From 6fe1b261d5f611b677cc0b683d730922ae0a8f4f Mon Sep 17 00:00:00 2001
From: Henri Dohmen <henridohmen@posteo.com>
Date: Wed, 14 Jan 2026 23:00:15 +0100
Subject: [PATCH] nextcloud for calendars

---
 host/roam/default.nix                     |  1 +
 host/roam/nextcloud.nix                   | 46 +++++++++++
 host/roam/services.nix                    |  9 ++-
 mod/desktop/accounts.nix                  | 11 +++
 mod/desktop/default.nix                   | 98 +++++------------------
 mod/desktop/syncthing.nix                 |  7 +-
 secrets.nix                               |  1 +
 secrets/roam/nextcloud-admin-password.age | 11 +++
 8 files changed, 102 insertions(+), 82 deletions(-)
 create mode 100644 host/roam/nextcloud.nix
 create mode 100644 secrets/roam/nextcloud-admin-password.age

diff --git a/host/roam/default.nix b/host/roam/default.nix
index 882247c..4757e57 100644
--- a/host/roam/default.nix
+++ b/host/roam/default.nix
@@ -12,6 +12,7 @@
     ./git.nix
     ./hardware-configuration.nix
     ./networking.nix
+    ./nextcloud.nix
     ./services.nix
     ./syncthing.nix
   ];
diff --git a/host/roam/nextcloud.nix b/host/roam/nextcloud.nix
new file mode 100644
index 0000000..dd6a3c1
--- /dev/null
+++ b/host/roam/nextcloud.nix
@@ -0,0 +1,46 @@
+{
+  pkgs,
+  secrets,
+  config,
+  ...
+}:
+let
+  hostName = "nextcloud.hdohmen.de";
+in
+{
+  services.nextcloud = {
+    enable = true;
+    inherit hostName;
+    package = pkgs.nextcloud32;
+    https = true;
+    configureRedis = true;
+    datadir = "/data/nextcloud";
+    database.createLocally = true;
+    extraAppsEnable = true;
+    extraApps = {
+      inherit (config.services.nextcloud.package.packages.apps)
+        news
+        contacts
+        calendar
+        tasks
+        ;
+    };
+    config = {
+      adminuser = "admin";
+      adminpassFile = config.age.secrets.nextcloud-admin-password.path;
+      dbtype = "pgsql";
+    };
+  };
+
+  services.nginx.virtualHosts.${hostName} = {
+    enableACME = true;
+    forceSSL = true;
+  };
+
+  age.secrets.nextcloud-admin-password = {
+    file = secrets.roam."nextcloud-admin-password.age";
+    owner = "nextcloud";
+    group = "nextcloud";
+    mode = "440";
+  };
+}
diff --git a/host/roam/services.nix b/host/roam/services.nix
index 2c2b098..2662f26 100644
--- a/host/roam/services.nix
+++ b/host/roam/services.nix
@@ -5,11 +5,12 @@
 {
   services = {
     nginx = {
-      # recommendedTlsSettings = true;
-      # recommendedProxySettings = true;
-      # recommendedOptimisation = true;
-
       enable = true;
+
+      recommendedTlsSettings = true;
+      recommendedProxySettings = true;
+      recommendedOptimisation = true;
+
       virtualHosts.default = {
         serverName = "_";
         default = true;
diff --git a/mod/desktop/accounts.nix b/mod/desktop/accounts.nix
index b5db5b2..bfb6cf9 100644
--- a/mod/desktop/accounts.nix
+++ b/mod/desktop/accounts.nix
@@ -88,6 +88,17 @@ in
             userName = "henridohmen";
           };
         };
+        "Nextcloud" = {
+          thunderbird = {
+            enable = true;
+            color = "#FFBE6F";
+          };
+          remote = {
+            type = "caldav";
+            url = "https://nextcloud.hdohmen.de/remote.php/dav/calendars/henri/default/";
+            userName = "henri";
+          };
+        };
       };
       accounts.contact.accounts = {
         "Kontakte" = {
diff --git a/mod/desktop/default.nix b/mod/desktop/default.nix
index 8168d23..60bdfe6 100644
--- a/mod/desktop/default.nix
+++ b/mod/desktop/default.nix
@@ -4,6 +4,16 @@
   ...
 }:
 with lib;
+let
+  mkSubOption =
+    of: name:
+    mkOption {
+      type = types.bool;
+      default = of;
+      description = "Enables" ++ name;
+    };
+  mkDesktopOption = mkSubOption config.hd.desktop.enable;
+in
 {
   options.home = lib.mkOption {
     # used by /home/default.nix
@@ -19,85 +29,19 @@ with lib;
       description = "Common NixOS configuration of all desktops.";
     };
 
