Cian-H/My_NixOS_Config
1
0
Fork 0
mirror of https://github.com/Cian-H/My_NixOS_Config.git synced 2025-12-22 23:11:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

First nextcloud setup attempt

Browse Source
This commit is contained in:
Cian Hughes
2025-02-10 00:05:53 +00:00
parent 45d57b3314
commit c89dde0769
2 changed files with 247 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

225
home-manager/homeserver/containers/nextcloud.nix Normal file
View File

@@ -0,0 +1,225 @@
{
inputs,
outputs,
lib,
config,
pkgs,
unstablePkgs,
...
}: {
services.podman = {
networks = {
nextcloud-net = {};
};
containers = {
nextcloud-aio-nextcloud = {
image = "docker.io/nextcloud/aio-nextcloud:latest";
autoUpdate = "registry";
network = "nextcloud-net";
extraPodmanArgs = [
"/usr/bin/supervisord"
"-c"
"/supervisord.conf"
];
env = {
ADDITIONAL_APKS = "imagemagick";
ADDITIONAL_PHP_EXTENSIONS = "imagick";
ADMIN_PASSWORD = config.sops.secrets.nextcloud_admin_password;
ADMIN_USER = "admin";
AIO_TOKEN = config.sops.secrets.nextcloud_aio_token;
AIO_URL = "192.168.0.254:8081";
APACHE_HOST = "nextcloud-aio-apache";
APACHE_PORT = "11000";
CLAMAV_ENABLED = "yes";
CLAMAV_HOST = "nextcloud-aio-clamav";
CLAMAV_MAX_SIZE = "17179869184";
COLLABORA_ENABLED = "yes";
COLLABORA_HOST = "nextcloud-aio-collabora";
FULLTEXTSEARCH_ENABLED = "yes";
FULLTEXTSEARCH_HOST = "nextcloud-aio-fulltextsearch";
FULLTEXTSEARCH_PASSWORD = config.sops.secrets.nextcloud_fulltextsearch_password;
IMAGINARY_ENABLED = "yes";
IMAGINARY_HOST = "nextcloud-aio-imaginary";
IMAGINARY_SECRET = config.sops.secrets.nextcloud_imaginary_secret;
NC_DOMAIN = "nextcloud.bulba.space";
NEXTCLOUD_DATA_DIR = "/mnt/ncdata";
NEXTCLOUD_EXEC_COMMANDS = "php /var/www/html/occ richdocuments:activate-config";
NEXTCLOUD_HOST = "nextcloud-aio-nextcloud";
ONLYOFFICE_HOST = "nextcloud-aio-onlyoffice";
ONLYOFFICE_SECRET = config.sops.secrets.nextcloud_onlyoffice_secret;
OVERWRITEHOST = "nextcloud.bulba.space";
OVERWRITEPROTOCOL = "https";
POSTGRES_DB = "nextcloud_database";
POSTGRES_HOST = "nextcloud-aio-database";
POSTGRES_PASSWORD = config.sops.secrets.nextcloud_postgres_password;
POSTGRES_PORT = "5432";
POSTGRES_USER = "nextcloud";
RECORDING_SECRET = config.sops.secrets.nextcloud_recording_secret;
REDIS_HOST = "nextcloud-aio-redis";
REDIS_HOST_PASSWORD = config.sops.secrets.nextcloud_redis_host_password;
REMOVE_DISABLED_APPS = "yes";
SIGNALING_SECRET = config.sops.secrets.nextcloud_signaling_secret;
