nc nix to docker

2026-04-10 02:54:39 -07:00 · 2026-02-05 02:13:35 -08:00 · 2026-02-05 02:13:35 -08:00 · efd9580783
commit efd9580783
parent 2f3ca2434d
4 changed files with 249 additions and 21 deletions
--- a/modules/containers/docker/nextcloud/compose.nix
+++ b/modules/containers/docker/nextcloud/compose.nix
@ -0,0 +1,125 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  nextcloudExternalDomain = "cloud.death916.xyz";
+  collaboraExternalDomain = "office.death916.xyz";
+
+  nextcloudDataPath = "/storage/nextcloud-data";
+  adminPassFilePath = "/etc/nixos/secrets/nextcloud_admin_password";
+  dbPassFilePath = "/etc/nixos/secrets/nextcloud_db_password";
+
+  nginxProxyManagerTailscaleIP = "100.117.212.36";
+  homelabTailscaleIP = "100.65.36.116";
+
+  dockerBaseDir = "/var/lib/nextcloud-docker";
+in
+{
+  virtualisation.oci-containers.backend = "docker";
+
+  systemd.services.init-nextcloud-network = {
+    description = "Create network for Nextcloud containers";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig.Type = "oneshot";
+    script = ''
+      ${pkgs.docker}/bin/docker network create nextcloud-net || true
+    '';
+  };
+
+  virtualisation.oci-containers.containers = {
+
+    nextcloud-db = {
+      image = "postgres:14-alpine";
+      autoStart = true;
+      environment = {
+        POSTGRES_DB = "nextcloud";
+        POSTGRES_USER = "nextcloud";
+        POSTGRES_PASSWORD_FILE = "/run/secrets/db_pass";
+      };
+      volumes = [
+        "${dockerBaseDir}/db:/var/lib/postgresql/data"
+        "${dbPassFilePath}:/run/secrets/db_pass:ro"
+      ];
+      extraOptions = [
+        "--network=nextcloud-net"
+        "--network-alias=db"
+      ];
+    };
+
+    nextcloud-redis = {
+      image = "redis:alpine";
+      autoStart = true;
+      extraOptions = [
+        "--network=nextcloud-net"
+        "--network-alias=redis"
+      ];
+    };
+
+    nextcloud-app = {
+      image = "nextcloud:32";
+      autoStart = true;
+      environment = {
+        POSTGRES_HOST = "db";
+        POSTGRES_DB = "nextcloud";
+        POSTGRES_USER = "nextcloud";
+        POSTGRES_PASSWORD_FILE = "/run/secrets/db_pass";
+
+        REDIS_HOST = "redis";
+
+        NEXTCLOUD_ADMIN_USER = "death916";
+        NEXTCLOUD_ADMIN_PASSWORD_FILE = "/run/secrets/admin_pass";
+
+        NEXTCLOUD_TRUSTED_DOMAINS = "${nextcloudExternalDomain} ${homelabTailscaleIP} homelab";
+        OVERWRITEPROTOCOL = "https";
+        OVERWRITEHOST = nextcloudExternalDomain;
+        OVERWRITECLIURL = "https://${nextcloudExternalDomain}";
+
+        PHP_MEMORY_LIMIT = "4G";
+        PHP_UPLOAD_LIMIT = "4G";
+      };
+      volumes = [
+        "${nextcloudDataPath}:/var/www/html/data"
+        "${dockerBaseDir}/html:/var/www/html"
+        "${dbPassFilePath}:/run/secrets/db_pass:ro"
+        "${adminPassFilePath}:/run/secrets/admin_pass:ro"
+      ];
+      ports = [ "8080:80" ];
+      dependsOn = [
+        "nextcloud-db"
+        "nextcloud-redis"
+      ];
+      extraOptions = [ "--network=nextcloud-net" ];
+    };
+
+    nextcloud-collabora = {
+      image = "collabora/code";
+      autoStart = true;
+      environment = {
+        domain = collaboraExternalDomain;
+        extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
+        wopi_allowlist = "127.0.0.1,::1,${nginxProxyManagerTailscaleIP}";
+        username = "admin";
+        password_file = "/run/secrets/admin_pass";
+      };
+      volumes = [
+        "${adminPassFilePath}:/run/secrets/admin_pass:ro"
+      ];
+      ports = [ "9980:9980" ];
+      extraOptions = [
+        "--network=nextcloud-net"
+        "--network-alias=collabora"
+        "--cap-add=MKNOD"
+      ];
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    8080
+    9980
+  ];
+}
--- a/modules/nextcloud-setup.nix.bak
+++ b/modules/nextcloud-setup.nix.bak
@ -0,0 +1,101 @@
+# ~/nixconfig/modules/nextcloud-setup.nix
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  nextcloudExternalDomain = "cloud.death916.xyz"; # Domain used by NPM
+  adminPassFilePath = "/etc/nixos/secrets/nextcloud_admin_password";
+  dbPassFilePath = "/etc/nixos/secrets/nextcloud_db_password";
+  nextcloudDataPath = "/storage/nextcloud-data";
+  nginxProxyManagerTailscaleIP = "100.117.212.36"; # IP of your NPM
+
+  internalNextcloudHttpPort = 80;
+
+  # --- For Direct Tailscale Access to homelab's Nextcloud ---
+  homelabTailscaleIP = "100.65.36.116";
+  homelabMagicDNSName = "homelab";
+in
+{
+  # --- PostgreSQL & Redis setup ... (as before) ---
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_14;
+    ensureDatabases = [ "nextcloud" ];
+    ensureUsers = [ { name = "nextcloud"; } ];
+  };
+  services.redis.servers.nextcloud = {
+    enable = true;
+    user = "nextcloud";
+    unixSocket = "/run/redis-nextcloud/redis.sock";
+    port = 0;
+  };
+  systemd.tmpfiles.rules = [ "d /run/redis-nextcloud 0750 nextcloud nextcloud - -" ];
+
+  # --- Nextcloud Service Configuration ---
+  services.nextcloud = {
+    enable = true;
+    package = pkgs.nextcloud32;
+    extraApps = {
+      # inherit (config.services.nextcloud.package.packages.apps) richdocuments;
+    };
+    hostName = nextcloudExternalDomain;
+
+    https = false; # NPM handles HTTPS. Nextcloud serves HTTP internally.
+    datadir = nextcloudDataPath;
+    maxUploadSize = "2G";
+
+    config = {
+      dbtype = "pgsql";
+      dbuser = "nextcloud";
+      dbhost = "/run/postgresql";
+      dbname = "nextcloud";
+      dbpassFile = dbPassFilePath;
+      adminuser = "death916";
+      adminpassFile = adminPassFilePath;
+    };
+    extraOptions = {
+      session_keepalive = true;
+      remember_login_cookie_lifetime = 7776000; # 90 days in seconds
+    };
+
+    settings = {
+      trusted_domains = [
+        nextcloudExternalDomain # For access via NPM
+        homelabTailscaleIP # For direct access via Tailscale IP
+        homelabMagicDNSName # For direct access via Tailscale MagicDNS name
+        # "localhost"                   # If you run occ commands directly on homelab
+      ];
+
+      # --- Trusted Proxies: For NPM path ---
+      trusted_proxies = [ nginxProxyManagerTailscaleIP ];
+
+      overwriteprotocol = "https";
+      overwritehost = nextcloudExternalDomain;
+      "overwrite.cli.url" = "https://${nextcloudExternalDomain}"; # For occ commands
+
+      overwritecondaddr = "^${nginxProxyManagerTailscaleIP}$";
+      "memcache.local" = "\\OC\\Memcache\\APCu";
+      "memcache.distributed" = "\\OC\\Memcache\\Redis";
+      "memcache.locking" = "\\OC\\Memcache\\Redis";
+      filelocking.enabled = true;
+      redis = {
+        host = "/run/redis-nextcloud/redis.sock";
+        port = 0;
+      };
+    };
+    caching.redis = true;
+    phpOptions = lib.mkForce { "memory_limit" = "4G"; };
+  };
+
+  users.users.nextcloud = {
+    isSystemUser = true;
+    group = "nextcloud";
+  };
+  users.groups.nextcloud = { };
+
+  networking.firewall.allowedTCPPorts = [ internalNextcloudHttpPort ]; # Port 80
+}
--- a/modules/nixos/homelab/services.nix
+++ b/modules/nixos/homelab/services.nix
@ -13,6 +13,8 @@
    ../../c2cscrape.nix
    ../../../modules/containers/docker/dispatcharr/docker-compose.nix
    ../../../modules/containers/haos.nix
+    ../../../modules/containers/docker/nextcloud/compose.nix
+
  ];
  arrSuite.enable = true;
  services.samba.shares.Media.path = "/media/storage/media";
@ -24,18 +26,18 @@
    environmentFile = "/etc/nixos/secrets/c2c.env";
  };
  #  virtualisation.incus.enable = true;
-    services.qbittorrent = {
-      enable = true;
-      profileDir = "/storage/services/qbittorrent";
-      user = "qbittorrent";
-      group = "media_services";
-      webuiPort = 8090;
-      openFirewall = true;
-      package = pkgs.qbittorrent-nox;
-    };
-  
-    systemd.services.qbittorrent.unitConfig.RequiresMountsFor = [ "/media" ];
-    systemd.services.qbittorrent.unitConfig.ConditionPathIsMountPoint = "/media";
+  services.qbittorrent = {
+    enable = true;
+    profileDir = "/storage/services/qbittorrent";
+    user = "qbittorrent";
+    group = "media_services";
+    webuiPort = 8090;
+    openFirewall = true;
+    package = pkgs.qbittorrent-nox;
+  };
+
+  systemd.services.qbittorrent.unitConfig.RequiresMountsFor = [ "/media" ];
+  systemd.services.qbittorrent.unitConfig.ConditionPathIsMountPoint = "/media";
  users.users.audiobookshelf = {
    isSystemUser = true;
    group = "media_services";
--- a/nixos/homelab.nix
+++ b/nixos/homelab.nix
@ -1,7 +1,7 @@
 # ~/nixconfig/nixos/homelab.nix.new
 {
  imports = [
-    ../modules/nextcloud-setup.nix
+    # ../modules/nextcloud-setup.nix
    ../modules/media/arr-suite.nix
    ../modules/smb.nix
    ../modules/nixos/homelab/networking.nix
@ -24,14 +24,14 @@
    systemd.services.radarr.requires = [ "network-online.target" ];
    systemd.services.prowlarr.after = [ "network-online.target" ];
    systemd.services.prowlarr.requires = [ "network-online.target" ];
-    systemd.services.nextcloud-setup.after = [
-      "network-online.target"
-      "postgresql.service"
-    ];
-    systemd.services.nextcloud-setup.requires = [
-      "network-online.target"
-      "postgresql.service"
-    ];
+    # systemd.services.nextcloud-setup.after = [
+    # "network-online.target"
+    # "postgresql.service"
+    # ];
+    # systemd.services.nextcloud-setup.requires = [
+    # "network-online.target"
+    # "postgresql.service"
+    # ];

    arrSuite.unpackerr.enable = true;
    system.stateVersion = "24.11";