add nextcloud to arachnide server, using a nixos container
This commit is contained in:
parent
87d4600af3
commit
e85686be0c
3 changed files with 152 additions and 15 deletions
|
@ -4,6 +4,7 @@
|
||||||
imports =
|
imports =
|
||||||
[
|
[
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
./network-configuration.nix
|
||||||
/var/src/modules/nixin-base.nix
|
/var/src/modules/nixin-base.nix
|
||||||
/var/src/modules/users.nix
|
/var/src/modules/users.nix
|
||||||
/var/src/modules/wireguard-client.nix
|
/var/src/modules/wireguard-client.nix
|
||||||
|
@ -12,27 +13,13 @@
|
||||||
/var/src/modules/nixin-web.nix
|
/var/src/modules/nixin-web.nix
|
||||||
/var/src/modules/forgejo.nix
|
/var/src/modules/forgejo.nix
|
||||||
/var/src/modules/forgejo-runner.nix
|
/var/src/modules/forgejo-runner.nix
|
||||||
|
/var/src/modules/nextcloud.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# Bootloader.
|
# Bootloader.
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
networking = {
|
|
||||||
hostName = "arachnide"; # Define your hostname.
|
|
||||||
# primary network interface, connected to WAN through a router
|
|
||||||
interfaces.enp1s0.ipv4.addresses = [ {
|
|
||||||
address = "192.168.36.9";
|
|
||||||
prefixLength = 24;
|
|
||||||
} ];
|
|
||||||
defaultGateway = "192.168.36.1";
|
|
||||||
# secondary network interface connected to a private local network
|
|
||||||
interfaces.enp3s0.ipv4.addresses = [ {
|
|
||||||
address = "10.0.0.1";
|
|
||||||
prefixLength = 24;
|
|
||||||
} ];
|
|
||||||
};
|
|
||||||
|
|
||||||
nixin.wg.client = {
|
nixin.wg.client = {
|
||||||
ipv4 = "192.168.12.2/32";
|
ipv4 = "192.168.12.2/32";
|
||||||
ipv6 = "2a01:4f9:1a:9a05::2/128";
|
ipv6 = "2a01:4f9:1a:9a05::2/128";
|
||||||
|
@ -72,6 +59,17 @@
|
||||||
url = "https://forge.lab12.fr";
|
url = "https://forge.lab12.fr";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
nixin.nextcloud = {
|
||||||
|
domain = "nuage.lab12.fr";
|
||||||
|
admin-user = "operator";
|
||||||
|
admin-pwd = let
|
||||||
|
pwd = builtins.readFile <secrets/nextcloud-admin>;
|
||||||
|
in lib.strings.trim pwd;
|
||||||
|
host-address = "10.10.10.1";
|
||||||
|
container-address = "10.10.10.2";
|
||||||
|
address-prefix = "/24";
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
# Enable ip forwarding to route packets for the local network connected to enp3s0
|
# Enable ip forwarding to route packets for the local network connected to enp3s0
|
||||||
boot.kernel.sysctl = {
|
boot.kernel.sysctl = {
|
||||||
|
|
58
config/arachnide/network-configuration.nix
Normal file
58
config/arachnide/network-configuration.nix
Normal file
|
@ -0,0 +1,58 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
#virtualisation.writableStore = true;
|
||||||
|
#virtualisation.additionalPaths = [ pkgs.stdenv ];
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
hostName = "arachnide";
|
||||||
|
useDHCP = false;
|
||||||
|
defaultGateway = "192.168.36.1";
|
||||||
|
|
||||||
|
# bridge for containers
|
||||||
|
bridges = {
|
||||||
|
"br0" = {
|
||||||
|
#interfaces = [ "enp4s0" ];
|
||||||
|
interfaces = [ ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
interfaces = {
|
||||||
|
# primary network interface, connected to WAN through a router
|
||||||
|
enp1s0 = {
|
||||||
|
useDHCP = false;
|
||||||
|
ipv4.addresses = [ {
|
||||||
|
address = "192.168.36.9";
|
||||||
|
prefixLength = 24;
|
||||||
|
} ];
|
||||||
|
};
|
||||||
|
# secondary network interface connected to a private local network
|
||||||
|
enp3s0 = {
|
||||||
|
useDHCP = false;
|
||||||
|
