stuebinm
f654b33a56
this started with emily pointing out to me that it's possible to generate IP addresses for containers in Nix (hence no need to worry about ever having collisions, as we had before), but then I thought, hey, while I'm at it, I can also write a little container module so we have a little less repetition in our configs in general (and a more reasonable place for our custom evalConfig than just keeping it around in flake.nix). See the option descriptions in modules/containers.nix for further details. Apart from giving all containers a new IP address (and also shiny new IPv6 addresses), this should be a no-op for the actual built system.
88 lines
2.6 KiB
Nix
88 lines
2.6 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
{
|
|
hacc.containers.nextcloud = {
|
|
config = { config, lib, pkgs, ... }: {
|
|
environment.systemPackages = [ pkgs.htop ];
|
|
|
|
services.nextcloud = {
|
|
enable = true;
|
|
|
|
# must be set manually; may not be incremented by more than one at
|
|
# a time, otherwise nextcloud WILL break
|
|
package = pkgs.nextcloud27;
|
|
|
|
home = "/persist/nextcloud";
|
|
https = true;
|
|
|
|
hostName = "cloud.infra4future.de";
|
|
config = {
|
|
dbtype = "pgsql";
|
|
dbuser = "nextcloud";
|
|
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
|
|
dbname = "nextcloud";
|
|
# socket auth does not needs this, but the module insists it does
|
|
adminpassFile = "/persist/adminpassfile";
|
|
adminuser = "root";
|
|
};
|
|
|
|
# multiple pools may be doable using services.phpfpm.pools,
|
|
# but i have not tried this yet. The nextcloud module defines a
|
|
# pool "nextcloud"
|
|
poolSettings = {
|
|
pm = "dynamic";
|
|
"pm.max_children" = "32";
|
|
"pm.max_requests" = "500";
|
|
"pm.max_spare_servers" = "4";
|
|
"pm.min_spare_servers" = "2";
|
|
"pm.start_servers" = "2";
|
|
};
|
|
|
|
extraOptions = {
|
|
instanceid = "ocxlphb7fbju";
|
|
datadirectory = "/persist/nextcloud/data";
|
|
loglevel = 0;
|
|
"overwrite.cli.url" = "https://cloud.infra4future.de";
|
|
};
|
|
};
|
|
|
|
services.postgresql = {
|
|
enable = true;
|
|
package = pkgs.postgresql_15;
|
|
ensureDatabases = [ "nextcloud" ];
|
|
ensureUsers = [
|
|
{ # by default, postgres has unix sockets enabled, and allows a
|
|
# system user `nextcloud` to log in without other authentication
|
|
name = "nextcloud";
|
|
ensureDBOwnership = true;
|
|
}
|
|
];
|
|
};
|
|
|
|
services.postgresqlBackup = {
|
|
enable = true;
|
|
databases = [ "nextcloud" ];
|
|
startAt = "*-*-* 23:45:00";
|
|
location = "/persist/backups/postgres";
|
|
};
|
|
|
|
# ensure that postgres is running *before* running the setup
|
|
systemd.services."nextcloud-setup" = {
|
|
requires = ["postgresql.service"];
|
|
after = ["postgresql.service"];
|
|
};
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."cloud.infra4future.de" = {
|
|
locations."/".proxyPass = "http://${config.containers.nextcloud.localAddress}:80";
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
extraConfig = ''
|
|
proxy_buffering off;
|
|
client_max_body_size 0;
|
|
add_header Cache-Control "no-store, no-cache, must-revalidate";
|
|
'';
|
|
};
|
|
|
|
}
|