STARTUP_APPS = "deck twofactor_totp tasks calendar contacts notes";
TALK_PORT = "3478";
TALK_RECORDING_HOST = "nextcloud-aio-talk-recording";
THIS_IS_AIO = "true";
TURN_SECRET = config.sops.secrets.nextcloud_turn_secret;
TZ = "Europe/Dublin";
WHITEBOARD_SECRET = config.sops.secrets.nextcloud_whiteboard_secret;
};
volumes = [
"/home/cianh/Nextcloud/config/nextcloud_aio_nextcloud:/var/www/html"
"/home/cianh/Nextcloud/data:/mnt/ncdata"
];
};
nextcloud-aio-collabora = {
image = "docker.io/nextcloud/aio-collabora:latest";
autoUpdate = "registry";
network = "nextcloud-net";
environment = {
DONT_GEN_SSL_CERT = "1";
aliasgroup1 = "https://nextcloud.bulba.space:443";
dictionaries = "de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru";
TZ = "Europe/Dublin";
server_name = "nextcloud.bulba.space";
};
extraPodmanArgs = [
"--o:ssl.enable=false"
"--o:ssl.termination=true"
"--o:mount_jail_tree=false"
"--o:logging.level=warning"
"--o:home_mode.enable=true"
"--o:security.seccomp=true"
"--o:remote_font_config.url=https://nextcloud.bulba.space/apps/richdocuments/settings/fonts.json"
"--o:net.post_allow.host[0]=.+"
];
};
nextcloud-aio-database = {
image = "docker.io/nextcloud/aio-postgresql:latest";
autoUpdate = "registry";
network = "nextcloud-net";
env = {
TZ = "Europe/Dublin";
PGTZ = "Europe/Dublin";
POSTGRES_PASSWORD = config.sops.secrets.nextcloud_postgres_password;
POSTGRES_DB = "nextcloud_database";
POSTGRES_USER = "nextcloud";
};
volumes = [
"/home/cianh/Nextcloud/config/nextcloud_aio_database_dump:/mnt/data"
"/home/cianh/Nextcloud/config/nextcloud_aio_database:/var/lib/postgresql/data"
];
};
nextcloud-aio-redis = {
image = "docker.io/nextcloud/aio-redis:latest";
autoUpdate = "registry";
network = "nextcloud-net";
env = {
TZ = "Europe/Dublin";
REDIS_HOST_PASSWORD = config.sops.secrets.nextcloud_redis_host_password;
};
volumes = [
"/home/cianh/Nextcloud/config/nextcloud_aio_redis:/data"
];
};
nextcloud-aio-clamav = {
image = "docker.io/nextcloud/aio-clamav:latest";
autoUpdate = "registry";
network = "nextcloud-net";
env = {
TZ = "Europe/Dublin";
MAX_SIZE = "16G";
CLAMD_STARTUP_TIMEOUT = "90";
};
volumes = [
"/home/cianh/Nextcloud/config/nextcloud_aio_clamav:/var/lib/clamav"
];
};
nextcloud-aio-fulltextsearch = {
image = "docker.io/nextcloud/aio-fulltextsearch:latest";
autoUpdate = "registry";
network = "nextcloud-net";
extraPodmanArgs = [
"eswrapper"
];
env = {
xpack.license.self_generated.type = "basic";
discovery.type = "single-node";
