From efd9580783cec8be96893f876988f8404af30709 Mon Sep 17 00:00:00 2001 From: death916 Date: Thu, 5 Feb 2026 02:13:35 -0800 Subject: [PATCH] nc nix to docker --- .../containers/docker/nextcloud/compose.nix | 125 ++++++++++++++++++ modules/nextcloud-setup.nix.bak | 101 ++++++++++++++ modules/nixos/homelab/services.nix | 26 ++-- nixos/homelab.nix | 18 +-- 4 files changed, 249 insertions(+), 21 deletions(-) create mode 100644 modules/containers/docker/nextcloud/compose.nix create mode 100644 modules/nextcloud-setup.nix.bak diff --git a/modules/containers/docker/nextcloud/compose.nix b/modules/containers/docker/nextcloud/compose.nix new file mode 100644 index 0000000..2d91926 --- /dev/null +++ b/modules/containers/docker/nextcloud/compose.nix @@ -0,0 +1,125 @@ +{ + config, + pkgs, + lib, + ... +}: + +let + nextcloudExternalDomain = "cloud.death916.xyz"; + collaboraExternalDomain = "office.death916.xyz"; + + nextcloudDataPath = "/storage/nextcloud-data"; + adminPassFilePath = "/etc/nixos/secrets/nextcloud_admin_password"; + dbPassFilePath = "/etc/nixos/secrets/nextcloud_db_password"; + + nginxProxyManagerTailscaleIP = "100.117.212.36"; + homelabTailscaleIP = "100.65.36.116"; + + dockerBaseDir = "/var/lib/nextcloud-docker"; +in +{ + virtualisation.oci-containers.backend = "docker"; + + systemd.services.init-nextcloud-network = { + description = "Create network for Nextcloud containers"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig.Type = "oneshot"; + script = '' + ${pkgs.docker}/bin/docker network create nextcloud-net || true + ''; + }; + + virtualisation.oci-containers.containers = { + + nextcloud-db = { + image = "postgres:14-alpine"; + autoStart = true; + environment = { + POSTGRES_DB = "nextcloud"; + POSTGRES_USER = "nextcloud"; + POSTGRES_PASSWORD_FILE = "/run/secrets/db_pass"; + }; + volumes = [ + "${dockerBaseDir}/db:/var/lib/postgresql/data" + "${dbPassFilePath}:/run/secrets/db_pass:ro" + ]; + extraOptions = [ + "--network=nextcloud-net" + "--network-alias=db" + ]; + }; + + nextcloud-redis = { + image = "redis:alpine"; + autoStart = true; + extraOptions = [ + "--network=nextcloud-net" + "--network-alias=redis" + ]; + }; + + nextcloud-app = { + image = "nextcloud:32"; + autoStart = true; + environment = { + POSTGRES_HOST = "db"; + POSTGRES_DB = "nextcloud"; + POSTGRES_USER = "nextcloud"; + POSTGRES_PASSWORD_FILE = "/run/secrets/db_pass"; + + REDIS_HOST = "redis"; + + NEXTCLOUD_ADMIN_USER = "death916"; + NEXTCLOUD_ADMIN_PASSWORD_FILE = "/run/secrets/admin_pass"; + + NEXTCLOUD_TRUSTED_DOMAINS = "${nextcloudExternalDomain} ${homelabTailscaleIP} homelab"; + OVERWRITEPROTOCOL = "https"; + OVERWRITEHOST = nextcloudExternalDomain; + OVERWRITECLIURL = "https://${nextcloudExternalDomain}"; + + PHP_MEMORY_LIMIT = "4G"; + PHP_UPLOAD_LIMIT = "4G"; + }; + volumes = [ + "${nextcloudDataPath}:/var/www/html/data" + "${dockerBaseDir}/html:/var/www/html" + "${dbPassFilePath}:/run/secrets/db_pass:ro" + "${adminPassFilePath}:/run/secrets/admin_pass:ro" + ]; + ports = [ "8080:80" ]; + dependsOn = [ + "nextcloud-db" + "nextcloud-redis" + ]; + extraOptions = [ "--network=nextcloud-net" ]; + }; + + nextcloud-collabora = { + image = "collabora/code"; + autoStart = true; + environment = { + domain = collaboraExternalDomain; + extra_params = "--o:ssl.enable=false --o:ssl.termination=true"; + wopi_allowlist = "127.0.0.1,::1,${nginxProxyManagerTailscaleIP}"; + username = "admin"; + password_file = "/run/secrets/admin_pass"; + }; + volumes = [ + "${adminPassFilePath}:/run/secrets/admin_pass:ro" + ]; + ports = [ "9980:9980" ]; + extraOptions = [ + "--network=nextcloud-net" + "--network-alias=collabora" + "--cap-add=MKNOD" + ]; + }; + }; + + networking.firewall.allowedTCPPorts = [ + 8080 + 9980 + ]; +} diff --git a/modules/nextcloud-setup.nix.bak b/modules/nextcloud-setup.nix.bak new file mode 100644 index 0000000..78ec031 --- /dev/null +++ b/modules/nextcloud-setup.nix.bak @@ -0,0 +1,101 @@ +# ~/nixconfig/modules/nextcloud-setup.nix +{ + config, + pkgs, + lib, + ... +}: + +let + nextcloudExternalDomain = "cloud.death916.xyz"; # Domain used by NPM + adminPassFilePath = "/etc/nixos/secrets/nextcloud_admin_password"; + dbPassFilePath = "/etc/nixos/secrets/nextcloud_db_password"; + nextcloudDataPath = "/storage/nextcloud-data"; + nginxProxyManagerTailscaleIP = "100.117.212.36"; # IP of your NPM + + internalNextcloudHttpPort = 80; + + # --- For Direct Tailscale Access to homelab's Nextcloud --- + homelabTailscaleIP = "100.65.36.116"; + homelabMagicDNSName = "homelab"; +in +{ + # --- PostgreSQL & Redis setup ... (as before) --- + services.postgresql = { + enable = true; + package = pkgs.postgresql_14; + ensureDatabases = [ "nextcloud" ]; + ensureUsers = [ { name = "nextcloud"; } ]; + }; + services.redis.servers.nextcloud = { + enable = true; + user = "nextcloud"; + unixSocket = "/run/redis-nextcloud/redis.sock"; + port = 0; + }; + systemd.tmpfiles.rules = [ "d /run/redis-nextcloud 0750 nextcloud nextcloud - -" ]; + + # --- Nextcloud Service Configuration --- + services.nextcloud = { + enable = true; + package = pkgs.nextcloud32; + extraApps = { + # inherit (config.services.nextcloud.package.packages.apps) richdocuments; + }; + hostName = nextcloudExternalDomain; + + https = false; # NPM handles HTTPS. Nextcloud serves HTTP internally. + datadir = nextcloudDataPath; + maxUploadSize = "2G"; + + config = { + dbtype = "pgsql"; + dbuser = "nextcloud"; + dbhost = "/run/postgresql"; + dbname = "nextcloud"; + dbpassFile = dbPassFilePath; + adminuser = "death916"; + adminpassFile = adminPassFilePath; + }; + extraOptions = { + session_keepalive = true; + remember_login_cookie_lifetime = 7776000; # 90 days in seconds + }; + + settings = { + trusted_domains = [ + nextcloudExternalDomain # For access via NPM + homelabTailscaleIP # For direct access via Tailscale IP + homelabMagicDNSName # For direct access via Tailscale MagicDNS name + # "localhost" # If you run occ commands directly on homelab + ]; + + # --- Trusted Proxies: For NPM path --- + trusted_proxies = [ nginxProxyManagerTailscaleIP ]; + + overwriteprotocol = "https"; + overwritehost = nextcloudExternalDomain; + "overwrite.cli.url" = "https://${nextcloudExternalDomain}"; # For occ commands + + overwritecondaddr = "^${nginxProxyManagerTailscaleIP}$"; + "memcache.local" = "\\OC\\Memcache\\APCu"; + "memcache.distributed" = "\\OC\\Memcache\\Redis"; + "memcache.locking" = "\\OC\\Memcache\\Redis"; + filelocking.enabled = true; + redis = { + host = "/run/redis-nextcloud/redis.sock"; + port = 0; + }; + }; + caching.redis = true; + phpOptions = lib.mkForce { "memory_limit" = "4G"; }; + }; + + users.users.nextcloud = { + isSystemUser = true; + group = "nextcloud"; + }; + users.groups.nextcloud = { }; + + networking.firewall.allowedTCPPorts = [ internalNextcloudHttpPort ]; # Port 80 +} diff --git a/modules/nixos/homelab/services.nix b/modules/nixos/homelab/services.nix index be72f53..701ca98 100644 --- a/modules/nixos/homelab/services.nix +++ b/modules/nixos/homelab/services.nix @@ -13,6 +13,8 @@ ../../c2cscrape.nix ../../../modules/containers/docker/dispatcharr/docker-compose.nix ../../../modules/containers/haos.nix + ../../../modules/containers/docker/nextcloud/compose.nix + ]; arrSuite.enable = true; services.samba.shares.Media.path = "/media/storage/media"; @@ -24,18 +26,18 @@ environmentFile = "/etc/nixos/secrets/c2c.env"; }; # virtualisation.incus.enable = true; - services.qbittorrent = { - enable = true; - profileDir = "/storage/services/qbittorrent"; - user = "qbittorrent"; - group = "media_services"; - webuiPort = 8090; - openFirewall = true; - package = pkgs.qbittorrent-nox; - }; - - systemd.services.qbittorrent.unitConfig.RequiresMountsFor = [ "/media" ]; - systemd.services.qbittorrent.unitConfig.ConditionPathIsMountPoint = "/media"; + services.qbittorrent = { + enable = true; + profileDir = "/storage/services/qbittorrent"; + user = "qbittorrent"; + group = "media_services"; + webuiPort = 8090; + openFirewall = true; + package = pkgs.qbittorrent-nox; + }; + + systemd.services.qbittorrent.unitConfig.RequiresMountsFor = [ "/media" ]; + systemd.services.qbittorrent.unitConfig.ConditionPathIsMountPoint = "/media"; users.users.audiobookshelf = { isSystemUser = true; group = "media_services"; diff --git a/nixos/homelab.nix b/nixos/homelab.nix index 4cc73d3..e8f4fe1 100644 --- a/nixos/homelab.nix +++ b/nixos/homelab.nix @@ -1,7 +1,7 @@ # ~/nixconfig/nixos/homelab.nix.new { imports = [ - ../modules/nextcloud-setup.nix + # ../modules/nextcloud-setup.nix ../modules/media/arr-suite.nix ../modules/smb.nix ../modules/nixos/homelab/networking.nix @@ -24,14 +24,14 @@ systemd.services.radarr.requires = [ "network-online.target" ]; systemd.services.prowlarr.after = [ "network-online.target" ]; systemd.services.prowlarr.requires = [ "network-online.target" ]; - systemd.services.nextcloud-setup.after = [ - "network-online.target" - "postgresql.service" - ]; - systemd.services.nextcloud-setup.requires = [ - "network-online.target" - "postgresql.service" - ]; + # systemd.services.nextcloud-setup.after = [ + # "network-online.target" + # "postgresql.service" + # ]; + # systemd.services.nextcloud-setup.requires = [ + # "network-online.target" + # "postgresql.service" + # ]; arrSuite.unpackerr.enable = true; system.stateVersion = "24.11";