ipv4.addresses = [ {
|
||||||
|
address = "10.0.0.1";
|
||||||
|
prefixLength = 24;
|
||||||
|
} ];
|
||||||
|
};
|
||||||
|
# interface for containers virtual network
|
||||||
|
br0 = {
|
||||||
|
useDHCP = false;
|
||||||
|
ipv4.addresses = [ {
|
||||||
|
address = "10.10.10.1";
|
||||||
|
prefixLength = 24;
|
||||||
|
} ];
|
||||||
|
#ipv6.addresses = [
|
||||||
|
# {
|
||||||
|
# address = hostIp6;
|
||||||
|
# prefixLength = 7;
|
||||||
|
# }
|
||||||
|
#];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
81
modules/nextcloud.nix
Normal file
81
modules/nextcloud.nix
Normal file
|
@ -0,0 +1,81 @@
|
||||||
|
# Forgejo
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
inherit (lib) mkOption mkDefault;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
nixin.nextcloud = {
|
||||||
|
domain = mkOption { type = lib.types.str; };
|
||||||
|
admin-user = mkOption { type = lib.types.str; };
|
||||||
|
admin-pwd = mkOption { type = lib.types.str; };
|
||||||
|
container-address = mkOption { type = lib.types.str; };
|
||||||
|
host-address = mkOption { type = lib.types.str; };
|
||||||
|
address-prefix = mkOption { type = lib.types.str; };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = {
|
||||||
|
networking.hosts = {
|
||||||
|
"127.0.0.1" = [ "${config.nixin.nextcloud.domain}" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
containers.nextcloud = {
|
||||||
|
privateNetwork = true;
|
||||||
|
hostBridge = "br0"; # Specify the bridge name
|
||||||
|
localAddress = "${config.nixin.nextcloud.container-address}${config.nixin.nextcloud.address-prefix}";
|
||||||
|
#localAddress6 = containerIp6;
|
||||||
|
autoStart = true;
|
||||||
|
hostAddress = "${config.nixin.nextcloud.host-address}";
|
||||||
|
#hostAddress6 = "fc00::1";
|
||||||
|
config = let
|
||||||
|
nextcloud-domain = "${config.nixin.nextcloud.domain}";
|
||||||
|
nextcloud-admin-pwd = "${config.nixin.nextcloud.admin-pwd}";
|
||||||
|
nextcloud-admin-user = "${config.nixin.nextcloud.admin-user}";
|
||||||
|
in { config, pkgs, lib, ... }: {
|
||||||
|
environment.etc."nextcloud-admin-pwd".text = "${nextcloud-admin-pwd}";
|
||||||
|
services.nextcloud = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.nextcloud30;
|
||||||
|
hostName = "localhost";
|
||||||
|
maxUploadSize = "1G";
|
||||||
|
settings = {
|
||||||
|
trusted_domains = [ "${nextcloud-domain}" ];
|
||||||
|
};
|
||||||
|
database.createLocally = true;
|
||||||
|
config = {
|
||||||
|
dbtype = "pgsql";
|
||||||
|
adminuser = "${nextcloud-admin-user}";
|
||||||
|
adminpassFile = "/etc/nextcloud-admin-pwd";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
system.stateVersion = "24.11";
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
firewall = {
|
||||||
|
enable = true;
|
||||||
|
allowedTCPPorts = [ 80 ];
|
||||||
|
};
|
||||||
|
# Use systemd-resolved inside the container
|
||||||
|
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
|
||||||
|
useHostResolvConf = lib.mkForce false;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.resolved.enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
services.traefik.dynamicConfigOptions.http.services."service-nextcloud" = {
|
||||||
|
loadBalancer.servers = [
|
||||||
|
{ url = "http://${config.nixin.nextcloud.container-address}:80"; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
services.traefik.dynamicConfigOptions.http.routers."router-nextcloud" = {
|
||||||
|
rule = "Host(`${config.nixin.nextcloud.domain}`)";
|
||||||
|
service = "service-nextcloud";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue