diff --git a/configs/workhorse/configuration.nix b/configs/workhorse/configuration.nix index 943fa31..38699b3 100644 --- a/configs/workhorse/configuration.nix +++ b/configs/workhorse/configuration.nix @@ -67,11 +67,11 @@ virtualisation = { docker.enable = true; - virtualbox = { - host.enable = true; - guest.x11 = true; - guest.enable = true; - }; + #virtualbox = { + # host.enable = true; + # guest.x11 = true; + # guest.enable = true; + #}; }; } diff --git a/configs/workhorse/nextcloud.nix b/configs/workhorse/nextcloud.nix index f16a143..dce8641 100644 --- a/configs/workhorse/nextcloud.nix +++ b/configs/workhorse/nextcloud.nix @@ -3,16 +3,33 @@ # setup nextcloud in a container containers.nextcloud = { bindMounts = { - password = { - hostPath = toString ; - mountPoint = toString ; + rootpassword = { + hostPath = toString ; + mountPoint = toString ; + isReadOnly = true; + }; + databasepassword = { + hostPath = toString ; + mountPoint = toString ; isReadOnly = true; }; home = { + # make sure this folder exist on the host hostPath = toString "/home/nextcloud"; mountPoint = "/var/lib/nextcloud"; isReadOnly = false; }; + db = { + # make sure this folder exist on the host + hostPath = toString "/home/nextcloud_db"; + mountPoint = "/var/lib/mysql"; + isReadOnly = false; + }; + krops-lib = { + mountPoint = toString ; + hostPath = toString ; + isReadOnly = true; + }; modules = { mountPoint = toString ; hostPath = toString ; @@ -28,7 +45,7 @@ config = { config, pkgs, ... }: { - imports = [ ]; + imports = [ ]; # don't forget the database backup before doing this # https://docs.nextcloud.com/server/stable/admin_manual/maintenance/backup.html @@ -49,15 +66,65 @@ networking.firewall.allowedTCPPorts = [ 80 ]; networking.firewall.allowedUDPPorts = [ 80 ]; + # nextcloud database + # ================== + # + # set user password: + # ----------------- + # #> mysql + # mysql> ALTER USER 'nextcloud'@'localhost' IDENTIFIED BY 'nextcloud-password'; + # + # recreate database: + # ------------------ + # mysql> DROP DATABASE nextcloud; + # mysql> CREATE DATABASE nextcloud; + # + # migration: + # ---------- + # nextcloud-occ db:convert-type --all-apps mysql nextcloud 127.0.0.1 nextcloud + # + # 4-byte stuff: + # ------------- + # https://docs.nextcloud.com/server/18/admin_manual/configuration_database/mysql_4byte_support.html + # if you do this don't forget --default-character-set=utf8mb4 for mysqldump + services.mysql = { + enable = true; + package = pkgs.mysql; + ensureDatabases = [ "nextcloud" ]; + ensureUsers = [{ + name = "nextcloud"; + ensurePermissions = { "nextcloud.*" = "ALL PRIVILEGES"; }; + }]; + extraOptions = '' + innodb_large_prefix=true + innodb_file_format=barracuda + innodb_file_per_table=1 + ''; + }; + + # nextcloud setup later.services.nextcloud = { enable = true; autoUpdateApps.enable = true; - config.adminpassFile = toString ; nginx.enable = true; hostName = "nextcloud.ingolf-wagner.de"; #logLevel = 0; - config.overwriteProtocol = "https"; - config.trustedProxies = [ "195.201.134.247" "192.168.100.11" ]; + https = true; + config = { + adminpassFile = toString ; + overwriteProtocol = "https"; + trustedProxies = [ "195.201.134.247" "192.168.100.11" ]; + dbtype = "mysql"; + dbpassFile = toString config.krops.userKeys."nextcloud".target; + dbport = 3306; + }; + }; + + # provide password file for database with proper rights + krops.userKeys."nextcloud" = { + user = "nextcloud"; + source = toString ; + requiredBy = [ "nginx.service" ]; }; environment.systemPackages = [ pkgs.smbclient ];