data which is well suited for storing user data.
The following snippet installs and enables the Only
Office application as well as sets up an Only Office
instance listening at onlyoffice.example.com
that only listens on the local network.
shb.nextcloud.apps.onlyoffice = {
enable = true;
subdomain = "onlyoffice";
localNextworkIPRange = "192.168.1.1/24";
};
Also, you will need to explicitly allow the package corefonts
:
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) [
"corefonts"
];
Enable the monitoring block. The metrics will automatically appear in the corresponding dashboards.
You can enable tracing with:
shb.nextcloud.debug = true;
Traces will be located at /var/log/xdebug
.
See my blog post for how to look at the traces.
The appdata folder is a special folder located under the shb.nextcloud.dataDir
directory. It is
named appdata_<instanceid>
with the Nextcloud’s instance ID as a suffix. You can find your current
instance ID with nextcloud-occ config:system:get instanceid
. In there, you will find one subfolder
for every installed app that needs to store files.
For performance reasons, it is recommended to store this folder on a fast drive that is optimized for randomized read and write access. The best would be either an SSD or an NVMe drive.
If you intentionally put Nextcloud’s shb.nextcloud.dataDir
folder on a HDD with spinning disks,
for example because they offer more disk space, then the appdata folder is also located on spinning
drives. You are thus faced with a conundrum. The only way to solve this is to bind mount a folder
from an SSD over the appdata folder. SHB does not provide (yet?) a declarative way to setup this but
this command should be enough:
mount /dev/sdd /srv/sdd
mkdir -p /srv/sdd/appdata_nextcloud
mount --bind /srv/sdd/appdata_nextcloud /var/lib/nextcloud/data/appdata_ocxvky2f5ix7
Note that you can re-generate a new appdata folder by issuing the command occ config:system:delete instanceid
.
Head over to the Nextcloud demo for a demo that installs Nextcloud with or without LDAP integration on a VM with minimal manual steps.
On the command line, the occ
tool is called nextcloud-occ
.
In case of an issue, check the logs for any systemd service mentioned in this section.
On startup, the oneshot systemd service nextcloud-setup.service
starts. After it finishes, the
phpfpm-nextcloud.service
starts to serve Nextcloud. The nginx.service
is used as the reverse
proxy. postgresql.service
run the database.
Nextcloud’ configuration is found at ${shb.nextcloud.dataDir}/config/config.php
. Nginx’
configuration can be found with systemctl cat nginx | grep -om 1 -e "[^ ]\+conf"
.
Enable verbose logging by setting the shb.nextcloud.debug
boolean to true
.
Access the database with sudo -u nextcloud psql
.
Access Redis with sudo -u nextcloud redis-cli -s /run/redis-nextcloud/redis.sock
.
shb.nextcloud.enable
Whether to enable selfhostblocks.nextcloud-server.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.adminPassFile
File containing the Nextcloud admin password. Required.
Type: null or path
Default:
null
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.adminUser
Username of the initial admin user.
Type: string
Default:
"root"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps
Applications to enable in Nextcloud. Enabling an application here will also configure various services needed for this application.
Enabled apps will automatically be installed, enabled and configured, so no need to do that through the UI. You can still make changes but they will be overridden on next deploy. You can still install and configure other apps through the UI.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.externalStorage
External Storage App. Manual
Set userLocalMount
to automatically add a local directory as an external storage.
Use this option if you want to store user data in another folder or another hard drive
altogether.
In the directory
option, you can use either $user
and/or $home
which will be
replaced by the user’s name and home directory.
Recommended use of this option is to have the Nextcloud’s dataDir
on a SSD and the
userLocalRooDirectory
on a HDD. Indeed, a SSD is much quicker than a spinning hard
drive, which is well suited for randomly accessing small files like thumbnails. On the
other side, a spinning hard drive can store more data which is well suited for storing
user data.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.externalStorage.enable
Whether to enable Nextcloud External Storage App.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.externalStorage.userLocalMount
If set, adds a local mount as external storage.
Type: null or (submodule)
Default:
null
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.externalStorage.userLocalMount.directory
Local directory on the filesystem to mount. Use $user
and/or $home
which will be replaced by the user’s name and home directory.