-    audio = {
-      enable = mkOption {
-        type = types.bool;
-        default = config.hd.desktop.enable;
-        description = "Enable audio configuration";
-      };
-    };
-
-    gpg = {
-      enable = mkOption {
-        type = types.bool;
-        default = config.hd.desktop.enable;
-        description = "Enable GPG configuration";
-      };
-    };
-
-    network = {
-      enable = mkOption {
-        type = types.bool;
-        default = config.hd.desktop.enable;
-        description = "Enable network configuration";
-      };
-    };
-
-    security = {
-      enable = mkOption {
-        type = types.bool;
-        default = config.hd.desktop.enable;
-        description = "Enable desktop security configuration";
-      };
-    };
-
+    audio.enable = mkDesktopOption "audio configuration";
+    gpg.enable = mkDesktopOption "GPG configuration";
+    network.enable = mkDesktopOption "network configuration";
+    security.enable = mkDesktopOption "security configuration";
     software = {
-      enable = mkOption {
-        type = types.bool;
-        default = config.hd.desktop.enable;
-        description = "Enable software installation";
-      };
-
-      development = {
-        enable = mkOption {
-          type = types.bool;
-          default = config.hd.desktop.software.enable;
-          description = "Enable development software";
-        };
-      };
-    };
-
-    windowManager = {
-      enable = mkOption {
-        type = types.bool;
-        default = config.hd.desktop.enable;
-        description = "Enable window manager configuration";
-      };
-    };
-
-    accounts = {
-      enable = mkOption {
-        type = types.bool;
-        default = config.hd.desktop.enable;
-        description = "Enable desktop user accounts";
-      };
-    };
-
-    fonts = {
-      enable = mkOption {
-        type = types.bool;
-        default = config.hd.desktop.enable;
-        description = "Enable font configuration";
-      };
-    };
-
-    services = {
-      enable = mkOption {
-        type = types.bool;
-        default = config.hd.desktop.enable;
-        description = "Enable desktop services";
-      };
+      enable = mkDesktopOption "software installation";
+      development.enable = mkSubOption config.hd.desktop.software.enable "development software";
     };
+    windowManager.enable = mkDesktopOption "window manager configuration";
+    accounts.enable = mkDesktopOption "desktop user accounts";
+    fonts.enable = mkDesktopOption "font configuration";
+    services.enable = mkDesktopOption "desktop services";
+    syncthing.enable = mkDesktopOption "syncthing settings";
   };
 
   imports = [
diff --git a/mod/desktop/syncthing.nix b/mod/desktop/syncthing.nix
index e7ae2bd..0275847 100644
--- a/mod/desktop/syncthing.nix
+++ b/mod/desktop/syncthing.nix
@@ -1,5 +1,10 @@
-{ lib, var, ... }:
 {
+  lib,
+  var,
+  config,
+  ...
+}:
+lib.mkIf config.hd.desktop.syncthing.enable {
   services.syncthing = {
     enable = lib.mkDefault true;
     user = "hd";
diff --git a/secrets.nix b/secrets.nix
index 9d71168..75eb17c 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -7,6 +7,7 @@ let
   secrets = [
     "roam/rclone-conf"
     "roam/firefox-sync-secret"
+    "roam/nextcloud-admin-password"
     "hd-password"
     "tlskey"
   ];
diff --git a/secrets/roam/nextcloud-admin-password.age b/secrets/roam/nextcloud-admin-password.age
new file mode 100644
index 0000000..d865938
--- /dev/null
+++ b/secrets/roam/nextcloud-admin-password.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 ydxpSQ iWfVti14xdYQoQcONqeWzMxyIEMKwn0d0IVGyMG1knk
+4be8tW7qIltggtFOpFFMAqtXzZ0J7nGWX9c5lakobko
+-> ssh-ed25519 IbE9zA PdTnWT8kxLGuXOUEsOEjDltqs8nAclso3U1KRvBsOAw
+bMivwzoemXiW7uph8LWF5gbnOiulbwMNoJGllZGL5fM
+-> ssh-ed25519 gbs8eg c79Pw+20bBwl72bZQUiSTXdjFSUvqZVN8kinu18qqTw
+mw/VdLeZIit6QiPV9fpBq8JYgZGRLmkUUo1ulXlHpKw
+-> ssh-ed25519 FTMbvw zBCK0W/t/WwOl7XVkor93oRq9ybjoalYoUEVRgLU+n0
+yWMzPgXmZ63q0MYvt5v968PEgAEK3nr6GL+WM0aHBqw
+--- xCcYFUPNbBgvN/74BxiaxZNwpPOfFUvNNwRLoGZ+3Vk
+BIiA¿ê%uõÖH€¸F«¨cÞ1Æß%	¦ z*é”-0ñ_ø¸SúJ~ýö
\ No newline at end of file