From a02077f5fd5cb27573cc66f1443a1016b910fa07 Mon Sep 17 00:00:00 2001
From: oqyude <oqyude@gmail.com>
Date: Thu, 5 Jun 2025 21:08:16 +0300
Subject: [PATCH] 123

---
 devices/server.nix             | 57 +----------------------
 flake.nix                      |  2 +
 modules/server/cloudflared.nix | 34 ++++++++++++++
 modules/server/immich.nix      | 22 ++-------
 modules/server/nextcloud.nix   | 85 ++++++++++++++++++++++++++++++++++
 modules/zeroq/flake.nix        |  1 +
 6 files changed, 127 insertions(+), 74 deletions(-)
 mode change 100755 => 100644 flake.nix
 create mode 100644 modules/server/cloudflared.nix
 create mode 100644 modules/server/nextcloud.nix
 mode change 100755 => 100644 modules/zeroq/flake.nix

diff --git a/devices/server.nix b/devices/server.nix
index 8d34572..1958e79 100644
--- a/devices/server.nix
+++ b/devices/server.nix
@@ -14,6 +14,8 @@ let
 
         self.nixosModules.software.beets
         self.nixosModules.server.immich
+        self.nixosModules.server.nextcloud
+        self.nixosModules.server.cloudflared
         #self.nixosModules.extra.self.zapret
 
         self.homeConfigurations.server.nixosModule # home-manager configuration module
@@ -72,61 +74,6 @@ let
       };
 
       services = {
-        nextcloud = {
-          enable = false;
-          package = pkgs.nextcloud30;
-          hostName = "localhost:10000";
-          database.createLocally = true;
-          config = {
-            dbtype = "mysql";
-            dbuser = "nextcloud";
-            #dbhost = "/run/postgresql";
-            dbname = "nextcloud";
-            adminuser = "root";
-            #adminpassFile = "${inputs.zeroq.dirs.credentials-target}/nextcloud/admin-pass.txt";
-          };
-          settings = {
-            appstoreEnable = false;
-            log_type = "file";
-            trusted_domains = [
-              "100.64.0.0"
-              "192.168.1.18"
-              "localhost"
-            ];
-          };
-          extraAppsEnable = true;
-          extraApps = {
-            inherit (pkgs.nextcloud30Packages.apps)
-              bookmarks
-              calendar
-              contacts
-              cookbook
-              cospend
-              deck
-              end_to_end_encryption
-              forms
-              gpoddersync
-              groupfolders
-              impersonate
-              integration_paperless
-              mail
-              maps
-              memories
-              music
-              notes
-              notify_push
-              onlyoffice
-              polls
-              previewgenerator
-              richdocuments
-              spreed
-              tasks
-              user_oidc
-              user_saml
-              whiteboard
-              ;
-          };
-        };
         earlyoom.enable = true;
         preload.enable = true;
         auto-cpufreq.enable = true;
diff --git a/flake.nix b/flake.nix
old mode 100755
new mode 100644
index 2f2cdbf..3fad2f6
--- a/flake.nix
+++ b/flake.nix
@@ -111,7 +111,9 @@
           };
         };
         server = {
+          cloudflared = import ./modules/server/cloudflared.nix flakeContext;
           immich = import ./modules/server/immich.nix flakeContext;
+          nextcloud = import ./modules/server/nextcloud.nix flakeContext;
         };
       };
 
diff --git a/modules/server/cloudflared.nix b/modules/server/cloudflared.nix
new file mode 100644
index 0000000..6efaf8f
--- /dev/null
+++ b/modules/server/cloudflared.nix
@@ -0,0 +1,34 @@
+{ inputs, ... }@flakeContext:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  services = {
+    cloudflared = {
+      enable = true;
+
+      certificateFile = "${inputs.zeroq.dirs.server-home}/Credentials/server/cloudflared/cert.pem";
+      tunnels = {
+        "e5d66ea5-d6d2-4eef-9b34-82696946ef58" = {
+          credentialsFile = "${inputs.zeroq.dirs.server-home}/Credentials/server/cloudflared/immich.json";
+          ingress = {
+            "immich.zeroq.ru" = {
+              service = "http://localhost:2283";
+            };
+          };
+          warp-routing.enabled = true;
+          default = "http_status:404";
+        };
+      };
+    };
+  };
+
+  environment = {
+    systemPackages = with pkgs; [
+      cloudflared
+    ];
+  };
+}
diff --git a/modules/server/immich.nix b/modules/server/immich.nix
index abbadc7..094484a 100644
--- a/modules/server/immich.nix
+++ b/modules/server/immich.nix
@@ -7,9 +7,9 @@
 }:
 {
   services = {
-    postgresql = {
-      enable = lib.mkDefault true;
-    };
+    #     postgresql = {
+    #       enable = lib.mkDefault true;
+    #     };
     immich = {
       enable = true;
       port = 2283;
@@ -19,22 +19,6 @@
       machine-learning.enable = false;
       mediaLocation = "/mnt/immich";
     };
-    cloudflared = {
-      enable = true;
-      tunnels = {
-        "e5d66ea5-d6d2-4eef-9b34-82696946ef58" = {
-          credentialsFile = "${inputs.zeroq.dirs.server-home}/Credentials/server/cloudflared/immich.json";
-          certificateFile = "${inputs.zeroq.dirs.server-home}/Credentials/server/cloudflared/cert.pem";
-          ingress = {
-            "immich.zeroq.ru" = {
-              service = "http://localhost:2283";
-            };
-          };
-          warp-routing.enabled = true;
-          default = "http_status:404";
-        };
-      };
-    };
   };
 
   fileSystems."${config.services.immich.mediaLocation}" = {
diff --git a/modules/server/nextcloud.nix b/modules/server/nextcloud.nix
new file mode 100644
index 0000000..1e9a1ae
--- /dev/null
+++ b/modules/server/nextcloud.nix
@@ -0,0 +1,85 @@
+{ inputs, ... }@flakeContext:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  services = {
+    nextcloud = {
+      enable = false;
+      package = pkgs.nextcloud30;
+      hostName = "localhost:10000";
+      database.createLocally = true;
+      home = "/mnt/nextcloud";
+      config = {
+        dbtype = "mysql";
+        dbuser = "nextcloud";
+        #dbhost = "/run/postgresql";
+        dbname = "nextcloud";
+        adminuser = "oqyude";
+        adminpassFile = "${inputs.zeroq.dirs.credentials-target}/nextcloud/admin-pass.txt";
+      };
+      settings = {
+        appstoreEnable = false;
+        log_type = "file";
+        trusted_domains = [
+          "nextcloud.zeroq.ru"
+          #"100.64.0.0"
+          #"192.168.1.18"
+          #"localhost"
+        ];
+      };
+      extraAppsEnable = true;
+      extraApps = {
+        inherit (pkgs.nextcloud30Packages.apps)
+          bookmarks
+          calendar
+          contacts
+          cookbook
+          cospend
+          deck
+          end_to_end_encryption
+          forms
+          gpoddersync
+          groupfolders
+          impersonate
+          integration_paperless
+          mail
+          maps
+          memories
+          music
+          notes
+          notify_push
+          onlyoffice
+          polls
+          previewgenerator
+          richdocuments
+          spreed
+          tasks
+          user_oidc
+          user_saml
+          whiteboard
+          ;
+      };
+    };
+  };
+
+  fileSystems."/mnt/nextcloud" = {
+    device = "${inputs.zeroq.dirs.nextcloud-folder}";
+    options = [
+      "bind"
+      #"uid=1000"
+      #"gid=1000"
+      #"fmask=0007"
+      #"dmask=0007"
+      "nofail"
+      "x-systemd.device-timeout=0"
+    ];
+  };
+
+  systemd.tmpfiles.rules = [
+    "z /mnt/nextcloud 0755 nextcloud nextcloud -"
+  ];
+}
diff --git a/modules/zeroq/flake.nix b/modules/zeroq/flake.nix
old mode 100755
new mode 100644
index 64e3ecf..8eddd7e
--- a/modules/zeroq/flake.nix
+++ b/modules/zeroq/flake.nix
@@ -36,6 +36,7 @@
         calibre-library = "${server-home}/Books-Library";
         music-library = "${dirs.user-home}/Music";
         immich-folder = "${server-home}/Services/immich";
+        nextcloud-folder = "${server-home}/Services/nextcloud";
         postgresql-folder = "${server-home}/Services/postgresql";
       };
     };