{ config, lib, ... }: let cfg = import ./vars.nix; name = "nextcloud"; dbport = cfg.${name}.dbport; #db_host = cfg.podman.hostIP; port = cfg.${name}.port; domain = cfg.${name}.domain; in { imports = [ #./podman.nix ./podman-postgresql.nix # for the database ./nginx.nix # for the webserver ]; sops.secrets."${name}/db" = {}; #sops.secrets."${name}/env" = {}; services.podman-postgresql."${name}" = { enable = true; image = "docker.io/library/postgres:16-alpine"; port = (lib.strings.toInt dbport); passwordFile = config.sops.secrets."${name}/db".path; }; virtualisation.oci-containers.containers.${name} = { image = "lscr.io/linuxserver/nextcloud"; environment = { TZ = "Europe/Berlin"; #DOCKER_MODS = "linuxserver/mods:universal-calibre"; PUID = "2000"; PGID = "2000"; }; #environmentFiles = [ config.sops.secrets."${name}/env".path ]; ports = [ "${port}:443" ]; volumes = [ "/var/lib/nextcloud:/config" "/mnt/mergerfs/nextcloud:/data" ]; extraOptions = cfg.podman.extraOptions; autoStart = false; }; virtualisation.oci-containers.containers.collabora = { image = "docker.io/collabora/code"; environment = { TZ = "Europe/Berlin"; #DOCKER_MODS = "linuxserver/mods:universal-calibre"; #PUID = "2000"; #PGID = "2000"; }; #environmentFiles = [ config.sops.secrets."${name}/env".path ]; environment = { extra_params = "--o:ssl.enable=false --o:ssl.termination=true"; domain = "cloud.mc-fucker.cool"; VIRTUAL_HOST = "collabora.mc-fucker.cool"; }; ports = [ "9980:9980" ]; #volumes = [ # "/var/lib/nextcloud:/config" # "/mnt/mergerfs/nextcloud:/data" #]; extraOptions = cfg.podman.extraOptions; }; services.nginx = { #upstreams.authentik = { # servers."localhost:${port}" = {}; #}; #appendHttpConfig = '' # map $http_upgrade $connection_upgrade_keepalive { # default upgrade; # ''' '''; # } #''; virtualHosts.${domain} = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "https://127.0.0.1:${port}"; extraConfig = '' proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_redirect off; proxy_http_version 1.1; ''; }; extraConfig = '' access_log /var/log/nginx/${domain}_access.log; error_log /var/log/nginx/${domain}_error.log; client_max_body_size 5000M; ''; }; virtualHosts."collabora.mc-fucker.cool" = let dom = "collabora.mc-fucker.cool"; url = "http://127.0.0.1:9980"; in { forceSSL = true; enableACME = true; locations."^~ /browser" = { proxyPass = url; extraConfig = '' proxy_set_header Host $host; ''; }; locations."^~ /hosting/discovery" = { proxyPass = url; extraConfig = '' proxy_set_header Host $host; ''; }; locations."^~ /hosting/capabilities" = { proxyPass = url; extraConfig = '' proxy_set_header Host $host; ''; }; locations."~ ^/cool/(.*)/ws$" = { proxyPass = url; extraConfig = '' proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_read_timeout 36000s; ''; }; locations."~ ^/(c|l)ool" = { proxyPass = url; extraConfig = '' proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_read_timeout 36000s; ''; }; locations."^~ /cool/adminws" = { proxyPass = url; extraConfig = '' proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_read_timeout 36000s; ''; }; extraConfig = '' access_log /var/log/nginx/${dom}_access.log; error_log /var/log/nginx/${dom}_error.log; client_max_body_size 5000M; ''; }; }; } # vim: set et ts=2 sw=2 ai: