1 files changed, 27 insertions, 3 deletions

diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix
index 56fcb22..909fb30 100644
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@@ -6,7 +6,19 @@ let
 in
 {
   options.modules.services.nextcloud = {
-    enable = mkEnableOption "";
+    enable = mkEnableOption "Nextcloud instance";
+
+    domain = mkOption { type = types.str; };
+    realHost = mkOption { type = types.str; default = "nextcloud.${cfg.domain}"; };
+
+    ssl = {
+      enable = mkEnableOption "SSL for the instance";
+      acmeHost = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        description = "ACMEHost for the certificate";
+      };
+    };
 
     secrets = {
       admin-pass = mkOption { type = types.path; };
@@ -14,16 +26,23 @@ in
   };
 
   config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.ssl.enable -> cfg.ssl.acmeHost != null;
+        message = "ssl.acmeHost must be set when enabling SSL";
+      }
+    ];
+
     services.nextcloud = {
       enable = true;
 
       package = pkgs.nextcloud28;
       database.createLocally = true;
-      hostName = "nextcloud.internal";
+      hostName = cfg.realHost;
 
       nginx.recommendedHttpHeaders = true;
       maxUploadSize = "512G";
-      # https = false;
+      https = cfg.ssl.enable;
 
       home = "/smol/core/nextcloud";
       enableImagemagick = true;
@@ -86,6 +105,11 @@ in
       };
     };
 
+    services.nginx.virtualHosts.${cfg.realHost} = mkIf cfg.ssl.enable {
+      forceSSL = true;
+      useACMEHost = cfg.ssl.acmeHost;
+    };
+
     services.postgresqlBackup.enable = true;
     environment.persistence."/persist".directories = [
       "/var/lib/postgresql"