nixos-config/configs/workhorse/nextcloud.nix

95 lines
2.7 KiB
Nix
Raw Normal View History

2020-03-03 18:45:35 +01:00
{ pkgs, ... }: {
2020-03-03 20:09:31 +01:00
# setup nextcloud in a container
containers.nextcloud = {
bindMounts = {
password = {
hostPath = toString <secrets/nextcloud/rootpassword>;
mountPoint = toString <secrets/nextcloud/rootpassword>;
isReadOnly = true;
};
home = {
hostPath = toString "/home/nextcloud";
mountPoint = "/var/lib/nextcloud";
isReadOnly = false;
};
};
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.11";
autoStart = true;
config = { config, pkgs, ... }: {
2020-03-05 17:11:47 +01:00
# don't forget the database backup before doing this
# https://docs.nextcloud.com/server/stable/admin_manual/maintenance/backup.html
# https://docs.nextcloud.com/server/stable/admin_manual/maintenance/upgrade.html
# use snapshots in case of a rollback
nixpkgs.config.packageOverrides = super: {
nextcloud = super.nextcloud.overrideAttrs (old: rec {
name = "nextcloud-${version}";
version = "18.0.1";
src = super.fetchurl {
url =
"https://download.nextcloud.com/server/releases/nextcloud-18.0.1.tar.bz2";
sha256 = "1h0rxpdssn1hc65k41zbvww9r4f79vbd9bixc9ri5n7hp0say3vp";
};
});
};
2020-03-03 20:09:31 +01:00
networking.firewall.allowedTCPPorts = [ 80 ];
networking.firewall.allowedUDPPorts = [ 80 ];
services.nextcloud = {
enable = true;
autoUpdateApps.enable = true;
config.adminpassFile = toString <secrets/nextcloud/rootpassword>;
nginx.enable = true;
hostName = "nextcloud.ingolf-wagner.de";
2020-03-05 17:11:47 +01:00
#logLevel = 0;
config.overwriteProtocol = "https";
2020-03-03 20:09:31 +01:00
config.extraTrustedDomains = [
"nextcloud.ingolf-wagner.de"
#"nextcloud.gaykraft.com"
2020-03-03 20:09:31 +01:00
"192.168.100.11"
];
};
2020-03-04 13:50:41 +01:00
environment.systemPackages = [ pkgs.smbclient ];
2020-03-03 20:09:31 +01:00
};
};
2020-03-03 18:45:35 +01:00
2020-03-03 23:20:34 +01:00
# give containers internet access
networking.nat.enable = true;
networking.nat.internalInterfaces = [ "ve-nextcloud" ];
networking.nat.externalInterface = "eth0";
# don't let networkmanager manger container network
networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
2020-03-03 20:09:31 +01:00
# host nginx setup
services.nginx = {
enable = true;
2020-03-04 07:37:03 +01:00
recommendedProxySettings = true;
2020-03-03 20:09:31 +01:00
virtualHosts = {
"nextcloud.workhorse.private" = {
serverAliases = [
"nextcloud.ingolf-wagner.de"
# "nextcloud.gaykraft.com"
];
2020-03-03 20:09:31 +01:00
locations."/" = {
proxyPass = "http://192.168.100.11";
extraConfig = ''
# allow big uploads
# -----------------
client_max_body_size 0;
2020-03-03 20:09:31 +01:00
'';
};
};
};
};
2020-03-03 18:45:35 +01:00
}