Now, I’d like to use my S3 object space as the primary storage for my Nextcloud instance.
I found this blog post which describes how to update Nextcloud’s config.php in order to achieve this, however I’d like to try and achieve this using the Nix services.nextcloud configuration if at all possible. The issue I’m running into is that it’s not obvious to me where I can add this.
My suspicion is that I might need to add a new objectstore option that translates to the necessary config here. However, the necessary configuration requires adding some secrets, namely the access key for the storage. While I’ve written nix modules with custom options before, I haven’t worked with secrets so I’m a little unsure how to go about this safely.
Has anyone managed to achieve something like this or might be able to point me in the right direction?
However, the necessary configuration requires adding some secrets, namely the access key for the storage.
Ahh it looks like the approach taken is to add an extra option to allow a user to specify a file path from which the secret can be read (only by the nextcloud user, of course). This allows to avoid storing the secret itself in the /nix/store. There’s already an example of this in the the nix nextcloud service configuration itself - see here. I think I’ll generalise this function to allow for specifying a path for the S3 bucket secret too.
For reference for future readers, there was some discussion around adding an extraConfig option to the nextcloud service. It seems there are still some problems left to solve before adding something that would be generally useful, so in the meantime I’ll likely just add new submodule options specific to the objectstore.