many changes

hosts/web-arm/modules/nextcloud/default.nix

@@ -1,30 +1,67 @@
-{ pkgs, config, ... }:
+{ pkgs, config, ... }: 
 {
   sops.secrets.nextcloud-adminpass.owner = "nextcloud";
+  sops.secrets.nextcloud-secrets.owner = "nextcloud";
+  sops.secrets.nextcloud-smb-credentials.owner = "nextcloud";
 
   services.nextcloud = {                
     enable = true;                   
     hostName = "nextcloud.cloonar.com";
     https = true;
-    package = pkgs.nextcloud27;
+    package = pkgs.nextcloud29;
     # Instead of using pkgs.nextcloud27Packages.apps,
     # we'll reference the package version specified above
-    extraApps = with config.services.nextcloud.package.packages.apps; {
-      inherit contacts calendar tasks deck;
+    extraApps = {
+      inherit (config.services.nextcloud.package.packages.apps) calendar contacts deck groupfolders mail richdocuments tasks;
       oidc_login = pkgs.fetchNextcloudApp rec {
-        url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v2.6.0/oidc_login.tar.gz";
-        sha256 = "sha256-MZ/Pgqrb8Y9aH1vd3BfuPhfLOmYyZQO2xVasdj+rCo4=";
+        url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.1.1/oidc_login.tar.gz";
+        sha256 = "sha256-EVHDDFtz92lZviuTqr+St7agfBWok83HpfuL6DFCoTE=";
+        license = "gpl3";
       };
     };
+    autoUpdateApps.enable = true;
     extraAppsEnable = true;
-
     database.createLocally = true;
-    enableBrokenCiphersForSSE = false;
 
+    caching.apcu = true;
+    configureRedis = true;
+    phpOptions."opcache.interned_strings_buffer" = "23";
     config = {
       adminpassFile = config.sops.secrets.nextcloud-adminpass.path;
       dbtype = "mysql";
     };
+
+    secretFile = config.sops.secrets.nextcloud-secrets.path;
+
+    settings = {
+      log_type = "errorlog";
+      allow_user_to_change_display_name = false;
+      maintenance_window_start = 1;
+      lost_password_link = "disabled";
+      oidc_login_provider_url = "https://auth.cloonar.com";
+      oidc_login_client_id = "nextcloud";
+      oidc_login_button_text = "Log in with Authelia";
+      oidc_login_auto_redirect = false;
+      oidc_login_proxy_ldap = true;
+      oidc_login_attributes = {
+        id = "preferred_username";
+        name = "name";
+        mail = "email";
+        groups = "groups";
+        ldap_uid = "email";
+      };
+      oidc_login_scope = "openid profile email groups";
+      default_phone_region = "AT";
+    };
+  };
+
+  environment.systemPackages = [ pkgs.cifs-utils ];
+  fileSystems."/var/lib/nextcloud/data" = {
+    device = "//u149513.your-backup.de/u149513-sub4/";
+    fsType = "cifs";
+    options = let
+      automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users,file_mode=0770,dir_mode=0770";
+      in ["${automount_opts},credentials=${config.sops.secrets.nextcloud-smb-credentials.path},uid=983,gid=964"];
   };
 
   services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
@@ -33,5 +70,17 @@
     acmeRoot = null;
   };
 
+  services.mysql = {
+    ensureUsers = [
+      {
+        name = "nextcloud";
+        ensurePermissions = {
+          "nextcloud.*" = "ALL PRIVILEGES";
+        };
+      }
+    ];
+    ensureDatabases = [ "nextcloud" ];
+  };
+
   services.mysqlBackup.databases = [ "nextcloud" ];
 }