add nextcloud to arachnide server, using a nixos container

This commit is contained in:
Douze Bé 2024-12-22 15:58:09 +01:00
parent 87d4600af3
commit e85686be0c
3 changed files with 152 additions and 15 deletions

View file

@ -4,6 +4,7 @@
imports =
[
./hardware-configuration.nix
./network-configuration.nix
/var/src/modules/nixin-base.nix
/var/src/modules/users.nix
/var/src/modules/wireguard-client.nix
@ -12,27 +13,13 @@
/var/src/modules/nixin-web.nix
/var/src/modules/forgejo.nix
/var/src/modules/forgejo-runner.nix
/var/src/modules/nextcloud.nix
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking = {
hostName = "arachnide"; # Define your hostname.
# primary network interface, connected to WAN through a router
interfaces.enp1s0.ipv4.addresses = [ {
address = "192.168.36.9";
prefixLength = 24;
} ];
defaultGateway = "192.168.36.1";
# secondary network interface connected to a private local network
interfaces.enp3s0.ipv4.addresses = [ {
address = "10.0.0.1";
prefixLength = 24;
} ];
};
nixin.wg.client = {
ipv4 = "192.168.12.2/32";
ipv6 = "2a01:4f9:1a:9a05::2/128";
@ -72,6 +59,17 @@
url = "https://forge.lab12.fr";
};
nixin.nextcloud = {
domain = "nuage.lab12.fr";
admin-user = "operator";
admin-pwd = let
pwd = builtins.readFile <secrets/nextcloud-admin>;
in lib.strings.trim pwd;
host-address = "10.10.10.1";
container-address = "10.10.10.2";
address-prefix = "/24";
};
# Enable ip forwarding to route packets for the local network connected to enp3s0
boot.kernel.sysctl = {

View file

@ -0,0 +1,58 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
#virtualisation.writableStore = true;
#virtualisation.additionalPaths = [ pkgs.stdenv ];
networking = {
hostName = "arachnide";
useDHCP = false;
defaultGateway = "192.168.36.1";
# bridge for containers
bridges = {
"br0" = {
#interfaces = [ "enp4s0" ];
interfaces = [ ];
};
};
interfaces = {
# primary network interface, connected to WAN through a router
enp1s0 = {
useDHCP = false;
ipv4.addresses = [ {
address = "192.168.36.9";
prefixLength = 24;
} ];
};
# secondary network interface connected to a private local network
enp3s0 = {
useDHCP = false;
ipv4.addresses = [ {
address = "10.0.0.1";
prefixLength = 24;
} ];
};
# interface for containers virtual network
br0 = {
useDHCP = false;
ipv4.addresses = [ {
address = "10.10.10.1";
prefixLength = 24;
} ];
#ipv6.addresses = [
# {
# address = hostIp6;
# prefixLength = 7;
# }
#];
};
};
};
}

81
modules/nextcloud.nix Normal file
View file

@ -0,0 +1,81 @@
# Forgejo
{ config, pkgs, lib, ... }:
let
inherit (lib) mkOption mkDefault;
in
{
options = {
nixin.nextcloud = {
domain = mkOption { type = lib.types.str; };
admin-user = mkOption { type = lib.types.str; };
admin-pwd = mkOption { type = lib.types.str; };
container-address = mkOption { type = lib.types.str; };
host-address = mkOption { type = lib.types.str; };
address-prefix = mkOption { type = lib.types.str; };
};
};
config = {
networking.hosts = {
"127.0.0.1" = [ "${config.nixin.nextcloud.domain}" ];
};
containers.nextcloud = {
privateNetwork = true;
hostBridge = "br0"; # Specify the bridge name
localAddress = "${config.nixin.nextcloud.container-address}${config.nixin.nextcloud.address-prefix}";
#localAddress6 = containerIp6;
autoStart = true;
hostAddress = "${config.nixin.nextcloud.host-address}";
#hostAddress6 = "fc00::1";
config = let
nextcloud-domain = "${config.nixin.nextcloud.domain}";
nextcloud-admin-pwd = "${config.nixin.nextcloud.admin-pwd}";
nextcloud-admin-user = "${config.nixin.nextcloud.admin-user}";
in { config, pkgs, lib, ... }: {
environment.etc."nextcloud-admin-pwd".text = "${nextcloud-admin-pwd}";
services.nextcloud = {
enable = true;
package = pkgs.nextcloud30;
hostName = "localhost";
maxUploadSize = "1G";
settings = {
trusted_domains = [ "${nextcloud-domain}" ];
};
database.createLocally = true;
config = {
dbtype = "pgsql";
adminuser = "${nextcloud-admin-user}";
adminpassFile = "/etc/nextcloud-admin-pwd";
};
};
system.stateVersion = "24.11";
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ 80 ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
};
};
services.traefik.dynamicConfigOptions.http.services."service-nextcloud" = {
loadBalancer.servers = [
{ url = "http://${config.nixin.nextcloud.container-address}:80"; }
];
};
services.traefik.dynamicConfigOptions.http.routers."router-nextcloud" = {
rule = "Host(`${config.nixin.nextcloud.domain}`)";
service = "service-nextcloud";
};
};
}