# Forgejo { config, pkgs, lib, ... }: let inherit (lib) mkOption mkDefault; in { options = { nixin.nextcloud = { domain = mkOption { type = lib.types.str; }; admin-user = mkOption { type = lib.types.str; }; admin-pwd = mkOption { type = lib.types.str; }; container-address = mkOption { type = lib.types.str; }; host-address = mkOption { type = lib.types.str; }; address-prefix = mkOption { type = lib.types.str; }; }; }; config = { networking.hosts = { "127.0.0.1" = [ "${config.nixin.nextcloud.domain}" ]; }; containers.nextcloud = { privateNetwork = true; hostBridge = "br0"; # Specify the bridge name localAddress = "${config.nixin.nextcloud.container-address}${config.nixin.nextcloud.address-prefix}"; #localAddress6 = containerIp6; autoStart = true; hostAddress = "${config.nixin.nextcloud.host-address}"; #hostAddress6 = "fc00::1"; config = let nextcloud-domain = "${config.nixin.nextcloud.domain}"; nextcloud-admin-pwd = "${config.nixin.nextcloud.admin-pwd}"; nextcloud-admin-user = "${config.nixin.nextcloud.admin-user}"; in { config, pkgs, lib, ... }: { environment.etc."nextcloud-admin-pwd".text = "${nextcloud-admin-pwd}"; services.nextcloud = { enable = true; package = pkgs.nextcloud30; hostName = "localhost"; maxUploadSize = "1G"; settings = { trusted_domains = [ "${nextcloud-domain}" ]; }; database.createLocally = true; config = { dbtype = "pgsql"; adminuser = "${nextcloud-admin-user}"; adminpassFile = "/etc/nextcloud-admin-pwd"; }; }; system.stateVersion = "24.11"; networking = { firewall = { enable = true; allowedTCPPorts = [ 80 ]; }; # Use systemd-resolved inside the container # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 useHostResolvConf = lib.mkForce false; }; services.resolved.enable = true; }; }; networking.firewall.extraCommands = '' iptables -w -t nat -A POSTROUTING -s ${config.containers.nextcloud.localAddress} -j MASQUERADE ''; }; }