nixin-krops/modules/nextcloud.nix

75 lines
2.3 KiB
Nix

# Forgejo
{ config, pkgs, lib, ... }:
let
inherit (lib) mkOption mkDefault;
in
{
options = {
nixin.nextcloud = {
domain = mkOption { type = lib.types.str; };
admin-user = mkOption { type = lib.types.str; };
admin-pwd = mkOption { type = lib.types.str; };
container-address = mkOption { type = lib.types.str; };
host-address = mkOption { type = lib.types.str; };
address-prefix = mkOption { type = lib.types.str; };
};
};
config = {
networking.hosts = {
"127.0.0.1" = [ "${config.nixin.nextcloud.domain}" ];
};
containers.nextcloud = {
privateNetwork = true;
hostBridge = "br0"; # Specify the bridge name
localAddress = "${config.nixin.nextcloud.container-address}${config.nixin.nextcloud.address-prefix}";
#localAddress6 = containerIp6;
autoStart = true;
hostAddress = "${config.nixin.nextcloud.host-address}";
#hostAddress6 = "fc00::1";
config = let
nextcloud-domain = "${config.nixin.nextcloud.domain}";
nextcloud-admin-pwd = "${config.nixin.nextcloud.admin-pwd}";
nextcloud-admin-user = "${config.nixin.nextcloud.admin-user}";
in { config, pkgs, lib, ... }: {
environment.etc."nextcloud-admin-pwd".text = "${nextcloud-admin-pwd}";
services.nextcloud = {
enable = true;
package = pkgs.nextcloud30;
hostName = "localhost";
maxUploadSize = "1G";
settings = {
trusted_domains = [ "${nextcloud-domain}" ];
};
database.createLocally = true;
config = {
dbtype = "pgsql";
adminuser = "${nextcloud-admin-user}";
adminpassFile = "/etc/nextcloud-admin-pwd";
};
};
system.stateVersion = "24.11";
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ 80 ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
};
};
networking.firewall.extraCommands = ''
iptables -w -t nat -A POSTROUTING -s ${config.containers.nextcloud.localAddress} -j MASQUERADE
'';
};
}