Type: string
Example:
"/srv/nextcloud/$user"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.externalStorage.userLocalMount.mountName
Path of the mount in Nextcloud. Use /
to mount as the root.
Type: string
Default:
""
Example:
[
"home"
"/"
]
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap
LDAP Integration App. Manual
Enabling this app will create a new LDAP configuration or update one that exists with the given host.
Type: null or (submodule)
Default:
{ }
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.enable
Whether to enable LDAP app…
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.adminName
Admin user of the LDAP server.
Type: string
Default:
"admin"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.adminPasswordFile
File containing the admin password of the LDAP server.
Must be readable by the nextcloud system user.
Type: path
Default:
""
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.dcdomain
dc domain for ldap.
Type: string
Example:
"dc=mydomain,dc=com"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.host
Host serving the LDAP server.
Type: string
Default:
"127.0.0.1"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.port
Port of the service serving the LDAP server.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
389
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.ldap.userGroup
Group users must belong to to be able to login to Nextcloud.
Type: string
Default:
"nextcloud_user"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice
Only Office App. Nextcloud App Store
Enabling this app will also start an OnlyOffice instance accessible at the given subdomain from the given network range.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.enable
Whether to enable Nextcloud OnlyOffice App.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.jwtSecretFile
File containing the JWT secret. This option is required.
Must be readable by the nextcloud system user.
Type: null or path
Default:
null
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.localNetworkIPRange
Local network range, to restrict access to Open Office to only those IPs.
Type: string
Default:
"192.168.1.1/24"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs
SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service
suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.onlyoffice.subdomain
Subdomain under which Only Office will be served.
Type: string
Default:
"oo"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.previewgenerator
Preview Generator App. Nextcloud App Store
Enabling this app will create a cron job running every minute to generate thumbnails for new and updated files.
To generate thumbnails for already existing files, run:
nextcloud-occ -vvv preview:generate-all
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.previewgenerator.enable
Whether to enable Nextcloud Preview Generator App.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.previewgenerator.debug
Enable more verbose logging.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.previewgenerator.recommendedSettings
Better defaults than the defaults. Taken from this article.
Sets the following options:
nextcloud-occ config:app:set previewgenerator squareSizes --value="32 256"
nextcloud-occ config:app:set previewgenerator widthSizes --value="256 384"
nextcloud-occ config:app:set previewgenerator heightSizes --value="256"
nextcloud-occ config:system:set preview_max_x --value 2048
nextcloud-occ config:system:set preview_max_y --value 2048
nextcloud-occ config:system:set jpeg_quality --value 60
nextcloud-occ config:app:set preview jpeg_quality --value="60"
Type: boolean
Default:
true
Example:
false
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso
SSO Integration App. Manual
Enabling this app will create a new LDAP configuration or update one that exists with the given host.
Type: submodule
Default:
{ }
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.enable
Whether to enable SSO app…
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.authorization_policy
Require one factor (password) or two factor (device) authentication.
Type: one of “one_factor”, “two_factor”
Default:
"one_factor"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.clientID
Client ID for the OIDC endpoint.
Type: string
Default:
"nextcloud"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.endpoint
OIDC endpoint for SSO.
Type: string
Example:
"https://authelia.example.com"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.fallbackDefaultAuth
Fallback to normal Nextcloud auth if something goes wrong with the SSO app. Usually, you want to enable this to transfer existing users to LDAP and then you can disabled it.
Type: boolean
Default:
false
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.port
If given, adds a port to the endpoint.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
null
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.provider
OIDC provider name, used for display.
Type: value “Authelia” (singular enum)
Default:
"Authelia"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.secretFile
File containing the secret for the OIDC endpoint.
Must be readable by the nextcloud system user.
Type: path
Default:
""
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.apps.sso.secretFileForAuthelia
File containing the secret for the OIDC endpoint, must be readable by the Authelia user.
Must be readable by the authelia system user.
Type: path
Default:
""
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.dataDir
Folder where Nextcloud will store all its data.
Type: string
Default:
"/var/lib/nextcloud"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.debug
Enable more verbose logging.
Type: boolean
Default:
false
Example:
true
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.defaultPhoneRegion
Two letters region defining default region.
Type: string
Example:
"US"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.domain
Domain under which Nextcloud is served.
<subdomain>.<domain>[:<port>]
Type: string
Example:
"domain.com"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.externalFqdn
External fqdn used to access Nextcloud. Defaults to <subdomain>.<domain>. This should only be set if you include the port when accessing Nextcloud.
Type: null or string
Default:
null
Example:
"nextcloud.domain.com:8080"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.extraApps
Extra apps to install. Should be a function returning an attrSet of appid to packages generated by fetchNextcloudApp. The appid must be identical to the “id” value in the apps appinfo/info.xml. You can still install apps through the appstore.
Type: raw value
Default:
null
Example:
apps: {
inherit (apps) mail calendar contact;
phonetrack = pkgs.fetchNextcloudApp {
name = "phonetrack";
sha256 = "0qf366vbahyl27p9mshfma1as4nvql6w75zy2zk5xwwbp343vsbc";
url = "https://gitlab.com/eneiluj/phonetrack-oc/-/wikis/uploads/931aaaf8dca24bf31a7e169a83c17235/phonetrack-0.6.9.tar.gz";
version = "0.6.9";
};
}
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.maxUploadSize
The upload limit for files. This changes the relevant options in php.ini and nginx if enabled.
Type: string
Default:
"4G"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.mountPointServices
If given, all the systemd services and timers will depend on the specified mount point systemd services.
Type: list of string
Default:
[ ]
Example:
["var.mount"]
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.phpFpmPoolSettings
Settings for PHPFPM.
Type: null or (attribute set of anything)
Default:
null
Example:
{
"pm" = "dynamic";
"pm.max_children" = 50;
"pm.start_servers" = 25;
"pm.min_spare_servers" = 10;
"pm.max_spare_servers" = 20;
"pm.max_spawn_rate" = 50;
"pm.max_requests" = 50;
"pm.process_idle_timeout" = "20s";
}
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.port
Port under which Nextcloud will be served. If null is given, then the port is omitted.
<subdomain>.<domain>[:<port>]
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
null
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.postgresSettings
Settings for the PostgreSQL database. Go to https://pgtune.leopard.in.ua/ and copy the generated configuration here.
Type: null or (attribute set of string)
Default:
null
Example:
{
# From https://pgtune.leopard.in.ua/ with:
# DB Version: 14
# OS Type: linux
# DB Type: dw
# Total Memory (RAM): 7 GB
# CPUs num: 4
# Connections num: 100
# Data Storage: ssd
max_connections = "100";
shared_buffers = "1792MB";
effective_cache_size = "5376MB";
maintenance_work_mem = "896MB";
checkpoint_completion_target = "0.9";
wal_buffers = "16MB";
default_statistics_target = "500";
random_page_cost = "1.1";
effective_io_concurrency = "200";
work_mem = "4587kB";
huge_pages = "off";
min_wal_size = "4GB";
max_wal_size = "16GB";
max_worker_processes = "4";
max_parallel_workers_per_gather = "2";
max_parallel_workers = "4";
max_parallel_maintenance_workers = "2";
}
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.ssl
Path to SSL files
Type: null or (anything)
Default:
null
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.ssl.paths
Paths where the files for the certificate will be located.
This option is the contract output of the shb.certs.certs
SSL block.
Type: anything
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.ssl.paths.cert
Path to the cert file.
Type: path
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.ssl.paths.key
Path to the key file.
Type: path
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.ssl.systemdService
Systemd oneshot service used to generate the certificate. Ends with the .service
suffix.
Use this if downstream services must wait for the certificates to be generated before starting.
Type: string
Example:
"cert-generator.service"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.subdomain
Subdomain under which Nextcloud will be served.
<subdomain>.<domain>[:<port>]
Type: string
Example:
"nextcloud"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.tracing
Enable xdebug tracing.
To trigger writing a trace to /var/log/xdebug
, add a the following header:
XDEBUG_TRACE <shb.nextcloud.tracing value>
The response will contain the following header:
x-xdebug-profile-filename /var/log/xdebug/cachegrind.out.63484
Type: null or string
Default:
null
Example:
"debug_me"
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|
shb.nextcloud.version
Nextcloud version to choose from.
Type: one of 27, 28
Default:
27
Declared by:
<selfhostblocks/modules/services/nextcloud-server.nix>
|