{ config, containerCfg, pkgs, lib, builder, ... }: let version = "27"; serverCfg = config.syscfg.server; in { paths = [{ path="${serverCfg.dataPath}/nextcloud/www"; owner = "1000:1000"; mode = "0755"; }{ path="${serverCfg.dataPath}/nextcloud/data"; owner = "1000:1000"; mode = "0755"; backup = true; }]; containers = { server = builder.mkContainer { subdomain = containerCfg.subdomain; image = "nextcloud:${version}"; port = containerCfg.port; ip = containerCfg.ip; secret = "nextcloud"; extraEnv = { "REDIS_HOST" = builder.host; "POSTGRES_HOST" = builder.host; "POSTGRES_USER" = "nextcloud_user"; "POSTGRES_DB" = "nextcloud_db"; "NEXTCLOUD_TRUSTED_DOMAINS " = "${containerCfg.subdomain}.${serverCfg.hostDomain}"; "SMTP_HOST" = serverCfg.mailServer; "SMTP_NAME" = "mail_user"; "SMTP_PASSWORD" = "mail_password"; "MAIL_FROM_ADDRESS" = "${containerCfg.subdomain}@${serverCfg.hostDomain}"; "MAIL_DOMAIN" = serverCfg.mailDomain; "TRUSTED_PROXIES" = "..."; }; extraLabels = { "traefik.http.routers.${containerCfg.subdomain}.middlewares" = "sts_headers,${containerCfg.subdomain}-caldav"; "traefik.http.middlewares.${containerCfg.subdomain}-caldav.redirectregex.permanent" = "true"; "traefik.http.middlewares.${containerCfg.subdomain}-caldav.redirectregex.regex" = "^https://(.*)/.well-known/(card|cal)dav"; "traefik.http.middlewares.${containerCfg.subdomain}-caldav.redirectregex.replacement" = "https://$\${1}/remote.php/dav/"; "traefik.http.middlewares.sts_headers.headers.stsSeconds" = "15552000"; "traefik.http.middlewares.sts_headers.headers.stsIncludeSubdomains" = "true"; }; overrides = { ports = if containerCfg.pubPort != 0 && containerCfg.port != 0 then [ "${toString containerCfg.pubPort}:${toString containerCfg.port}" ] else []; volumes = [ "${serverCfg.dataPath}/nextcloud/www:/var/www/html" "${serverCfg.dataPath}/nextcloud/data:/var/www/html/data" ]; tmpfs = [ "/tmp" ]; }; }; }; }