From 6ed59e1b15b78040e6716836e9ab1b863a633e0f Mon Sep 17 00:00:00 2001
From: Felix Albrigtsen <felixalbrigtsen@gmail.com>
Date: Thu, 8 Feb 2024 14:45:56 +0100
Subject: [PATCH] voyager: fix nextcloud startup problems

---
 hosts/voyager/services/nextcloud.nix | 43 +++++++++++++++-------------
 1 file changed, 23 insertions(+), 20 deletions(-)

diff --git a/hosts/voyager/services/nextcloud.nix b/hosts/voyager/services/nextcloud.nix
index b61c9fa..d4c70a7 100644
--- a/hosts/voyager/services/nextcloud.nix
+++ b/hosts/voyager/services/nextcloud.nix
@@ -59,26 +59,29 @@ in {
     after = [ "postgresql.service" ];
   };
 
-  systemd.services."phpfpm-nextcloud".serviceConfig = {
-    WorkingDirectory = "/var/lib/nextcloud";
-    NoNewPrivileges = true;
-    PrivateDevices = true;
-    PrivateMounts = true;
-    PrivateTmp = true;
-    ProtectClock = true;
-    ProtectHome = true;
-    ProtectHostname = true;
-    ProtectKernelLogs = true;
-    ProtectKernelModules = true;
-    ProtectKernelTunables = true;
-    ProtectProc = "invisible";
-    ReadWritePaths = [ "/var/lib/nextcloud" "/run/phpfpm" "/run/systemd" "/run/secrets" "/nix/store" ];
-    RemoveIPC = true;
-    RestrictSUIDSGID = true;
-    UMask = "0007";
-    SystemCallArchitectures = "native";
-    SystemCallFilter = "@system-service";
-    CapabilityBoundingSet = "~CAP_FSETID ~CAP_SETFCAP ~CAP_SETUID ~CAP_SETGID ~CAP_SETPCAP ~CAP_NET_ADMIN ~CAP_SYS_ADMIN ~CAP_SYS_PTRACE ";
+  systemd.services."phpfpm-nextcloud" = {
+    requires = [ "var-lib-nextcloud.mount" ];
+    serviceConfig = {
+      WorkingDirectory = "/var/lib/nextcloud";
+      NoNewPrivileges = true;
+      PrivateDevices = true;
+      PrivateMounts = true;
+      PrivateTmp = true;
+      ProtectClock = true;
+      ProtectHome = true;
+      ProtectHostname = true;
+      ProtectKernelLogs = true;
+      ProtectKernelModules = true;
+      ProtectKernelTunables = true;
+      ProtectProc = "invisible";
+      ReadWritePaths = [ "/var/lib/nextcloud" "/run/phpfpm" "/run/systemd" "/run/secrets" "/nix/store" ];
+      RemoveIPC = true;
+      RestrictSUIDSGID = true;
+      UMask = "0007";
+      SystemCallArchitectures = "native";
+      SystemCallFilter = "@system-service";
+      CapabilityBoundingSet = "~CAP_FSETID ~CAP_SETFCAP ~CAP_SETUID ~CAP_SETGID ~CAP_SETPCAP ~CAP_NET_ADMIN ~CAP_SYS_ADMIN ~CAP_SYS_PTRACE ";
+    };
   };
 
   fileSystems."/var/lib/nextcloud" = {