Working Nextcloud container

2024-11-22 20:59:32 -08:00 · 2023-04-04 22:56:30 -07:00 · 2023-04-04 22:56:30 -07:00 · e95a87300a
commit e95a87300a
parent 0443f8a110
2 changed files with 98 additions and 3 deletions
--- a/hosts/Alaska/containers/nextcloud.nix
+++ b/hosts/Alaska/containers/nextcloud.nix
@ -0,0 +1,52 @@
+
+{ config, lib, pkgs, ... }:
+
+
+{
+  containers.nextcloud = {
+    autoStart = true;
+    privateNetwork = true;
+    hostAddress = "192.168.100.10";
+    localAddress = "192.168.100.11";
+    hostAddress6 = "fc00::1";
+    localAddress6 = "fc00::2";
+    bindMounts = {
+      "/nextcloud" = {
+        hostPath = "/Aurora/nextcloud";
+        isReadOnly = false;
+      };
+    };
+
+    config = { config, pkgs, ... }: {
+
+      services.nextcloud = {
+        enable = true;
+        package = pkgs.nextcloud25;
+        hostName = "192.168.100.10";
+
+        config = {
+          extraTrustedDomains = [
+            "10.0.0.206"
+          ];
+        };
+
+        home = "/nextcloud";
+        datadir = "/nextcloud";
+
+        enableBrokenCiphersForSSE = false;
+      };
+
+      system.stateVersion = "22.05";
+
+      networking.firewall = {
+        enable = true;
+        allowedTCPPorts = [ 80 ];
+      };
+
+      # Manually configure nameserver. Using resolved inside the container seems to fail
+      # currently
+      environment.etc."resolv.conf".text = "nameserver 8.8.8.8";
+
+    };
+  };
+}
--- a/hosts/Alaska/default.nix
+++ b/hosts/Alaska/default.nix
@ -3,12 +3,52 @@


 {
-  imports = [ (import ./hardware-configuration.nix) ];
+  imports = [ 
+    (import ./hardware-configuration.nix)
+    (import ./containers/nextcloud.nix)
+  ];
+
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "nicholasyoungsumner@gmail.com";
+  };
+
+  services.nginx = {
+    enable = false;
+    virtualHosts."10.0.0.206" = {
+      addSSL = true;
+      enableACME = true;
+      root = "/var/www/test.com";
+    };
+  };

  environment.systemPackages = [
    pkgs.mdadm
  ];

+  networking = {
+    nat = {
+      enable = true;
+      internalInterfaces = ["ve-+"];
+      externalInterface = "enp2s0"; # Make sure this is actually set to your  internet adapter
+      # You can find a list with `ip a` and look for the first identifier after the number (e.g.: 1: enp2s0)
+      # Lazy IPv6 connectivity for the container
+      enableIPv6 = true;
+      forwardPorts = [
+        {
+          sourcePort = 80;
+          proto = "tcp";
+          destination = "192.168.100.11:80";
+        }
+      ];
+    };
+    firewall = {
+        enable = true;
+        allowedTCPPorts = [80 443];
+      };
+  };
+
  services = {
    sshd.enable = true;
    openssh.settings = {
@ -16,7 +56,6 @@
      X11Forwarding = true;
    };
  };
-
  systemd.services.sshd.wantedBy = [ "multi-user.target" ];

  boot.loader = {
@ -29,7 +68,11 @@

  boot.initrd.services.swraid.mdadmConf = builtins.readFile ./rsrcs/mdadm.conf;

+  programs.msmtp = {
+    enable = true;
+  };
+
  environment.etc."mdadm.conf".text = ''
-    MAILADDR root
+    MAILADDR nicholasyoungsumner@gmail.com
    '';
 }