From e85686be0c6ba5ab40891b188d023ffdc60e9771 Mon Sep 17 00:00:00 2001 From: Fabrice Bellamy <12b@distrilab.fr> Date: Sun, 22 Dec 2024 15:58:09 +0100 Subject: [PATCH] add nextcloud to arachnide server, using a nixos container --- config/arachnide/configuration.nix | 28 ++++---- config/arachnide/network-configuration.nix | 58 ++++++++++++++++ modules/nextcloud.nix | 81 ++++++++++++++++++++++ 3 files changed, 152 insertions(+), 15 deletions(-) create mode 100644 config/arachnide/network-configuration.nix create mode 100644 modules/nextcloud.nix diff --git a/config/arachnide/configuration.nix b/config/arachnide/configuration.nix index a42228a..f5ccc0b 100644 --- a/config/arachnide/configuration.nix +++ b/config/arachnide/configuration.nix @@ -4,6 +4,7 @@ imports = [ ./hardware-configuration.nix + ./network-configuration.nix /var/src/modules/nixin-base.nix /var/src/modules/users.nix /var/src/modules/wireguard-client.nix @@ -12,27 +13,13 @@ /var/src/modules/nixin-web.nix /var/src/modules/forgejo.nix /var/src/modules/forgejo-runner.nix + /var/src/modules/nextcloud.nix ]; # Bootloader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - networking = { - hostName = "arachnide"; # Define your hostname. - # primary network interface, connected to WAN through a router - interfaces.enp1s0.ipv4.addresses = [ { - address = "192.168.36.9"; - prefixLength = 24; - } ]; - defaultGateway = "192.168.36.1"; - # secondary network interface connected to a private local network - interfaces.enp3s0.ipv4.addresses = [ { - address = "10.0.0.1"; - prefixLength = 24; - } ]; - }; - nixin.wg.client = { ipv4 = "192.168.12.2/32"; ipv6 = "2a01:4f9:1a:9a05::2/128"; @@ -72,6 +59,17 @@ url = "https://forge.lab12.fr"; }; + nixin.nextcloud = { + domain = "nuage.lab12.fr"; + admin-user = "operator"; + admin-pwd = let + pwd = builtins.readFile ; + in lib.strings.trim pwd; + host-address = "10.10.10.1"; + container-address = "10.10.10.2"; + address-prefix = "/24"; + }; + # Enable ip forwarding to route packets for the local network connected to enp3s0 boot.kernel.sysctl = { diff --git a/config/arachnide/network-configuration.nix b/config/arachnide/network-configuration.nix new file mode 100644 index 0000000..d58a9bf --- /dev/null +++ b/config/arachnide/network-configuration.nix @@ -0,0 +1,58 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + #virtualisation.writableStore = true; + #virtualisation.additionalPaths = [ pkgs.stdenv ]; + + networking = { + hostName = "arachnide"; + useDHCP = false; + defaultGateway = "192.168.36.1"; + + # bridge for containers + bridges = { + "br0" = { + #interfaces = [ "enp4s0" ]; + interfaces = [ ]; + }; + }; + + interfaces = { + # primary network interface, connected to WAN through a router + enp1s0 = { + useDHCP = false; + ipv4.addresses = [ { + address = "192.168.36.9"; + prefixLength = 24; + } ]; + }; + # secondary network interface connected to a private local network + enp3s0 = { + useDHCP = false; + ipv4.addresses = [ { + address = "10.0.0.1"; + prefixLength = 24; + } ]; + }; + # interface for containers virtual network + br0 = { + useDHCP = false; + ipv4.addresses = [ { + address = "10.10.10.1"; + prefixLength = 24; + } ]; + #ipv6.addresses = [ + # { + # address = hostIp6; + # prefixLength = 7; + # } + #]; + }; + }; + + }; + +} diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix new file mode 100644 index 0000000..53f3715 --- /dev/null +++ b/modules/nextcloud.nix @@ -0,0 +1,81 @@ +# Forgejo +{ config, pkgs, lib, ... }: + +let + inherit (lib) mkOption mkDefault; +in +{ + options = { + nixin.nextcloud = { + domain = mkOption { type = lib.types.str; }; + admin-user = mkOption { type = lib.types.str; }; + admin-pwd = mkOption { type = lib.types.str; }; + container-address = mkOption { type = lib.types.str; }; + host-address = mkOption { type = lib.types.str; }; + address-prefix = mkOption { type = lib.types.str; }; + }; + }; + + config = { + networking.hosts = { + "127.0.0.1" = [ "${config.nixin.nextcloud.domain}" ]; + }; + + containers.nextcloud = { + privateNetwork = true; + hostBridge = "br0"; # Specify the bridge name + localAddress = "${config.nixin.nextcloud.container-address}${config.nixin.nextcloud.address-prefix}"; + #localAddress6 = containerIp6; + autoStart = true; + hostAddress = "${config.nixin.nextcloud.host-address}"; + #hostAddress6 = "fc00::1"; + config = let + nextcloud-domain = "${config.nixin.nextcloud.domain}"; + nextcloud-admin-pwd = "${config.nixin.nextcloud.admin-pwd}"; + nextcloud-admin-user = "${config.nixin.nextcloud.admin-user}"; + in { config, pkgs, lib, ... }: { + environment.etc."nextcloud-admin-pwd".text = "${nextcloud-admin-pwd}"; + services.nextcloud = { + enable = true; + package = pkgs.nextcloud30; + hostName = "localhost"; + maxUploadSize = "1G"; + settings = { + trusted_domains = [ "${nextcloud-domain}" ]; + }; + database.createLocally = true; + config = { + dbtype = "pgsql"; + adminuser = "${nextcloud-admin-user}"; + adminpassFile = "/etc/nextcloud-admin-pwd"; + }; + }; + + system.stateVersion = "24.11"; + + networking = { + firewall = { + enable = true; + allowedTCPPorts = [ 80 ]; + }; + # Use systemd-resolved inside the container + # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 + useHostResolvConf = lib.mkForce false; + }; + + services.resolved.enable = true; + }; + }; + + + services.traefik.dynamicConfigOptions.http.services."service-nextcloud" = { + loadBalancer.servers = [ + { url = "http://${config.nixin.nextcloud.container-address}:80"; } + ]; + }; + services.traefik.dynamicConfigOptions.http.routers."router-nextcloud" = { + rule = "Host(`${config.nixin.nextcloud.domain}`)"; + service = "service-nextcloud"; + }; + }; +}