Set up for Nextcloud

We do not use the Nextcloud package from NixOS, instead we set up Nginx, PHP and Mariadb and we install Nextcloud itself by hand in /data/web. This makes it easy to import the installation from the old VPS and upgrade it independently of NixOS.
6 years ago · 2afd47e09d
parent 044d0b8bbe
commit 2afd47e09d
1 changed files with 65 additions and 13 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -42,31 +42,83 @@
  services.nginx = {
    enable = true;
    virtualHosts."www.beffara.org" = {
      default = true;
      forceSSL = true;
      root = "/data/web/root";
      sslCertificate = "/data/web/cert/beffara.org.crt";
      sslCertificateKey = "/data/web/cert/beffara.org.key";
-      locations."~ \.php$".extraConfig = ''
+
-        fastcgi_pass  unix:${config.services.phpfpm.pools.web.socket};
+      locations."/owncloud/" = {
-        fastcgi_index index.php;
+        alias = "/data/web/nextcloud/site/";
        extraConfig = ''
          rewrite ^/owncloud/((cal|card|web)dav.*)$ /owncloud/remote.php/$1 redirect;
        '';
      };
      locations."~ ^/owncloud/.+\.php(/|$)" = {
        alias = "/data/web/nextcloud/site/";
        extraConfig = ''
          fastcgi_pass  unix:${config.services.phpfpm.pools.nextcloud.socket};
          fastcgi_index index.php;
          include ${config.services.nginx.package}/conf/fastcgi.conf;
          fastcgi_split_path_info ^/owncloud/(.+\.php)(|/.*)$;
          fastcgi_param SCRIPT_NAME /owncloud/$fastcgi_script_name;
        '';
      };
      extraConfig = ''
        index index.php index.html;
        add_header Strict-Transport-Security "max-age=15768000;";
        rewrite ^/.well-known/host-meta /owncloud/public.php?service=host-meta last;
        rewrite ^/.well-known/host-meta.json /owncloud/public.php?service=host-meta-json last;
        rewrite ^/.well-known/(cal|card)dav /owncloud/remote.php/$1dav/ redirect;
      '';
    };
  };
  # FastCGI server for PHP
-  services.phpfpm.pools.web = {
+  services.phpfpm = {
-    user = "nobody";
+    phpOptions = ''
-    settings = {
+      memory_limit = 512M
-      "listen.owner" = config.services.nginx.user;
+      extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
-      "pm" = "dynamic";
+      extension=${pkgs.phpPackages.imagick}/lib/php/extensions/imagick.so
-      "pm.max_children" = 5;
+    '';
-      "pm.start_servers" = 2;
+
-      "pm.min_spare_servers" = 1;
+    pools.nextcloud = {
-      "pm.max_spare_servers" = 3;
+      user = "nextcloud";
-      "pm.max_requests" = 500;
+      settings = {
        "listen.owner" = config.services.nginx.user;
        "pm" = "dynamic";
        "pm.max_children" = 5;
        "pm.start_servers" = 2;
        "pm.min_spare_servers" = 1;
        "pm.max_spare_servers" = 3;
        "pm.max_requests" = 500;
      };
    };
  };
  # MySQL database
  services.mysql = {
    enable = true;
    package = pkgs.mariadb;
    ensureDatabases = [ "nextcloud" ];
    ensureUsers = [
      {
        name = "nextcloud";
        ensurePermissions = { "nextcloud.*" = "ALL PRIVILEGES"; };
      }
    ];
  };
  # System user accounts
  users.users.nextcloud = {
    isSystemUser = true;
    home = "/data/web/nextcloud";
    group = "nextcloud";
  };
  users.groups.nextcloud = { };
  # Initial user account
  users.users.manu = {
    isNormalUser = true;