nextcloud: use a container

2020-03-04 03:09:31 +08:00 · 2020-03-04 03:09:31 +08:00 · d66e28d96c
commit d66e28d96c
parent 9f16c6bf1b
2 changed files with 59 additions and 11 deletions
--- a/configs/workhorse/nextcloud.nix
+++ b/configs/workhorse/nextcloud.nix
@ -1,16 +1,63 @@
 { pkgs, ... }: {
+
+  # setup nextcloud in a container
+  containers.nextcloud = {
+    bindMounts = {
+      password = {
+        hostPath = toString <secrets/nextcloud/rootpassword>;
+        mountPoint = toString <secrets/nextcloud/rootpassword>;
+        isReadOnly = true;
+      };
+      home = {
+        hostPath = toString "/home/nextcloud";
+        mountPoint = "/var/lib/nextcloud";
+        isReadOnly = false;
+      };
+    };
+
+    privateNetwork = true;
+    hostAddress = "192.168.100.10";
+    localAddress = "192.168.100.11";
+
+    autoStart = true;
+
+    config = { config, pkgs, ... }: {
+
+      networking.firewall.allowedTCPPorts = [ 80 ];
+      networking.firewall.allowedUDPPorts = [ 80 ];
+
      services.nextcloud = {
        enable = true;
        autoUpdateApps.enable = true;
        config.adminpassFile = toString <secrets/nextcloud/rootpassword>;
-    #home = "/home/nextcloud";
        nginx.enable = true;
        hostName = "nextcloud.workhorse.private";
        logLevel = 0;
-    config.extraTrustedDomains =
-      [ "nextcloud.ingolf-wagner.de" "nextcloud.gaykraft.com" ];
+        config.extraTrustedDomains = [
+          "nextcloud.ingolf-wagner.de"
+          "nextcloud.gaykraft.com"
+          "192.168.100.11"
+        ];
      };

      environment.systemPackages = [ pkgs.smbclient ];
+    };
+  };
+
+  # host nginx setup
+  services.nginx = {
+    enable = true;
+    virtualHosts = {
+      "nextcloud.workhorse.private" = {
+        locations."/" = {
+          proxyPass = "http://192.168.100.11";
+          extraConfig = ''
+            sub_filter "192.168.100.11" "nextcloud.workhorse.private";
+            client_max_body_size 0;
+          '';
+        };
+      };
+    };
+  };

 }
--- a/configs/workhorse/syncthing.nix
+++ b/configs/workhorse/syncthing.nix
@ -5,6 +5,7 @@
    folders = {
      movies = config.test.services.syncthing.declarative.folders.movies.path;
      series = config.test.services.syncthing.declarative.folders.series.path;
+      samples = config.test.services.syncthing.declarative.folders.samples.path;
      music =
        config.test.services.syncthing.declarative.folders.music-library.path;
    };