add nextcloud to arachnide server, using a nixos container
This commit is contained in:
parent
87d4600af3
commit
e85686be0c
3 changed files with 152 additions and 15 deletions
|
@ -4,6 +4,7 @@
|
|||
imports =
|
||||
[
|
||||
./hardware-configuration.nix
|
||||
./network-configuration.nix
|
||||
/var/src/modules/nixin-base.nix
|
||||
/var/src/modules/users.nix
|
||||
/var/src/modules/wireguard-client.nix
|
||||
|
@ -12,27 +13,13 @@
|
|||
/var/src/modules/nixin-web.nix
|
||||
/var/src/modules/forgejo.nix
|
||||
/var/src/modules/forgejo-runner.nix
|
||||
/var/src/modules/nextcloud.nix
|
||||
];
|
||||
|
||||
# Bootloader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
networking = {
|
||||
hostName = "arachnide"; # Define your hostname.
|
||||
# primary network interface, connected to WAN through a router
|
||||
interfaces.enp1s0.ipv4.addresses = [ {
|
||||
address = "192.168.36.9";
|
||||
prefixLength = 24;
|
||||
} ];
|
||||
defaultGateway = "192.168.36.1";
|
||||
# secondary network interface connected to a private local network
|
||||
interfaces.enp3s0.ipv4.addresses = [ {
|
||||
address = "10.0.0.1";
|
||||
prefixLength = 24;
|
||||
} ];
|
||||
};
|
||||
|
||||
nixin.wg.client = {
|
||||
ipv4 = "192.168.12.2/32";
|
||||
ipv6 = "2a01:4f9:1a:9a05::2/128";
|
||||
|
@ -72,6 +59,17 @@
|
|||
url = "https://forge.lab12.fr";
|
||||
};
|
||||
|
||||
nixin.nextcloud = {
|
||||
domain = "nuage.lab12.fr";
|
||||
admin-user = "operator";
|
||||
admin-pwd = let
|
||||
pwd = builtins.readFile <secrets/nextcloud-admin>;
|
||||
in lib.strings.trim pwd;
|
||||
host-address = "10.10.10.1";
|
||||
container-address = "10.10.10.2";
|
||||
address-prefix = "/24";
|
||||
};
|
||||
|
||||
|
||||
# Enable ip forwarding to route packets for the local network connected to enp3s0
|
||||
boot.kernel.sysctl = {
|
||||
|
|
58
config/arachnide/network-configuration.nix
Normal file
58
config/arachnide/network-configuration.nix
Normal file
|
@ -0,0 +1,58 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
#virtualisation.writableStore = true;
|
||||
#virtualisation.additionalPaths = [ pkgs.stdenv ];
|
||||
|
||||
networking = {
|
||||
hostName = "arachnide";
|
||||
useDHCP = false;
|
||||
defaultGateway = "192.168.36.1";
|
||||
|
||||
# bridge for containers
|
||||
bridges = {
|
||||
"br0" = {
|
||||
#interfaces = [ "enp4s0" ];
|
||||
interfaces = [ ];
|
||||
};
|
||||
};
|
||||
|
||||
interfaces = {
|
||||
# primary network interface, connected to WAN through a router
|
||||
enp1s0 = {
|
||||
useDHCP = false;
|
||||
ipv4.addresses = [ {
|
||||
address = "192.168.36.9";
|
||||
prefixLength = 24;
|
||||
} ];
|
||||
};
|
||||
# secondary network interface connected to a private local network
|
||||
enp3s0 = {
|
||||
useDHCP = false;
|
||||
ipv4.addresses = [ {
|
||||
address = "10.0.0.1";
|
||||
prefixLength = 24;
|
||||
} ];
|
||||
};
|
||||
# interface for containers virtual network
|
||||
br0 = {
|
||||
useDHCP = false;
|
||||
ipv4.addresses = [ {
|
||||
address = "10.10.10.1";
|
||||
prefixLength = 24;
|
||||
} ];
|
||||
#ipv6.addresses = [
|
||||
# {
|
||||
# address = hostIp6;
|
||||
# prefixLength = 7;
|
||||
# }
|
||||
#];
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
}
|
81
modules/nextcloud.nix
Normal file
81
modules/nextcloud.nix
Normal file
|
@ -0,0 +1,81 @@
|
|||
# Forgejo
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
inherit (lib) mkOption mkDefault;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
nixin.nextcloud = {
|
||||
domain = mkOption { type = lib.types.str; };
|
||||
admin-user = mkOption { type = lib.types.str; };
|
||||
admin-pwd = mkOption { type = lib.types.str; };
|
||||
container-address = mkOption { type = lib.types.str; };
|
||||
host-address = mkOption { type = lib.types.str; };
|
||||
address-prefix = mkOption { type = lib.types.str; };
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
networking.hosts = {
|
||||
"127.0.0.1" = [ "${config.nixin.nextcloud.domain}" ];
|
||||
};
|
||||
|
||||
containers.nextcloud = {
|
||||
privateNetwork = true;
|
||||
hostBridge = "br0"; # Specify the bridge name
|
||||
localAddress = "${config.nixin.nextcloud.container-address}${config.nixin.nextcloud.address-prefix}";
|
||||
#localAddress6 = containerIp6;
|
||||
autoStart = true;
|
||||
hostAddress = "${config.nixin.nextcloud.host-address}";
|
||||
#hostAddress6 = "fc00::1";
|
||||
config = let
|
||||
nextcloud-domain = "${config.nixin.nextcloud.domain}";
|
||||
nextcloud-admin-pwd = "${config.nixin.nextcloud.admin-pwd}";
|
||||
nextcloud-admin-user = "${config.nixin.nextcloud.admin-user}";
|
||||
in { config, pkgs, lib, ... }: {
|
||||
environment.etc."nextcloud-admin-pwd".text = "${nextcloud-admin-pwd}";
|
||||
services.nextcloud = {
|
||||
enable = true;
|
||||
package = pkgs.nextcloud30;
|
||||
hostName = "localhost";
|
||||
maxUploadSize = "1G";
|
||||
settings = {
|
||||
trusted_domains = [ "${nextcloud-domain}" ];
|
||||
};
|
||||
database.createLocally = true;
|
||||
config = {
|
||||
dbtype = "pgsql";
|
||||
adminuser = "${nextcloud-admin-user}";
|
||||
adminpassFile = "/etc/nextcloud-admin-pwd";
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "24.11";
|
||||
|
||||
networking = {
|
||||
firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [ 80 ];
|
||||
};
|
||||
# Use systemd-resolved inside the container
|
||||
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
|
||||
useHostResolvConf = lib.mkForce false;
|
||||
};
|
||||
|
||||
services.resolved.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
services.traefik.dynamicConfigOptions.http.services."service-nextcloud" = {
|
||||
loadBalancer.servers = [
|
||||
{ url = "http://${config.nixin.nextcloud.container-address}:80"; }
|
||||
];
|
||||
};
|
||||
services.traefik.dynamicConfigOptions.http.routers."router-nextcloud" = {
|
||||
rule = "Host(`${config.nixin.nextcloud.domain}`)";
|
||||
service = "service-nextcloud";
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue