forked from pub-solar/os
89 lines
1.8 KiB
Nix
89 lines
1.8 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
inputs,
|
|
pkgs,
|
|
self,
|
|
...
|
|
}: let
|
|
hostAddress = "10.10.42.1";
|
|
serviceAddress = "10.10.42.2";
|
|
|
|
hostname = "cloud.momo.koeln";
|
|
|
|
dbUserName = "nextcloud";
|
|
|
|
hostStateDir = "/mnt/internal/nextcloud";
|
|
containerStateDir = "/var/lib/nextcloud";
|
|
in {
|
|
age.secrets.nextcloud-db-password = {
|
|
file = "${self}/secrets/nextcloud-db-password.age";
|
|
mode = "700";
|
|
owner = "nextcloud";
|
|
};
|
|
|
|
age.secrets.nextcloud-admin-password = {
|
|
file = "${self}/secrets/nextcloud-admin-password";
|
|
mode = "700";
|
|
owner = "nextcloud";
|
|
};
|
|
|
|
services.caddy.virtualHosts.${hostname} = {
|
|
logFormat = lib.mkForce ''
|
|
output discard
|
|
'';
|
|
extraConfig = ''
|
|
reverse_proxy ${serviceAddress}:80
|
|
'';
|
|
};
|
|
|
|
containers."nextcloud" = {
|
|
privateNetwork = true;
|
|
hostAddress = hostAddress;
|
|
localAddress = serviceAddress;
|
|
|
|
bindMounts."${containerStateDir}" = {
|
|
hostPath = hostStateDir;
|
|
isReadOnly = false;
|
|
};
|
|
|
|
config = {
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
networking.firewall.allowedTCPPorts = [80];
|
|
|
|
# nextcloud
|
|
services.nextcloud = {
|
|
enable = true;
|
|
hostName = hostname;
|
|
home = containerStateDir;
|
|
config = {
|
|
dbuser = dbUserName;
|
|
dbtype = "pgsql";
|
|
dbport = 5432;
|
|
dbpassFile = config.age.secrets.nextcloud-db-password.path;
|
|
|
|
adminUser = "admin";
|
|
adminpassFile = config.age.secrets.nextcloud-admin-password.path;
|
|
};
|
|
};
|
|
|
|
services.postgresql = {
|
|
enable = true;
|
|
ensureUsers = [
|
|
{
|
|
name = dbUserName;
|
|
ensurePermissions = {
|
|
"DATABASE nextcloud" = "ALL PRIVILEGES";
|
|
};
|
|
}
|
|
];
|
|
|
|
ensureDatabases = ["nextcloud"];
|
|
};
|
|
};
|
|
};
|
|
}
|