bootstrap.memory_lock = "true";
xpack.security.enabled = "false";
logger.org.elasticsearch.discovery = "WARN";
http.port = "9200";
TZ = "Europe/Dublin";
FULLTEXTSEARCH_PASSWORD = config.sops.secrets.nextcloud_fulltextsearch_password;
cluster.name = "nextcloud-aio";
ES_JAVA_OPTS = "-Xms512M -Xmx512M";
};
volumes = [
"/home/cianh/Nextcloud/config/nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data"
];
};
nextcloud-aio-imaginary = {
image = "docker.io/nextcloud/aio-imaginary:latest";
autoUpdate = "registry";
network = "nextcloud-net";
env = {
TZ = "Europe/Dublin";
IMAGINARY_SECRET = config.sops.secrets.nextcloud_imaginary_secret;
};
};
nextcloud-aio-notify-push = {
image = "docker.io/nextcloud/aio-notify-push:latest";
autoUpdate = "registry";
network = "nextcloud-net";
env = {
NC_DOMAIN = "nextcloud.bulba.space";
POSTGRES_DB = "nextcloud_database";
POSTGRES_PORT = "5432";
NEXTCLOUD_HOST = "nextcloud-aio-nextcloud";
REDIS_HOST_PASSWORD = config.sops.secrets.nextcloud_redis_host_password;
POSTGRES_USER = "nextcloud";
REDIS_HOST = "nextcloud-aio-redis";
POSTGRES_HOST = "nextcloud-aio-database";
POSTGRES_PASSWORD = config.sops.secrets.nextcloud_postgres_password;
};
volumes = [
"/home/cianh/Nextcloud/config/nextcloud_aio_nextcloud:/nextcloud:Z"
];
};
nextcloud-aio-apache = {
image = "docker.io/nextcloud/aio-apache:latest";
autoUpdate = "registry";
network = [
"nextcloud-net"
"proxy-net"
];
extraPodmanArgs = [
"/usr/bin/supervisord"
"-c"
"/supervisord.conf"
];
env = {
APACHE_PORT = "11000";
ONLYOFFICE_HOST = "nextcloud-aio-onlyoffice";
APACHE_MAX_TIME = "3600";
APACHE_HOST = "nextcloud-aio-apache";
NOTIFY_PUSH_HOST = "nextcloud-aio-notify-push";
NEXTCLOUD_HOST = "nextcloud-aio-nextcloud";
TZ = "Europe/Dublin";
APACHE_MAX_SIZE = "17179869184";
TALK_HOST = "nextcloud-aio-talk";
WHITEBOARD_HOST = "nextcloud-aio-whiteboard";
COLLABORA_HOST = "nextcloud-aio-collabora";
NC_DOMAIN = "nextcloud.bulba.space";
};
ports = [
"11000:11000"
];
volumes = [
"/home/cianh/Nextcloud/config/nextcloud_aio_apache:/mnt/data"
"/var/www/html:/var/www/html:Z"
];
};
};
};
}

33
home-manager/secrets.yaml
View File

@@ -1,7 +1,18 @@
vikunja_jwtsecret: ENC[AES256_GCM,data:ncqBJnKHH7XvLS8709KsquxKHvMN07GGFLA5X23uKIOE2nipPMG6wCxvXhvjE1wi+gk7UvTe4BXtwhvc0c86Ww==,iv:P6LI9hVQVJW0wMBWBhZSCNXmVTArX5IA9pTs0YzC7mk=,tag:RUlS/qYLa/fJQDdCJQpZ1w==,type:str]
vikunja_dbpassword: ENC[AES256_GCM,data:UBGT3U1ykinOio0u0mQQNei9wPeyrRCZT2YJloTMrWY=,iv:6r3r9INjD4epQPrQoI/1Y67Vi08+DhFci29i+R7UbbY=,tag:kLh9MxhEC9s2MoSJEM0MLg==,type:str]
vikunja-db_rootpassword: ENC[AES256_GCM,data:McnoyCnx8Xo1wYw7OzgRK2osPwJH252OMzKMB830tbbixlZ/dK3Ar32SOzY=,iv:kvAkKooXA3YbJ+5s/oIvK3xeX2sx9ugYnB6j8X7Aiec=,tag:fZElm58Gu5KnsV5+sDxGSw==,type:str]
ghost_dbpassword: ENC[AES256_GCM,data:QUwDnvLEF1a79xXnXUkBMbvGa9m729uZ0Figve+nFAjQB5NqNVzKVMW6WyXeCysPrIrN6IqndgvrIIfEuGtnOg==,iv:McEaobK1mu/OxGf7CmD1mkCnWKkjkLhZQRU8eHBpNIU=,tag:xxMeHguQpUBcnZ5pLXDNJw==,type:str]
vikunja_jwtsecret: ENC[AES256_GCM,data:V+S3+TBloDVsnBu6HghMMioH6/fWMNGaInMu9BOI2d56xqVZvDmq2nq76j5U0b4+D21N74z+NdtM6T0HHh55Zw==,iv:irocW3a0njz9vm48N+KvfJWAB1nZFz5yfe5/Kpj9zRY=,tag:VEXVYWodP8kKDMlMrfplMw==,type:str]
vikunja_dbpassword: ENC[AES256_GCM,data:c1nXnCq0zkPukvauQLROA+wk1KlDrXlud/vGpF0HhPM=,iv:uBUpuMG6IJl9mS4vLdFuncYTtxxMv7fnG8JGOentPu8=,tag:etbne1MGh2QPP4drLvvzdw==,type:str]
vikunja-db_rootpassword: ENC[AES256_GCM,data:vzOmBuhbvyB21rugDcTTVDiVIDGjxH7g3PdapDEjBfKIpgJ4AX5X0B/r0yc=,iv:klZk7C3oQnhrY9qoeoc+GCrmZ0d644hGcWiysyNC7Ds=,tag:n1YH2UN1wDHwk5d4Z/m+Fw==,type:str]
ghost_dbpassword: ENC[AES256_GCM,data:QfCwX/GUU3OnKnqQIeL4axLuywOANtSkaDRUW7eZvygCJqEzJDSrr4bQ5G6RSJqQmk88pxlJimB/F/8YbqHHwQ==,iv:oKs553znybvJbj8OuVXtqgYCxnaNmUWPRlE0CLvsFHM=,tag:5EEX0p/oieYHW3vufG41+w==,type:str]
nextcloud_admin_password: ENC[AES256_GCM,data:uK82fO4AeB6eLuvnKRlP83MRdA1Qs3Z/3TH7LrV08CLCnDsr5ihOScOdbSd6a1i9,iv:dxho9Q6is3+5WXbZJ2ZHRl8OfUSNb8HFBIS+unjP98U=,tag:yTsRhMPtwZzzOVjBd97rgQ==,type:str]
nextcloud_aio_token: ENC[AES256_GCM,data:uMxWxEPs6tJwUf5BKLypjorMSiyxXyKJE7A27KZB9TK/nAhggbYlDe4Sykd6VvVj,iv:vJD+C6sv0K55IdSIGU3/svInE9aOlpBbywpcx8iI9g0=,tag:F2k5Uie0ZqUzdEf7ghKwSg==,type:str]
nextcloud_fulltextsearch_password: ENC[AES256_GCM,data:HE4NHkZ/3Xl0IfedsmvtIz0ULQSfMzDZmtrsmLdgzck03/CUTNRqay3Y1+gEPt2Q,iv:3JZ5a5DCg+hmdgQVfryyMvriQFkESyFtQHVD16fHmIg=,tag:OwB1VZRvp9Px7QMHpsdLnA==,type:str]
nextcloud_imaginary_secret: ENC[AES256_GCM,data:zmpkm7tHNCtck6Q1zuZtBrQ8/OVvJWYqPyFa/LmOcwDnaNqgYWbLPn/mhenSHJmn,iv:WmQmi/UEpKOzVC2kC8iLxgfaKsUAKUdTL3qCYUmOLvI=,tag:Olc9LQq1Kx8YSIE+v11pGg==,type:str]
nextcloud_onlyoffice_secret: ENC[AES256_GCM,data:fCkCXk7KN3XRhB9/PNGrb86Pzqew0Ad0cr6GCULwDYG9CiQATv3l8g8xpD6GbvUD,iv:azDeRT4knCIfWbZhTgMMbYYCIT6CGb5rhi7kdvehUoo=,tag:upwYdXgem9bQko1sK8lIhA==,type:str]
nextcloud_postgres_password: ENC[AES256_GCM,data:wf9UwXo0pS9hN6gjjHIdZRNZQnZ5Dt7M5eVFNRySLU6U5Nc8g5eKojcgtKepISfh,iv:CrcT3UxpJUX3CUWeLDHK/gFcn3KR6TEk4Jaug4aeFOs=,tag:fO2jysj+EEtFY7HZQsobtQ==,type:str]
