haccfiles/hosts/hainich/services/nextcloud.nix

# TODOs before actually using this
# - change root auth to use adminpassFile
# - figure out how to use multiple pools (do we need this?)
# - how to enable ldap?
#
# Additional notes:
#  - there is a services.nextcloud.phpExtraExtensions, which may be
#    useful for this, but it's only in nixos-unstable for now
#  - there's a services.nextcloud.autoUpdateApps – do we trust nextcloud
#    enough to enable it, or will everything break if we do?


{pkgs, config, ...}:

{

  containers.nextcloud = {

    autoStart = true;
    privateNetwork = true;
    hostAddress6 = "fd00::10:1";
    localAddress6 = "fs00::10:2";

    config = { pkgs, ... }: {

      environment.systemPackages = [ pkgs.htop ];

      imports = [ ./nextcloud-module.nix ];

      services.nextcloud-patched = {
        enable = true;

        # must be set manually; may not be incremented by more than one at
        # a time, otherwise nextcloud WILL break
        package = pkgs.nextcloud21;

        hostName = "cloud2.infra4future.de";
        config = {
          dbtype = "pgsql";
          dbuser = "nextcloud";
          dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
          dbname = "nextcloud";
          # there's also a adminpassFile option, but for testing this seems
          # enough (less fiddling with getting the file into a nixos
          # container for ad-hoc setups)
          adminpass = "root";
          adminuser = "root";
        };

        caching.redis = true;

        # multiple pools may be doable using services.phpfpm.pools,
        # but i have not tried this yet. The nextcloud module defines a
        # pool "nextcloud"
        poolSettings = {
          pm = "dynamic";
          "pm.max_children" = "32";
          "pm.max_requests" = "500";
          "pm.max_spare_servers" = "4";
          "pm.min_spare_servers" = "2";
          "pm.start_servers" = "2";
        };

        extraOptions = ''
          'redis' => array(
            'host' => '/run/redis/redis.sock',
            'port' => 0,
            'dbindex' => 0,
            'password' => 'secret',
            'timeout' => 1.5,
          ),
        '';

      };

      services.redis = {
        enable = true;
        unixSocket = "/var/run/redis/redis.sock";
      };

      services.postgresql = {
        enable = true;
        ensureDatabases = [ "nextcloud" ];
        ensureUsers = [
          { # by default, postgres has unix sockets enabled, and allows a
          # system user `nextcloud` to log in without other authentication
          name = "nextcloud";
          ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
          }
        ];
      };

      # ensure that postgres is running *before* running the setup
      systemd.services."nextcloud-setup" = {
        requires = ["postgresql.service"];
        after = ["postgresql.service"];
      };

      networking.firewall.allowedTCPPorts = [ 80 443 ];
    };
  };

  services.nginx.virtualHosts."cloud2.infra4future.de" = {
    locations."/".proxyPass = "http:[${config.containers.nextcloud.localAddress6}]";
    enableACME = true;
    forceSSL = true;
  };
}
-												First draft for a nextcloud deployment on nix

Things to note:
 - DO NOT DEPLOY THIS
 - use nixos-container for testing instead

I've played around with nextcloud on NixOS, essentially following the
examples given in the NixOS manual and searching through some of the
other options. Nextcloud itself works fine with this setup, as does
its database (postgres), and most of the other basic stuff.

However, the nextcloud module as it currently exists appears to be fairly
limited and incomplete in its capabilities, e.g. lack of options for redis
or multiple php pools; in general, it lacks extraOptions-hooks. For redis
the documentation even explicitely notes (in caching.redis) that redis
requires additional options set in `config.php`, but it appears these cannot
currently be set using nix.

I guess we have as options:
 - I missed something and it does in fact work
 - we can wait for later versions; looks like 21.03 will add at least *some* more
 - we can fork the module and add options ourselves
 - we can configure it nextcloud by manually editing `config.php`, as it's not
   actually inside the nix store but at /var/lib/nextcloud/config (veto)

See comments for additional notes and todos.

											
										
										
											2021-02-11 23:05:57 +00:00
+								# TODOs before actually using this
 								# - change root auth to use adminpassFile
 								# - figure out how to use multiple pools (do we need this?)
 								# - how to enable ldap?
 								#
 								# Additional notes:
 								#  - there is a services.nextcloud.phpExtraExtensions, which may be
 								#    useful for this, but it's only in nixos-unstable for now
 								#  - there's a services.nextcloud.autoUpdateApps – do we trust nextcloud
 								#    enough to enable it, or will everything break if we do?
-												nextcloud: fork module from nixpkgs and add extraOptions

 - nextcloud now has its own container
 - redis caching appears to work
 - this now uses nextcloud 21

											
										
										
											2021-03-25 17:28:31 +00:00
 								{pkgs, config, ...}:
-												First draft for a nextcloud deployment on nix

Things to note:
 - DO NOT DEPLOY THIS
 - use nixos-container for testing instead

I've played around with nextcloud on NixOS, essentially following the
examples given in the NixOS manual and searching through some of the
other options. Nextcloud itself works fine with this setup, as does
its database (postgres), and most of the other basic stuff.

However, the nextcloud module as it currently exists appears to be fairly
limited and incomplete in its capabilities, e.g. lack of options for redis
or multiple php pools; in general, it lacks extraOptions-hooks. For redis
the documentation even explicitely notes (in caching.redis) that redis
requires additional options set in `config.php`, but it appears these cannot
currently be set using nix.

I guess we have as options:
 - I missed something and it does in fact work
 - we can wait for later versions; looks like 21.03 will add at least *some* more
 - we can fork the module and add options ourselves
 - we can configure it nextcloud by manually editing `config.php`, as it's not
   actually inside the nix store but at /var/lib/nextcloud/config (veto)

See comments for additional notes and todos.

											
										
										
											2021-02-11 23:05:57 +00:00
+								{
-												nextcloud: fork module from nixpkgs and add extraOptions

 - nextcloud now has its own container
 - redis caching appears to work
 - this now uses nextcloud 21

											
										
										
											2021-03-25 17:28:31 +00:00
+								  containers.nextcloud = {
-												First draft for a nextcloud deployment on nix

Things to note:
 - DO NOT DEPLOY THIS
 - use nixos-container for testing instead

I've played around with nextcloud on NixOS, essentially following the
examples given in the NixOS manual and searching through some of the
other options. Nextcloud itself works fine with this setup, as does
its database (postgres), and most of the other basic stuff.

However, the nextcloud module as it currently exists appears to be fairly
limited and incomplete in its capabilities, e.g. lack of options for redis
or multiple php pools; in general, it lacks extraOptions-hooks. For redis
the documentation even explicitely notes (in caching.redis) that redis
requires additional options set in `config.php`, but it appears these cannot
currently be set using nix.

I guess we have as options:
 - I missed something and it does in fact work
 - we can wait for later versions; looks like 21.03 will add at least *some* more
 - we can fork the module and add options ourselves
 - we can configure it nextcloud by manually editing `config.php`, as it's not
   actually inside the nix store but at /var/lib/nextcloud/config (veto)

See comments for additional notes and todos.

											
										
										
											2021-02-11 23:05:57 +00:00
-												nextcloud: fork module from nixpkgs and add extraOptions

 - nextcloud now has its own container
 - redis caching appears to work
 - this now uses nextcloud 21

											
										
										
											2021-03-25 17:28:31 +00:00
+								    autoStart = true;
 								    privateNetwork = true;
 								    hostAddress6 = "fd00::10:1";
 								    localAddress6 = "fs00::10:2";
 								    config = { pkgs, ... }: {
 								      environment.systemPackages = [ pkgs.htop ];
 								      imports = [ ./nextcloud-module.nix ];
 								      services.nextcloud-patched = {
 								        enable = true;
-												First draft for a nextcloud deployment on nix

Things to note:
 - DO NOT DEPLOY THIS
 - use nixos-container for testing instead

I've played around with nextcloud on NixOS, essentially following the
examples given in the NixOS manual and searching through some of the
other options. Nextcloud itself works fine with this setup, as does
its database (postgres), and most of the other basic stuff.

However, the nextcloud module as it currently exists appears to be fairly
limited and incomplete in its capabilities, e.g. lack of options for redis
or multiple php pools; in general, it lacks extraOptions-hooks. For redis
the documentation even explicitely notes (in caching.redis) that redis
requires additional options set in `config.php`, but it appears these cannot
currently be set using nix.

I guess we have as options:
 - I missed something and it does in fact work
 - we can wait for later versions; looks like 21.03 will add at least *some* more
 - we can fork the module and add options ourselves
 - we can configure it nextcloud by manually editing `config.php`, as it's not
   actually inside the nix store but at /var/lib/nextcloud/config (veto)

See comments for additional notes and todos.

