mc-fucker/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added nextcloud

Browse source
This commit is contained in:
mc-fucker 2025-11-24 10:57:57 +01:00
parent e0185b9b72
commit 47160a6a87
2 changed files with 161 additions and 106 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

247
modules/nextcloud.nix
View file

@ -1,124 +1,179 @@
{ pkgs, config, lib, ... }: { config, lib, ... }:
let let
oo_domain = "onlyoffice.mc-fucker.cool"; cfg = import ./vars.nix;
domain = "nc.mc-fucker.cool"; name = "nextcloud";
dbport = cfg.${name}.dbport;
#db_host = cfg.podman.hostIP;
port = cfg.${name}.port;
domain = cfg.${name}.domain;
in in
{ {
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "corefonts" ]; #allow a single package from unfree imports = [
#./podman.nix
services.postgresql = { ./podman-postgresql.nix # for the database
ensureDatabases = [ "nextcloud" ]; ./nginx.nix # for the webserver
ensureUsers = [
{
name = "nextcloud";
ensurePermissions = {
"DATABASE nextcloud" = "ALL PRIVILEGES";
};
}
]; ];
};
services.postgresqlBackup.databases = [ "nextcloud" ]; sops.secrets."${name}/db" = {};
#sops.secrets."${name}/env" = {};
services.nextcloud = { services.podman-postgresql."${name}" = {
autoUpdateApps.enable = true;
enable = true; enable = true;
caching.redis = true; image = "docker.io/library/postgres:16-alpine";
hostName = "${domain}"; port = (lib.strings.toInt dbport);
package = pkgs.nextcloud25; passwordFile = config.sops.secrets."${name}/db".path;
https = true;
config = {
dbtype = "pgsql";
#dbhost = "postgres";
dbhost = "/run/postgresql";
#dbpassFile = "/etc/nixos/keys/nextcloud-dbpassword";
extraTrustedDomains = [ "mc4" ];
adminpassFile = "/etc/nixos/keys/nextcloud-adminpassword";
adminuser = "Superadmin";
defaultPhoneRegion = "DE";
}; };
enableBrokenCiphersForSSE = false;
#poolSettings = { virtualisation.oci-containers.containers.${name} = {
# "pm" = "dynamic"; image = "lscr.io/linuxserver/nextcloud";
# "pm.max_children" = "256"; environment = {
# "pm.max_requests" = "1000"; TZ = "Europe/Berlin";
# "pm.max_spare_servers" = "64"; #DOCKER_MODS = "linuxserver/mods:universal-calibre";
# "pm.min_spare_servers" = "24"; PUID = "2000";
# "pm.start_servers" = "32"; PGID = "2000";
#}; };
#environmentFiles = [ config.sops.secrets."${name}/env".path ];
ports = [
"${port}:443"
];
volumes = [
"/var/lib/nextcloud:/config"
"/mnt/mergerfs/nextcloud:/data"
];
extraOptions = cfg.podman.extraOptions;
autoStart = false;
};
virtualisation.oci-containers.containers.collabora = {
image = "docker.io/collabora/code";
environment = {
TZ = "Europe/Berlin";
#DOCKER_MODS = "linuxserver/mods:universal-calibre";
#PUID = "2000";
#PGID = "2000";
};
#environmentFiles = [ config.sops.secrets."${name}/env".path ];
environment = {
extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
domain = "cloud.mc-fucker.cool";
VIRTUAL_HOST = "collabora.mc-fucker.cool";
};
ports = [
"9980:9980"
];
#volumes = [
# "/var/lib/nextcloud:/config"
# "/mnt/mergerfs/nextcloud:/data"
#];
extraOptions = cfg.podman.extraOptions;
}; };
services.nginx = { services.nginx = {
#package = pkgs.nginxMainline;
package = pkgs.nginxQuic; #upstreams.authentik = {
virtualHosts."${domain}" = { # servers."localhost:${port}" = {};
#};
#appendHttpConfig = ''
# map $http_upgrade $connection_upgrade_keepalive {
# default upgrade;
# ''' ''';
# }
#'';
virtualHosts.${domain} = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
#http3 = true;
locations."/" = {
proxyPass = "https://127.0.0.1:${port}";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_redirect off;
proxy_http_version 1.1;
'';
};
extraConfig = '' extraConfig = ''
access_log /var/log/nginx/${domain}_access.log; access_log /var/log/nginx/${domain}_access.log;
error_log /var/log/nginx/${domain}_error.log; error_log /var/log/nginx/${domain}_error.log;
client_max_body_size 5000M;
''; '';
}; };
};
services.redis = { virtualHosts."collabora.mc-fucker.cool" = let
enable = true; dom = "collabora.mc-fucker.cool";
unixSocket = "/run/redis/redis.sock"; url = "http://127.0.0.1:9980";
unixSocketPerm = 770; in
}; {
services.onlyoffice = {
enable = true;
hostname = oo_domain;
};
services.nginx.virtualHosts."${oo_domain}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
};
users.users = { locations."^~ /browser" = {
nginx = { proxyPass = url;
extraGroups = [ "onlyoffice" ]; extraConfig = ''
}; proxy_set_header Host $host;
};
users.groups.redis.members = [ "nextcloud" ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
security.acme = {
acceptTerms = true;
defaults.email = "dev@mc-fucker.cool";
};
systemd.services.nextcloud-redis-setup = let
redisConfig = pkgs.writeText "nextcloud-redis-config.php" ''
<?php
$CONFIG = [
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => [
'host' => '${config.services.redis.unixSocket}',
'port' => 0,
'dbindex' => 0,
'timeout' => 1.5,
],
'allow_local_remote_servers' => true,
];
''; '';
in {
wantedBy = [ "multi-user.target" ];
before = [ "phpfpm-nextcloud.service" ];
script = ''
ln -sf ${redisConfig} ${config.services.nextcloud.datadir}/config/redis.config.php
'';
serviceConfig.Type = "oneshot";
serviceConfig.User = "nextcloud";
}; };
locations."^~ /hosting/discovery" = {
proxyPass = url;
extraConfig = ''
proxy_set_header Host $host;
'';
};
locations."^~ /hosting/capabilities" = {
proxyPass = url;
extraConfig = ''
proxy_set_header Host $host;
'';
};
locations."~ ^/cool/(.*)/ws$" = {
proxyPass = url;
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 36000s;
'';
};
locations."~ ^/(c|l)ool" = {
proxyPass = url;
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 36000s;
'';
};
locations."^~ /cool/adminws" = {
proxyPass = url;
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 36000s;
'';
};
extraConfig = ''
access_log /var/log/nginx/${dom}_access.log;
error_log /var/log/nginx/${dom}_error.log;
client_max_body_size 5000M;
'';
};
};
} }
# vim: set et ts=2 sw=2 ai: # vim: set et ts=2 sw=2 ai:

2
systems/nasty/configuration.nix
View file

@ -18,7 +18,7 @@
./modules/tvproxy.nix ./modules/tvproxy.nix
#./modules/calibre-web.nix #./modules/calibre-web.nix
./modules/borg.nix ./modules/borg.nix
./modules/nctest.nix ./modules/nextcloud.nix
./modules/encode ./modules/encode
./modules/lancache.nix ./modules/lancache.nix
]; ];