death916/nixconfig
1
0
Fork 0
mirror of https://github.com/Death916/nixconfig.git synced 2026-04-11 04:48:25 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

nc nix to docker

Browse source
This commit is contained in:
death916 2026-02-05 02:13:35 -08:00
parent 2f3ca2434d
commit efd9580783
4 changed files with 249 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

125
modules/containers/docker/nextcloud/compose.nix Normal file
View file

@ -0,0 +1,125 @@
{
config,
pkgs,
lib,
...
}:
let
nextcloudExternalDomain = "cloud.death916.xyz";
collaboraExternalDomain = "office.death916.xyz";
nextcloudDataPath = "/storage/nextcloud-data";
adminPassFilePath = "/etc/nixos/secrets/nextcloud_admin_password";
dbPassFilePath = "/etc/nixos/secrets/nextcloud_db_password";
nginxProxyManagerTailscaleIP = "100.117.212.36";
homelabTailscaleIP = "100.65.36.116";
dockerBaseDir = "/var/lib/nextcloud-docker";
in
{
virtualisation.oci-containers.backend = "docker";
systemd.services.init-nextcloud-network = {
description = "Create network for Nextcloud containers";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
script = ''
${pkgs.docker}/bin/docker network create nextcloud-net || true
'';
};
virtualisation.oci-containers.containers = {
nextcloud-db = {
image = "postgres:14-alpine";
autoStart = true;
environment = {
POSTGRES_DB = "nextcloud";
POSTGRES_USER = "nextcloud";
POSTGRES_PASSWORD_FILE = "/run/secrets/db_pass";
};
volumes = [
"${dockerBaseDir}/db:/var/lib/postgresql/data"
"${dbPassFilePath}:/run/secrets/db_pass:ro"
];
extraOptions = [
"--network=nextcloud-net"
"--network-alias=db"
];
};
nextcloud-redis = {
image = "redis:alpine";
autoStart = true;
extraOptions = [
"--network=nextcloud-net"
"--network-alias=redis"
];
};
nextcloud-app = {
image = "nextcloud:32";
autoStart = true;
environment = {
POSTGRES_HOST = "db";
POSTGRES_DB = "nextcloud";
POSTGRES_USER = "nextcloud";
POSTGRES_PASSWORD_FILE = "/run/secrets/db_pass";
REDIS_HOST = "redis";
NEXTCLOUD_ADMIN_USER = "death916";
NEXTCLOUD_ADMIN_PASSWORD_FILE = "/run/secrets/admin_pass";
NEXTCLOUD_TRUSTED_DOMAINS = "${nextcloudExternalDomain} ${homelabTailscaleIP} homelab";
OVERWRITEPROTOCOL = "https";
OVERWRITEHOST = nextcloudExternalDomain;
OVERWRITECLIURL = "https://${nextcloudExternalDomain}";
PHP_MEMORY_LIMIT = "4G";
PHP_UPLOAD_LIMIT = "4G";
};
volumes = [
"${nextcloudDataPath}:/var/www/html/data"
"${dockerBaseDir}/html:/var/www/html"
"${dbPassFilePath}:/run/secrets/db_pass:ro"
"${adminPassFilePath}:/run/secrets/admin_pass:ro"
];
ports = [ "8080:80" ];
dependsOn = [
"nextcloud-db"
"nextcloud-redis"
];
extraOptions = [ "--network=nextcloud-net" ];
};
nextcloud-collabora = {
image = "collabora/code";
autoStart = true;
environment = {
domain = collaboraExternalDomain;
extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
wopi_allowlist = "127.0.0.1,::1,${nginxProxyManagerTailscaleIP}";
username = "admin";
password_file = "/run/secrets/admin_pass";
};
volumes = [
"${adminPassFilePath}:/run/secrets/admin_pass:ro"
];
ports = [ "9980:9980" ];
extraOptions = [
"--network=nextcloud-net"
"--network-alias=collabora"
"--cap-add=MKNOD"
];
};
};
networking.firewall.allowedTCPPorts = [
8080
9980
];
}

101
modules/nextcloud-setup.nix.bak Normal file
View file

@ -0,0 +1,101 @@
# ~/nixconfig/modules/nextcloud-setup.nix
{
config,
pkgs,
lib,
...
}:
let
nextcloudExternalDomain = "cloud.death916.xyz"; # Domain used by NPM
adminPassFilePath = "/etc/nixos/secrets/nextcloud_admin_password";
dbPassFilePath = "/etc/nixos/secrets/nextcloud_db_password";
nextcloudDataPath = "/storage/nextcloud-data";
nginxProxyManagerTailscaleIP = "100.117.212.36"; # IP of your NPM
internalNextcloudHttpPort = 80;
# --- For Direct Tailscale Access to homelab's Nextcloud ---
homelabTailscaleIP = "100.65.36.116";
homelabMagicDNSName = "homelab";
in
{
# --- PostgreSQL & Redis setup ... (as before) ---
services.postgresql = {
enable = true;
package = pkgs.postgresql_14;
ensureDatabases = [ "nextcloud" ];
ensureUsers = [ { name = "nextcloud"; } ];
};
services.redis.servers.nextcloud = {
enable = true;
user = "nextcloud";
unixSocket = "/run/redis-nextcloud/redis.sock";
port = 0;
};
systemd.tmpfiles.rules = [ "d /run/redis-nextcloud 0750 nextcloud nextcloud - -" ];
# --- Nextcloud Service Configuration ---
services.nextcloud = {
enable = true;
package = pkgs.nextcloud32;
extraApps = {
# inherit (config.services.nextcloud.package.packages.apps) richdocuments;
};
hostName = nextcloudExternalDomain;
https = false; # NPM handles HTTPS. Nextcloud serves HTTP internally.
datadir = nextcloudDataPath;
maxUploadSize = "2G";
config = {
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql";
dbname = "nextcloud";
dbpassFile = dbPassFilePath;
adminuser = "death916";
adminpassFile = adminPassFilePath;
};
extraOptions = {
session_keepalive = true;
remember_login_cookie_lifetime = 7776000; # 90 days in seconds
};
settings = {
trusted_domains = [
nextcloudExternalDomain # For access via NPM
homelabTailscaleIP # For direct access via Tailscale IP
homelabMagicDNSName # For direct access via Tailscale MagicDNS name
# "localhost" # If you run occ commands directly on homelab
];
# --- Trusted Proxies: For NPM path ---
trusted_proxies = [ nginxProxyManagerTailscaleIP ];
overwriteprotocol = "https";
overwritehost = nextcloudExternalDomain;
"overwrite.cli.url" = "https://${nextcloudExternalDomain}"; # For occ commands
overwritecondaddr = "^${nginxProxyManagerTailscaleIP}$";
"memcache.local" = "\\OC\\Memcache\\APCu";
"memcache.distributed" = "\\OC\\Memcache\\Redis";
"memcache.locking" = "\\OC\\Memcache\\Redis";
filelocking.enabled = true;
redis = {
host = "/run/redis-nextcloud/redis.sock";
port = 0;
};
};
caching.redis = true;
phpOptions = lib.mkForce { "memory_limit" = "4G"; };
};
users.users.nextcloud = {
isSystemUser = true;
group = "nextcloud";
};
users.groups.nextcloud = { };
networking.firewall.allowedTCPPorts = [ internalNextcloudHttpPort ]; # Port 80
}

24
modules/nixos/homelab/services.nix
View file

@ -13,6 +13,8 @@
../../c2cscrape.nix ../../c2cscrape.nix
../../../modules/containers/docker/dispatcharr/docker-compose.nix ../../../modules/containers/docker/dispatcharr/docker-compose.nix
../../../modules/containers/haos.nix ../../../modules/containers/haos.nix
../../../modules/containers/docker/nextcloud/compose.nix
]; ];
arrSuite.enable = true; arrSuite.enable = true;
services.samba.shares.Media.path = "/media/storage/media"; services.samba.shares.Media.path = "/media/storage/media";
@ -24,18 +26,18 @@
environmentFile = "/etc/nixos/secrets/c2c.env"; environmentFile = "/etc/nixos/secrets/c2c.env";
}; };
# virtualisation.incus.enable = true; # virtualisation.incus.enable = true;
services.qbittorrent = { services.qbittorrent = {
enable = true; enable = true;
profileDir = "/storage/services/qbittorrent"; profileDir = "/storage/services/qbittorrent";
user = "qbittorrent"; user = "qbittorrent";
group = "media_services"; group = "media_services";
webuiPort = 8090; webuiPort = 8090;
openFirewall = true; openFirewall = true;
package = pkgs.qbittorrent-nox; package = pkgs.qbittorrent-nox;
}; };
systemd.services.qbittorrent.unitConfig.RequiresMountsFor = [ "/media" ]; systemd.services.qbittorrent.unitConfig.RequiresMountsFor = [ "/media" ];
systemd.services.qbittorrent.unitConfig.ConditionPathIsMountPoint = "/media"; systemd.services.qbittorrent.unitConfig.ConditionPathIsMountPoint = "/media";
users.users.audiobookshelf = { users.users.audiobookshelf = {
isSystemUser = true; isSystemUser = true;
group = "media_services"; group = "media_services";

18
nixos/homelab.nix
View file

@ -1,7 +1,7 @@
# ~/nixconfig/nixos/homelab.nix.new # ~/nixconfig/nixos/homelab.nix.new
{ {
imports = [ imports = [
../modules/nextcloud-setup.nix # ../modules/nextcloud-setup.nix
../modules/media/arr-suite.nix ../modules/media/arr-suite.nix
../modules/smb.nix ../modules/smb.nix
../modules/nixos/homelab/networking.nix ../modules/nixos/homelab/networking.nix
@ -24,14 +24,14 @@
systemd.services.radarr.requires = [ "network-online.target" ]; systemd.services.radarr.requires = [ "network-online.target" ];
systemd.services.prowlarr.after = [ "network-online.target" ]; systemd.services.prowlarr.after = [ "network-online.target" ];
systemd.services.prowlarr.requires = [ "network-online.target" ]; systemd.services.prowlarr.requires = [ "network-online.target" ];
systemd.services.nextcloud-setup.after = [ # systemd.services.nextcloud-setup.after = [
"network-online.target" # "network-online.target"
"postgresql.service" # "postgresql.service"
]; # ];
systemd.services.nextcloud-setup.requires = [ # systemd.services.nextcloud-setup.requires = [
"network-online.target" # "network-online.target"
"postgresql.service" # "postgresql.service"
]; # ];
arrSuite.unpackerr.enable = true; arrSuite.unpackerr.enable = true;
system.stateVersion = "24.11"; system.stateVersion = "24.11";