											
										
										
											2021-02-11 23:05:57 +00:00
-												nextcloud: fork module from nixpkgs and add extraOptions

 - nextcloud now has its own container
 - redis caching appears to work
 - this now uses nextcloud 21

											
										
										
											2021-03-25 17:28:31 +00:00
+								        # must be set manually; may not be incremented by more than one at
 								        # a time, otherwise nextcloud WILL break
 								        package = pkgs.nextcloud21;
 								        hostName = "cloud2.infra4future.de";
 								        config = {
 								          dbtype = "pgsql";
 								          dbuser = "nextcloud";
 								          dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
 								          dbname = "nextcloud";
 								          # there's also a adminpassFile option, but for testing this seems
 								          # enough (less fiddling with getting the file into a nixos
 								          # container for ad-hoc setups)
 								          adminpass = "root";
 								          adminuser = "root";
 								        };
 								        caching.redis = true;
 								        # multiple pools may be doable using services.phpfpm.pools,
 								        # but i have not tried this yet. The nextcloud module defines a
 								        # pool "nextcloud"
 								        poolSettings = {
 								          pm = "dynamic";
 								          "pm.max_children" = "32";
 								          "pm.max_requests" = "500";
 								          "pm.max_spare_servers" = "4";
 								          "pm.min_spare_servers" = "2";
 								          "pm.start_servers" = "2";
 								        };
 								        extraOptions = ''
 								          'redis' => array(
 								            'host' => '/run/redis/redis.sock',
 								            'port' => 0,
 								            'dbindex' => 0,
 								            'password' => 'secret',
 								            'timeout' => 1.5,
 								          ),
 								        '';
 								      };
 								      services.redis = {
 								        enable = true;
 								        unixSocket = "/var/run/redis/redis.sock";
 								      };
 								      services.postgresql = {
 								        enable = true;
 								        ensureDatabases = [ "nextcloud" ];
 								        ensureUsers = [
 								          { # by default, postgres has unix sockets enabled, and allows a
 								          # system user `nextcloud` to log in without other authentication
 								          name = "nextcloud";
 								          ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
 								          }
 								        ];
 								      };
 								      # ensure that postgres is running *before* running the setup
 								      systemd.services."nextcloud-setup" = {
 								        requires = ["postgresql.service"];
 								        after = ["postgresql.service"];
 								      };
 								      networking.firewall.allowedTCPPorts = [ 80 443 ];
 								    };
-												First draft for a nextcloud deployment on nix

Things to note:
 - DO NOT DEPLOY THIS
 - use nixos-container for testing instead

I've played around with nextcloud on NixOS, essentially following the
examples given in the NixOS manual and searching through some of the
other options. Nextcloud itself works fine with this setup, as does
its database (postgres), and most of the other basic stuff.

However, the nextcloud module as it currently exists appears to be fairly
limited and incomplete in its capabilities, e.g. lack of options for redis
or multiple php pools; in general, it lacks extraOptions-hooks. For redis
the documentation even explicitely notes (in caching.redis) that redis
requires additional options set in `config.php`, but it appears these cannot
currently be set using nix.

I guess we have as options:
 - I missed something and it does in fact work
 - we can wait for later versions; looks like 21.03 will add at least *some* more
 - we can fork the module and add options ourselves
 - we can configure it nextcloud by manually editing `config.php`, as it's not
   actually inside the nix store but at /var/lib/nextcloud/config (veto)

See comments for additional notes and todos.

											
										
										
											2021-02-11 23:05:57 +00:00
+								  };
-												nextcloud: fork module from nixpkgs and add extraOptions

 - nextcloud now has its own container
 - redis caching appears to work
 - this now uses nextcloud 21

											
										
										
											2021-03-25 17:28:31 +00:00
+								  services.nginx.virtualHosts."cloud2.infra4future.de" = {
 								    locations."/".proxyPass = "http:[${config.containers.nextcloud.localAddress6}]";
 								    enableACME = true;
 								    forceSSL = true;
 								  };
-												First draft for a nextcloud deployment on nix

Things to note:
 - DO NOT DEPLOY THIS
 - use nixos-container for testing instead

I've played around with nextcloud on NixOS, essentially following the
examples given in the NixOS manual and searching through some of the
other options. Nextcloud itself works fine with this setup, as does
its database (postgres), and most of the other basic stuff.

However, the nextcloud module as it currently exists appears to be fairly
limited and incomplete in its capabilities, e.g. lack of options for redis
or multiple php pools; in general, it lacks extraOptions-hooks. For redis
the documentation even explicitely notes (in caching.redis) that redis
requires additional options set in `config.php`, but it appears these cannot
currently be set using nix.

I guess we have as options:
 - I missed something and it does in fact work
 - we can wait for later versions; looks like 21.03 will add at least *some* more
 - we can fork the module and add options ourselves
 - we can configure it nextcloud by manually editing `config.php`, as it's not
   actually inside the nix store but at /var/lib/nextcloud/config (veto)

See comments for additional notes and todos.

											
										
										
											2021-02-11 23:05:57 +00:00
+								}