From 359bc6769d2f4bea0e951109f3e5b9d6c2b9b387 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sun, 17 Nov 2024 23:22:40 -0600 Subject: [PATCH] move nextcloud to container? --- flake.lock | 18 +++--- .../configuration/homebox/default.nix | 2 + .../services/containers/gitlab/default.nix | 11 +--- .../services/containers/nextcloud/default.nix | 60 +++++++++++-------- 4 files changed, 49 insertions(+), 42 deletions(-) diff --git a/flake.lock b/flake.lock index 36ad1bc..11ae083 100644 --- a/flake.lock +++ b/flake.lock @@ -1193,11 +1193,11 @@ "locked": { "lastModified": 1, "narHash": "sha256-mrfMvef+tOYMK35horTWF43tQpES1zI7hb5RbzN3oIk=", - "path": "/nix/store/7fxagr05n934b41j57qmd5mn8yy6v4qy-source/home-manager", + "path": "/nix/store/2iad54f45q80l7js354b3gjs8a9ywd2g-source/home-manager", "type": "path" }, "original": { - "path": "/nix/store/7fxagr05n934b41j57qmd5mn8yy6v4qy-source/home-manager", + "path": "/nix/store/2iad54f45q80l7js354b3gjs8a9ywd2g-source/home-manager", "type": "path" } }, @@ -1807,11 +1807,11 @@ "locked": { "lastModified": 1, "narHash": "sha256-QahOuoQdXshu38W5uO7hLhG/yFkT7S2l8Dxicq0wdGk=", - "path": "/nix/store/qrb62rpl26ilma2ff56kndycxvdvc2n4-source/programs", + "path": "/nix/store/ipps7wbs0429asc5w15xlbhyy74k1xmy-source/programs", "type": "path" }, "original": { - "path": "/nix/store/qrb62rpl26ilma2ff56kndycxvdvc2n4-source/programs", + "path": "/nix/store/ipps7wbs0429asc5w15xlbhyy74k1xmy-source/programs", "type": "path" } }, @@ -1882,11 +1882,11 @@ "locked": { "lastModified": 1, "narHash": "sha256-0Ztx5DVQ2I7hvCK/qjGa4XTdRgbzM8rhf19m0al8lVM=", - "path": "/nix/store/qrb62rpl26ilma2ff56kndycxvdvc2n4-source/services/sddm", + "path": "/nix/store/ipps7wbs0429asc5w15xlbhyy74k1xmy-source/services/sddm", "type": "path" }, "original": { - "path": "/nix/store/qrb62rpl26ilma2ff56kndycxvdvc2n4-source/services/sddm", + "path": "/nix/store/ipps7wbs0429asc5w15xlbhyy74k1xmy-source/services/sddm", "type": "path" } }, @@ -1976,12 +1976,12 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-T97lZQMAvMMOOFZBq/P9XdYnMKC98BRrFKSr2CFpTLI=", - "path": "/nix/store/7fxagr05n934b41j57qmd5mn8yy6v4qy-source/system-config", + "narHash": "sha256-cN8S1dX9UvYcLvw2DRKSY2NMhjwrPFA181sKCEJIrbQ=", + "path": "/nix/store/2iad54f45q80l7js354b3gjs8a9ywd2g-source/system-config", "type": "path" }, "original": { - "path": "/nix/store/7fxagr05n934b41j57qmd5mn8yy6v4qy-source/system-config", + "path": "/nix/store/2iad54f45q80l7js354b3gjs8a9ywd2g-source/system-config", "type": "path" } }, diff --git a/system-config/configuration/homebox/default.nix b/system-config/configuration/homebox/default.nix index 13cd04c..e69e1fc 100644 --- a/system-config/configuration/homebox/default.nix +++ b/system-config/configuration/homebox/default.nix @@ -166,6 +166,8 @@ "/var/log" "/var/lib/bluetooth" "/var/lib/nixos" + "/var/lib/nixos-containers" + "/var/run/nixos-containers" "/var/lib/systemd/coredump" "/var/lib/docker" "/etc/NetworkManager/system-connections" diff --git a/system-config/services/containers/gitlab/default.nix b/system-config/services/containers/gitlab/default.nix index 0320536..e1aa105 100644 --- a/system-config/services/containers/gitlab/default.nix +++ b/system-config/services/containers/gitlab/default.nix @@ -34,7 +34,7 @@ containers.gitlab = { - autoStart = true; + autoStart = false; privateNetwork = true; hostAddress = "192.168.100.10"; localAddress = "192.168.100.16"; @@ -93,17 +93,12 @@ enable = true; #https = true; #port = 443; - #host = "localhost"; + host = "gitlab.blunkall.us"; databasePasswordFile = "/etc/gitlab/dbpass"; initialRootPasswordFile = "/etc/gitlab/rootpass"; statePath = "/etc/gitlab/data"; - /*extraEnv = { - OIDC_CLIENT_ID = ""; - OIDC_CLIENT_SECRET = ""; - };*/ - secrets = { secretFile = "/etc/gitlab/secret"; otpFile = "/etc/gitlab/otp"; @@ -156,7 +151,7 @@ enable = true; recommendedProxySettings = true; virtualHosts = { - localhost = { + "gitlab.blunkall.us" = { locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; }; }; diff --git a/system-config/services/containers/nextcloud/default.nix b/system-config/services/containers/nextcloud/default.nix index 45541c8..cd46cd3 100644 --- a/system-config/services/containers/nextcloud/default.nix +++ b/system-config/services/containers/nextcloud/default.nix @@ -11,20 +11,7 @@ config = lib.mkIf config.sysconfig.opts.virtualization.nextcloud.enable { - /*mailserver = { - enable = true; - fqdn = "mail.blunkall.com"; - domains = [ "blunkall.us" ]; - - loginAccounts = { - "user1@blunkall.us" = { - hashedPasswordFile = ""; - - }; - }; - };*/ - - services.nginx.virtualHosts."localhost".listen = [ { addr = "0.0.0.0"; port = 8081; } ]; + /*services.nginx.virtualHosts."localhost".listen = [ { addr = "0.0.0.0"; port = 8081; } ]; services.nextcloud = { enable = true; package = pkgs.nextcloud30; @@ -44,19 +31,19 @@ extraAppsEnable = true; settings = { overwriteprotocol = "https"; - trusted_domains = [ "nextcloud.blunkall.us" ]; + trusted_domains = [ "nextcloud.blunkall.us" "dummy.blunkall.us" ]; trusted_proxies = [ "192.168.100.11" ]; default_phone_region = "US"; }; database.createLocally = true; - }; + };*/ - /*containers.nextcloud = { + containers.nextcloud = { - autoStart = true; + autoStart = false; privateNetwork = true; hostAddress = "192.168.100.10"; - localAddress = "192.168.100.16"; + localAddress = "192.168.100.15"; bindMounts = { @@ -64,22 +51,45 @@ hostPath = "/ssd1/Nextcloud"; isReadOnly = false; }; + + "/etc/nextcloud-admin-pass" = { + hostPath = config.sops.secrets."nextcloud/pass".path; + isReadOnly = false; + }; }; config = { config, lib, pkgs, ... }: { networking.firewall.allowedTCPPorts = [ 80 443 ]; - services.nginx.virtualHosts."192.168.100.16".listen = [ { addr = "0.0.0.0"; port = 80; } ]; - environment.etc."nextcloud-admin-pass".text = "//falconAdjacent42"; + services.nginx.virtualHosts."192.168.100.15".listen = [ { addr = "0.0.0.0"; port = 80; } ]; services.nextcloud = { enable = true; - package = pkgs.nextcloud28; - hostName = "192.168.100.16"; - config.adminpassFile = "/etc/nextcloud-admin-pass"; + package = pkgs.nextcloud30; + hostName = "localhost"; + config = { + adminpassFile = "/etc/nextcloud-admin-pass"; + adminuser = "root"; + dbtype = "mysql"; + }; + https = true; + datadir = "/ssd1/Nextcloud/data"; + home = "/ssd1/Nextcloud/nextcloud_home"; + appstoreEnable = true; + extraApps = with config.services.nextcloud.package.packages.apps; { + inherit mail contacts calendar tasks user_oidc; + }; + extraAppsEnable = true; + settings = { + overwriteprotocol = "https"; + trusted_domains = [ "nextcloud.blunkall.us" "dummy.blunkall.us" ]; + trusted_proxies = [ "192.168.100.11" ]; + default_phone_region = "US"; + }; + database.createLocally = true; }; system.stateVersion = "23.05"; }; - };*/ + }; }; }