mc-fucker/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos-config/modules/nextcloud.nix
mc-fucker 47160a6a87 added nextcloud
2025-11-24 10:57:57 +01:00

179 lines
4.5 KiB
Nix
Raw Blame History

{ config, lib, ... }:
let
cfg = import ./vars.nix;
name = "nextcloud";
dbport = cfg.${name}.dbport;
#db_host = cfg.podman.hostIP;
port = cfg.${name}.port;
domain = cfg.${name}.domain;
in
{
imports = [
#./podman.nix
./podman-postgresql.nix # for the database
./nginx.nix # for the webserver
];
sops.secrets."${name}/db" = {};
#sops.secrets."${name}/env" = {};
services.podman-postgresql."${name}" = {
enable = true;
image = "docker.io/library/postgres:16-alpine";
port = (lib.strings.toInt dbport);
passwordFile = config.sops.secrets."${name}/db".path;
};
virtualisation.oci-containers.containers.${name} = {
image = "lscr.io/linuxserver/nextcloud";
environment = {
TZ = "Europe/Berlin";
#DOCKER_MODS = "linuxserver/mods:universal-calibre";
PUID = "2000";
PGID = "2000";
};
#environmentFiles = [ config.sops.secrets."${name}/env".path ];
ports = [
"${port}:443"
];
volumes = [
"/var/lib/nextcloud:/config"
"/mnt/mergerfs/nextcloud:/data"
];
extraOptions = cfg.podman.extraOptions;
autoStart = false;
};
virtualisation.oci-containers.containers.collabora = {
image = "docker.io/collabora/code";
environment = {
TZ = "Europe/Berlin";
#DOCKER_MODS = "linuxserver/mods:universal-calibre";
#PUID = "2000";
#PGID = "2000";
};
#environmentFiles = [ config.sops.secrets."${name}/env".path ];
environment = {
extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
domain = "cloud.mc-fucker.cool";
VIRTUAL_HOST = "collabora.mc-fucker.cool";
};
ports = [
"9980:9980"
];
#volumes = [
# "/var/lib/nextcloud:/config"
# "/mnt/mergerfs/nextcloud:/data"
#];
extraOptions = cfg.podman.extraOptions;
};
services.nginx = {
#upstreams.authentik = {
# servers."localhost:${port}" = {};
#};
#appendHttpConfig = ''
# map $http_upgrade $connection_upgrade_keepalive {
# default upgrade;
# ''' ''';
# }
#'';
virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "https://127.0.0.1:${port}";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_redirect off;
proxy_http_version 1.1;
'';
};
extraConfig = ''
access_log /var/log/nginx/${domain}_access.log;
error_log /var/log/nginx/${domain}_error.log;
client_max_body_size 5000M;
'';
};
virtualHosts."collabora.mc-fucker.cool" = let
dom = "collabora.mc-fucker.cool";
url = "http://127.0.0.1:9980";
in
{
forceSSL = true;
enableACME = true;
locations."^~ /browser" = {
proxyPass = url;
extraConfig = ''
proxy_set_header Host $host;
'';
};
locations."^~ /hosting/discovery" = {
proxyPass = url;
extraConfig = ''
proxy_set_header Host $host;
'';
};
locations."^~ /hosting/capabilities" = {
proxyPass = url;
extraConfig = ''
proxy_set_header Host $host;
'';
};
locations."~ ^/cool/(.*)/ws$" = {
proxyPass = url;
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 36000s;
'';
};
locations."~ ^/(c|l)ool" = {
proxyPass = url;
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 36000s;
'';
};
locations."^~ /cool/adminws" = {
proxyPass = url;
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 36000s;
'';
};
extraConfig = ''
access_log /var/log/nginx/${dom}_access.log;
error_log /var/log/nginx/${dom}_error.log;
client_max_body_size 5000M;
'';
};
};
}
# vim: set et ts=2 sw=2 ai:
Reference in a new issue View git blame Copy permalink