stuebinm
e2d9f84109
- nextcloud now has its own container - redis caching appears to work - this now uses nextcloud 21
109 lines
3.1 KiB
Nix
109 lines
3.1 KiB
Nix
# TODOs before actually using this
|
||
# - change root auth to use adminpassFile
|
||
# - figure out how to use multiple pools (do we need this?)
|
||
# - how to enable ldap?
|
||
#
|
||
# Additional notes:
|
||
# - there is a services.nextcloud.phpExtraExtensions, which may be
|
||
# useful for this, but it's only in nixos-unstable for now
|
||
# - there's a services.nextcloud.autoUpdateApps – do we trust nextcloud
|
||
# enough to enable it, or will everything break if we do?
|
||
|
||
|
||
|
||
{pkgs, config, ...}:
|
||
|
||
{
|
||
|
||
containers.nextcloud = {
|
||
|
||
autoStart = true;
|
||
privateNetwork = true;
|
||
hostAddress6 = "fd00::10:1";
|
||
localAddress6 = "fs00::10:2";
|
||
|
||
config = { pkgs, ... }: {
|
||
|
||
environment.systemPackages = [ pkgs.htop ];
|
||
|
||
imports = [ ./nextcloud-module.nix ];
|
||
|
||
services.nextcloud-patched = {
|
||
enable = true;
|
||
|
||
# must be set manually; may not be incremented by more than one at
|
||
# a time, otherwise nextcloud WILL break
|
||
package = pkgs.nextcloud21;
|
||
|
||
hostName = "cloud2.infra4future.de";
|
||
config = {
|
||
dbtype = "pgsql";
|
||
dbuser = "nextcloud";
|
||
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
|
||
dbname = "nextcloud";
|
||
# there's also a adminpassFile option, but for testing this seems
|
||
# enough (less fiddling with getting the file into a nixos
|
||
# container for ad-hoc setups)
|
||
adminpass = "root";
|
||
adminuser = "root";
|
||
};
|
||
|
||
caching.redis = true;
|
||
|
||
# multiple pools may be doable using services.phpfpm.pools,
|
||
# but i have not tried this yet. The nextcloud module defines a
|
||
# pool "nextcloud"
|
||
poolSettings = {
|
||
pm = "dynamic";
|
||
"pm.max_children" = "32";
|
||
"pm.max_requests" = "500";
|
||
"pm.max_spare_servers" = "4";
|
||
"pm.min_spare_servers" = "2";
|
||
"pm.start_servers" = "2";
|
||
};
|
||
|
||
extraOptions = ''
|
||
'redis' => array(
|
||
'host' => '/run/redis/redis.sock',
|
||
'port' => 0,
|
||
'dbindex' => 0,
|
||
'password' => 'secret',
|
||
'timeout' => 1.5,
|
||
),
|
||
'';
|
||
|
||
};
|
||
|
||
services.redis = {
|
||
enable = true;
|
||
unixSocket = "/var/run/redis/redis.sock";
|
||
};
|
||
|
||
services.postgresql = {
|
||
enable = true;
|
||
ensureDatabases = [ "nextcloud" ];
|
||
ensureUsers = [
|
||
{ # by default, postgres has unix sockets enabled, and allows a
|
||
# system user `nextcloud` to log in without other authentication
|
||
name = "nextcloud";
|
||
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
|
||
}
|
||
];
|
||
};
|
||
|
||
# ensure that postgres is running *before* running the setup
|
||
systemd.services."nextcloud-setup" = {
|
||
requires = ["postgresql.service"];
|
||
after = ["postgresql.service"];
|
||
};
|
||
|
||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||
};
|
||
};
|
||
|
||
services.nginx.virtualHosts."cloud2.infra4future.de" = {
|
||
locations."/".proxyPass = "http:[${config.containers.nextcloud.localAddress6}]";
|
||
enableACME = true;
|
||
forceSSL = true;
|
||
};
|
||
}
|