{ pkgs, ... }: { # setup nextcloud in a container containers.nextcloud = { bindMounts = { password = { hostPath = toString ; mountPoint = toString ; isReadOnly = true; }; home = { hostPath = toString "/home/nextcloud"; mountPoint = "/var/lib/nextcloud"; isReadOnly = false; }; }; privateNetwork = true; hostAddress = "192.168.100.10"; localAddress = "192.168.100.11"; autoStart = true; config = { config, pkgs, ... }: { networking.firewall.allowedTCPPorts = [ 80 ]; networking.firewall.allowedUDPPorts = [ 80 ]; services.nextcloud = { enable = true; autoUpdateApps.enable = true; config.adminpassFile = toString ; nginx.enable = true; hostName = "nextcloud.workhorse.private"; logLevel = 2; config.overwriteProtocol = "https"; config.extraTrustedDomains = [ "nextcloud.ingolf-wagner.de" "nextcloud.gaykraft.com" "192.168.100.11" ]; }; environment.systemPackages = [ pkgs.smbclient ]; }; }; # give containers internet access networking.nat.enable = true; networking.nat.internalInterfaces = [ "ve-nextcloud" ]; networking.nat.externalInterface = "eth0"; # don't let networkmanager manger container network networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; # host nginx setup services.nginx = { enable = true; recommendedProxySettings = true; virtualHosts = { "nextcloud.workhorse.private" = { serverAliases = [ "nextcloud.ingolf-wagner.de" "nextcloud.gaykraft.com" ]; locations."/" = { proxyPass = "http://192.168.100.11"; extraConfig = '' # allow big uploads # ----------------- client_max_body_size 0; ''; }; }; }; }; }