diff --git a/hosts/Alaska/containers/nextcloud.nix b/hosts/Alaska/containers/nextcloud.nix new file mode 100644 index 0000000..2567aee --- /dev/null +++ b/hosts/Alaska/containers/nextcloud.nix @@ -0,0 +1,52 @@ + +{ config, lib, pkgs, ... }: + + +{ + containers.nextcloud = { + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.11"; + hostAddress6 = "fc00::1"; + localAddress6 = "fc00::2"; + bindMounts = { + "/nextcloud" = { + hostPath = "/Aurora/nextcloud"; + isReadOnly = false; + }; + }; + + config = { config, pkgs, ... }: { + + services.nextcloud = { + enable = true; + package = pkgs.nextcloud25; + hostName = "192.168.100.10"; + + config = { + extraTrustedDomains = [ + "10.0.0.206" + ]; + }; + + home = "/nextcloud"; + datadir = "/nextcloud"; + + enableBrokenCiphersForSSE = false; + }; + + system.stateVersion = "22.05"; + + networking.firewall = { + enable = true; + allowedTCPPorts = [ 80 ]; + }; + + # Manually configure nameserver. Using resolved inside the container seems to fail + # currently + environment.etc."resolv.conf".text = "nameserver 8.8.8.8"; + + }; + }; +} diff --git a/hosts/Alaska/default.nix b/hosts/Alaska/default.nix index be66278..9722f06 100644 --- a/hosts/Alaska/default.nix +++ b/hosts/Alaska/default.nix @@ -3,12 +3,52 @@ { - imports = [ (import ./hardware-configuration.nix) ]; + imports = [ + (import ./hardware-configuration.nix) + (import ./containers/nextcloud.nix) + ]; + + + security.acme = { + acceptTerms = true; + defaults.email = "nicholasyoungsumner@gmail.com"; + }; + + services.nginx = { + enable = false; + virtualHosts."10.0.0.206" = { + addSSL = true; + enableACME = true; + root = "/var/www/test.com"; + }; + }; environment.systemPackages = [ pkgs.mdadm ]; + networking = { + nat = { + enable = true; + internalInterfaces = ["ve-+"]; + externalInterface = "enp2s0"; # Make sure this is actually set to your internet adapter + # You can find a list with `ip a` and look for the first identifier after the number (e.g.: 1: enp2s0) + # Lazy IPv6 connectivity for the container + enableIPv6 = true; + forwardPorts = [ + { + sourcePort = 80; + proto = "tcp"; + destination = "192.168.100.11:80"; + } + ]; + }; + firewall = { + enable = true; + allowedTCPPorts = [80 443]; + }; + }; + services = { sshd.enable = true; openssh.settings = { @@ -16,7 +56,6 @@ X11Forwarding = true; }; }; - systemd.services.sshd.wantedBy = [ "multi-user.target" ]; boot.loader = { @@ -29,7 +68,11 @@ boot.initrd.services.swraid.mdadmConf = builtins.readFile ./rsrcs/mdadm.conf; + programs.msmtp = { + enable = true; + }; + environment.etc."mdadm.conf".text = '' - MAILADDR root + MAILADDR nicholasyoungsumner@gmail.com ''; }