haccfiles/hosts/hainich/services/nextcloud.nix
stuebinm e2d9f84109
nextcloud: fork module from nixpkgs and add extraOptions
- nextcloud now has its own container
 - redis caching appears to work
 - this now uses nextcloud 21
2021-04-20 23:15:41 +02:00

109 lines
3.1 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# TODOs before actually using this
# - change root auth to use adminpassFile
# - figure out how to use multiple pools (do we need this?)
# - how to enable ldap?
#
# Additional notes:
# - there is a services.nextcloud.phpExtraExtensions, which may be
# useful for this, but it's only in nixos-unstable for now
# - there's a services.nextcloud.autoUpdateApps do we trust nextcloud
# enough to enable it, or will everything break if we do?
{pkgs, config, ...}:
{
containers.nextcloud = {
autoStart = true;
privateNetwork = true;
hostAddress6 = "fd00::10:1";
localAddress6 = "fs00::10:2";
config = { pkgs, ... }: {
environment.systemPackages = [ pkgs.htop ];
imports = [ ./nextcloud-module.nix ];
services.nextcloud-patched = {
enable = true;
# must be set manually; may not be incremented by more than one at
# a time, otherwise nextcloud WILL break
package = pkgs.nextcloud21;
hostName = "cloud2.infra4future.de";
config = {
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
dbname = "nextcloud";
# there's also a adminpassFile option, but for testing this seems
# enough (less fiddling with getting the file into a nixos
# container for ad-hoc setups)
adminpass = "root";
adminuser = "root";
};
caching.redis = true;
# multiple pools may be doable using services.phpfpm.pools,
# but i have not tried this yet. The nextcloud module defines a
# pool "nextcloud"
poolSettings = {
pm = "dynamic";
"pm.max_children" = "32";
"pm.max_requests" = "500";
"pm.max_spare_servers" = "4";
"pm.min_spare_servers" = "2";
"pm.start_servers" = "2";
};
extraOptions = ''
'redis' => array(
'host' => '/run/redis/redis.sock',
'port' => 0,
'dbindex' => 0,
'password' => 'secret',
'timeout' => 1.5,
),
'';
};
services.redis = {
enable = true;
unixSocket = "/var/run/redis/redis.sock";
};
services.postgresql = {
enable = true;
ensureDatabases = [ "nextcloud" ];
ensureUsers = [
{ # by default, postgres has unix sockets enabled, and allows a
# system user `nextcloud` to log in without other authentication
name = "nextcloud";
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
}
];
};
# ensure that postgres is running *before* running the setup
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
};
};
services.nginx.virtualHosts."cloud2.infra4future.de" = {
locations."/".proxyPass = "http:[${config.containers.nextcloud.localAddress6}]";
enableACME = true;
forceSSL = true;
};
}