nixos-config/configs/workhorse/nextcloud.nix

{ pkgs, ... }: {

  # setup nextcloud in a container
  containers.nextcloud = {
    bindMounts = {
      password = {
        hostPath = toString <secrets/nextcloud/rootpassword>;
        mountPoint = toString <secrets/nextcloud/rootpassword>;
        isReadOnly = true;
      };
      home = {
        hostPath = toString "/home/nextcloud";
        mountPoint = "/var/lib/nextcloud";
        isReadOnly = false;
      };
    };

    privateNetwork = true;
    hostAddress = "192.168.100.10";
    localAddress = "192.168.100.11";

    autoStart = true;

    config = { config, pkgs, ... }: {

      networking.firewall.allowedTCPPorts = [ 80 ];
      networking.firewall.allowedUDPPorts = [ 80 ];

      services.nextcloud = {
        enable = true;
        autoUpdateApps.enable = true;
        config.adminpassFile = toString <secrets/nextcloud/rootpassword>;
        nginx.enable = true;
        hostName = "nextcloud.workhorse.private";
        logLevel = 0;
        config.extraTrustedDomains = [
          "nextcloud.ingolf-wagner.de"
          "nextcloud.gaykraft.com"
          "192.168.100.11"
        ];
      };

      environment.systemPackages = [ pkgs.smbclient ];
    };
  };

  # give containers internet access
  networking.nat.enable = true;
  networking.nat.internalInterfaces = [ "ve-nextcloud" ];
  networking.nat.externalInterface = "eth0";

  # don't let networkmanager manger container network
  networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];

  # host nginx setup
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    virtualHosts = {
      "nextcloud.workhorse.private" = {
        serverAliases =
          [ "nextcloud.ingolf-wagner.de" "nextcloud.gaykraft.com" ];
        locations."/" = {
          proxyPass = "http://192.168.100.11";
          extraConfig = ''

            # rewrite response bodies
            # -----------------------
            sub_filter "192.168.100.11" "nextcloud.workhorse.private";

            # rewrite redirects
            # -----------------
            #proxy_redirect http://192.168.100.11:80/ http://$host:$server_port/;
            #proxy_redirect 192.168.100.11 nextcloud.workhorse.private;

            # allow big uploads
            # -----------------
            client_max_body_size 0;
          '';
        };
      };
    };
  };

}
nextcloud: add samba client 2020-03-03 18:45:35 +01:00			`{ pkgs, ... }: {`
nextcloud: use a container 2020-03-03 20:09:31 +01:00
			`# setup nextcloud in a container`
			`containers.nextcloud = {`
			`bindMounts = {`
			`password = {`
			`hostPath = toString <secrets/nextcloud/rootpassword>;`
			`mountPoint = toString <secrets/nextcloud/rootpassword>;`
			`isReadOnly = true;`
			`};`
			`home = {`
			`hostPath = toString "/home/nextcloud";`
			`mountPoint = "/var/lib/nextcloud";`
			`isReadOnly = false;`
			`};`
			`};`

			`privateNetwork = true;`
			`hostAddress = "192.168.100.10";`
			`localAddress = "192.168.100.11";`

			`autoStart = true;`

			`config = { config, pkgs, ... }: {`

			`networking.firewall.allowedTCPPorts = [ 80 ];`
			`networking.firewall.allowedUDPPorts = [ 80 ];`

			`services.nextcloud = {`
			`enable = true;`
			`autoUpdateApps.enable = true;`
			`config.adminpassFile = toString <secrets/nextcloud/rootpassword>;`
			`nginx.enable = true;`
			`hostName = "nextcloud.workhorse.private";`
			`logLevel = 0;`
			`config.extraTrustedDomains = [`
			`"nextcloud.ingolf-wagner.de"`
			`"nextcloud.gaykraft.com"`
			`"192.168.100.11"`
			`];`
			`};`

			`environment.systemPackages = [ pkgs.smbclient ];`
			`};`
nextcloud: add nextcloud but wrong folder 2020-03-03 17:14:21 +01:00			`};`
nextcloud: add samba client 2020-03-03 18:45:35 +01:00
nextcloud: add nat to container 2020-03-03 23:20:34 +01:00			`# give containers internet access`
			`networking.nat.enable = true;`
			`networking.nat.internalInterfaces = [ "ve-nextcloud" ];`
			`networking.nat.externalInterface = "eth0";`

			`# don't let networkmanager manger container network`
			`networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];`

nextcloud: use a container 2020-03-03 20:09:31 +01:00			`# host nginx setup`
			`services.nginx = {`
			`enable = true;`
nextcloud: make oauth logins possible 2020-03-04 07:37:03 +01:00			`recommendedProxySettings = true;`
nextcloud: use a container 2020-03-03 20:09:31 +01:00			`virtualHosts = {`
			`"nextcloud.workhorse.private" = {`
nextcloud: make oauth logins possible 2020-03-04 07:37:03 +01:00			`serverAliases =`
			`[ "nextcloud.ingolf-wagner.de" "nextcloud.gaykraft.com" ];`
nextcloud: use a container 2020-03-03 20:09:31 +01:00			`locations."/" = {`
			`proxyPass = "http://192.168.100.11";`
			`extraConfig = ''`
nextcloud: make oauth logins possible 2020-03-04 07:37:03 +01:00
			`# rewrite response bodies`
			`# -----------------------`
nextcloud: use a container 2020-03-03 20:09:31 +01:00			`sub_filter "192.168.100.11" "nextcloud.workhorse.private";`
nextcloud: make oauth logins possible 2020-03-04 07:37:03 +01:00
			`# rewrite redirects`
			`# -----------------`
			`#proxy_redirect http://192.168.100.11:80/ http://$host:$server_port/;`
			`#proxy_redirect 192.168.100.11 nextcloud.workhorse.private;`

			`# allow big uploads`
			`# -----------------`
nextcloud: use a container 2020-03-03 20:09:31 +01:00			`client_max_body_size 0;`
			`'';`
			`};`
			`};`
			`};`
			`};`
nextcloud: add samba client 2020-03-03 18:45:35 +01:00
nextcloud: add nextcloud but wrong folder 2020-03-03 17:14:21 +01:00			`}`