nextcloud_recording_secret: ENC[AES256_GCM,data:r6TJDmXxmaa2tp3HmzWGKWQvyrOffDKvbVaGswDLL0MPKfdKmpyrUCEh0LfVqGNy,iv:Drjodww0DiaOj4sOzSSaoN0yqzfAEYlfVWDZMM8/XtY=,tag:iKoQvi9uC4r0WB7SWNSspw==,type:str]
nextcloud_redis_host_password: ENC[AES256_GCM,data:1l3dGkzuhJTgcgOjVxi5Bm2L+t9SzvPLh+Jy9FV+/0raaXGwymF6LnK7Zfi0FnOa,iv:4bnII5Btw+/hsEoUciVKhjqXtL4L0/8ZY9rexpfB9J0=,tag:G1LTz1zRba/RsbqGwoH/cA==,type:str]
nextcloud_signaling_secret: ENC[AES256_GCM,data:+Cb+saRM2Bl9kf/m8/XD3Lkya3/Yymep9E5S4Dguj/NSbNB5Qm8bExJO6o9k3cta,iv:yTDQqW6Rk7lWggmF39KGdDgQyy6CQNcNlnyGYqefMZw=,tag:ZOwg+m32PwWtzsE9WnZruA==,type:str]
nextcloud_turn_secret: ENC[AES256_GCM,data:pm1LLhKxrnxrLBGmPIeNfQ8znlVFmCr2sbivh0f4P5XEzKLQ8CJ7gcSClgesZn9V,iv:msZoWkb+RrwdLEgzlABk80NqCk2Tw3NKbwEE/7EzpN8=,tag:nSLH9ZmbbWPIzrK5GW3Emg==,type:str]
nextcloud_whiteboard_secret: ENC[AES256_GCM,data:gGMvuugXwRyXeQDFH4Ox2zCT+SZFgV7VnrtkkHSB350haHVigl1e+jDbKE54E2AZ,iv:jYZJQlw6nfb+OcA4DD0wjhKZjdKTN/4+UjM3BvT9h5Y=,tag:6+XNf3GAPQpcEPxvdaYuIg==,type:str]
sops:
kms: []
gcp_kms: []
@@ -11,14 +22,14 @@ sops:
- recipient: age15x4h66uk6ct3436e6r4l0tkpf86e7jzl3lqd2acndq2jjvq5za3stqg2fy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzL2tTYzRNd3VQYzJTbDAr
VlVXcEwxUXNSVzc4SEV4ZE1NZ0tVK2FoeGlJCkMwSXJVOEw5akpLYys5VndaVU1D
QW5nZ21NbFpIaitnRWhnWGJ3VnNkMlkKLS0tIHhvN1hjbm1ET3J4azNucG5CYmpn
Wm1SVHRnUGpEZnFNQ056aWtuVDNmNlkKzdi8fXl+2nUy3lGXakBky6Ll113hcAYC
y8luIXczuL7R91BfwgwAYGidgFJBzMFuE7By4J8f3RAVW8IrJoW5Xw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwV0thb3pLVStPczVCUS9K
UkJudndGUEZEeWQ5TWVSRDdqWlRkQVFrVDFnCmpvRDlPaGRtM2I4Vjc2UUh5aVdw
NmdXcmdFSWoxaG1ueGlxdFYzMWJyQXMKLS0tIHpiTTFhZW1jYXBZMGg3ekhYVENU
bWFMdmtEbzlVU1NTcGFXWE95ZzR6N0UKEtkLR+3l2lmUUUu3kVYPbMKoxnQdDH08
nS2j5YdYVtbiYzCzw9hbOT/jY7+Uu2ZDjGsJyGkTJAI09Ai+HBw2Dg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-06T22:39:19Z"
mac: ENC[AES256_GCM,data:WDdHVKX5/DB6pT4vHMSDh7vM2ryUOBk8ZgthMmPpJ8kDivAKBo34l7s6bsOwzofvl35CiCy2psGYirfa4QjzqcnWPIBwUY57ird0FeFzRlzyeQShaUk50VpsXw8+lbFwUtq8Q5cHGVM/qRTuIurNbclIrpZJ3yJOsCWi0SF7bYk=,iv:6lrOFildBBRtAdC7/vNEGUE9oUub8dC8z3wi5Zi4Ynk=,tag:Jf8PfMP320FNdOS37UQ4ZA==,type:str]
lastmodified: "2025-02-10T00:02:59Z"
mac: ENC[AES256_GCM,data:D9/BZm9bhMlHup9IarAJJNTir1+qu1P6f6KgKVxW5qdxA22JcAH9on9v6qbI6GBtGbF9j5fMtuoJAjkpXQpXGLxE3dR86ofJXwYFyRWJd84T38oSVGptM45cDvGy061po2yqCcsDhrpbEhoO48ZyZGDhGXba9OlF1X5eJqvFDMg=,iv:LbX/MrCMQH9BobY60HEf3mmsAYhoLCj7DOZr4hY7suc=,tag:H4Dr18tH9E/NONrtuTXLgQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4