elias/nixos-knossos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

nextcloud docker working

Browse source
This commit is contained in:
Elias Gasparis 2025-06-01 22:39:20 +08:00
parent bc78646407
commit 07ec8df992
8 changed files with 231 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

5
configuration.nix
View file

@ -16,7 +16,8 @@
./services/glances.nix
./services/fail2ban.nix
./services/transmission.nix
./services/nextcloud.nix
# ./services/nextcloud.nix
# user docker for now
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
@ -36,7 +37,7 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3Ihu9CsCL17FuHl6EqyMDT5BPjh8GlLTWHM+Y1D1I7 elias@bluenix" #bluenix
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILv96m1nCz3D0lzjzeGa+n4m3krEyl7KZ0tstjIZdTkq elias@bluefin" #acer
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8zlxSVOTCnAgb4U5vkC3ietH3Jd9gLE+FA6UOZp64J elias@arkadi.one" #arkadi
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVWt9UsavFfdwQzklW/zSlwGwQXaDvFk+MdzsCp0gnp tootbrute@tutanota.com" #greynix
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILLT5HqaL4l0+D4kesHph1pD74VnFy6eMxhGrBdwDThQ elias@greynix"
];
# to login: ssh -p 2222 root@192.168.15.180 "zfs load-key -a && killall zfs"
};

74
docker/nextcloud/docker-compose.yml Normal file
View file

@ -0,0 +1,74 @@
services:
nextcloud-aio-mastercontainer:
image: ghcr.io/nextcloud-releases/all-in-one:latest
init: true
restart: always
container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
dns:
- "192.168.200.146" #internal DNS ip
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
- /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
network_mode: bridge # add to the same network as docker run would do
ports:
# - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
- 8080:8080
# - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
environment: # Is needed when using any of the options below
# AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
# AIO_COMMUNITY_CONTAINERS: # With this variable, you can add community containers very easily. See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers
APACHE_PORT: 8009 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
APACHE_IP_BINDING: 0.0.0.0 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
# APACHE_ADDITIONAL_NETWORK: frontend_net # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
# BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
# COLLABORA_SECCOMP_DISABLED: false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
# FULLTEXTSEARCH_JAVA_OPTIONS: "-Xms1024M -Xmx1024M" # Allows to adjust the fulltextsearch java options. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-fulltextsearch-java-options
NEXTCLOUD_DATADIR: /home/elias/nextcloud/ # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
# NEXTCLOUD_MOUNT: /mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
# NEXTCLOUD_UPLOAD_LIMIT: 16G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
# NEXTCLOUD_MAX_TIME: 3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
# NEXTCLOUD_MEMORY_LIMIT: 512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
# NEXTCLOUD_TRUSTED_CACERTS_DIR: /path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nextcloud container (Useful e.g. for LDAPS) See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
# NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
# NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
# NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
# NEXTCLOUD_ENABLE_DRI_DEVICE: true # This allows to enable the /dev/dri device for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud
# NEXTCLOUD_ENABLE_NVIDIA_GPU: true # This allows to enable the NVIDIA runtime and GPU access for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if an NVIDIA gpu is installed on the server. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud.
# NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
# SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-skip-the-domain-validation
# TALK_PORT: 3478 # This allows to adjust the port that the talk container is using which is exposed on the host. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
# WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
# security_opt: ["label:disable"] # Is needed when using SELinux
# # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/discussions/575
# # Alternatively, use Tailscale if you don't have a domain yet. See https://github.com/nextcloud/all-in-one/discussions/5439
# # Hint: You need to uncomment APACHE_PORT: 11000 above, adjust cloud.example.com to your domain and uncomment the necessary docker volumes at the bottom of this file in order to make it work
# # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
# caddy:
# image: caddy:alpine
# restart: always
# container_name: caddy
# volumes:
# - caddy_certs:/certs
# - caddy_config:/config
# - caddy_data:/data
# - caddy_sites:/srv
# network_mode: "host"
# configs:
# - source: Caddyfile
# target: /etc/caddy/Caddyfile
# configs:
# Caddyfile:
# content: |
# # Adjust cloud.example.com to your domain below
# https://cloud.example.com:443 {
# reverse_proxy localhost:11000
# }
volumes: # If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
# caddy_certs:
# caddy_config:
# caddy_data:
# caddy_sites:

1
docker/nextcloud/pass.txt Normal file
View file

@ -0,0 +1 @@
enduring expiring venus easter catchable creed material scaling

56
services/ChatGPT-nextcloud.nix Normal file
View file

@ -0,0 +1,56 @@
#
# Nextcloud Service Configuration
#
services.nextcloud = {
enable = true;
# The hostname Nextcloud will use. This should be how you access it in your browser.
# If you don't have a domain, use your server's IP address.
hostName = "nextcloud.local"; # <--- IMPORTANT: Change to your actual domain or IP
# Use the built-in web server (Apache in this case) provided by the Nextcloud module.
# This means you don't need to configure services.httpd or services.nginx separately.
inheritBuiltinWebserver = true;
# Directory where Nextcloud will store user data.
# Ensure this path is on a persistent storage volume.
dataDir = "/var/lib/nextcloud/data"; # <--- IMPORTANT: Ensure this path is suitable for your setup
# Database configuration: PostgreSQL is recommended for production.
database = {
type = "postgresql";
createLocally = true; # NixOS will manage and create the PostgreSQL database
userName = "nextcloud"; # Database username for Nextcloud
# Securely store the database password in a file.
# You MUST create this file before rebuilding your system (see instructions below).
passwordFile = "/run/keys/nextcloud-db-password";
};
# Nextcloud application-specific configuration options.
# These map directly to Nextcloud's config.php settings.
config = {
# The host Nextcloud will use for internal redirects. Should match hostName.
overwritehost = "nextcloud.local"; # <--- IMPORTANT: Adjust if using a different hostname/IP
# List of trusted domains/IPs from which Nextcloud can be accessed.
# Add your server's IP address and any domain names you'll use.
trusted_domains = [
"nextcloud.local" # <--- IMPORTANT: Add your domain or IP here
"192.168.1.100" # <--- IMPORTANT: Replace with your server's actual IP address
];
# Configure local memory caching for performance. APCu is recommended.
memcache.local = "\\OC\\Memcache\\APCu";
};
# PHP FPM options required by Nextcloud for optimal performance.
phpOptions = {
"opcache.enable" = true;
"opcache.interned_strings_buffer" = 8;
"opcache.max_accelerated_files" = 10000;
"opcache.memory_consumption" = 128;
"opcache.save_comments" = 1;
"opcache.revalidate_freq" = 1;
"apc.enable_cli" = 1;
};
};

47
services/lup-nextcloud.nix Normal file
View file

@ -0,0 +1,47 @@
# nextcloud.nix
# from Linux Unplugged
{ config, pkgs, ... }:
{
services.nextcloud = {
enable = true;
hostName = "nextcloud.knossos.arkadi.one";
# Need to manually increment with every major upgrade.
package = pkgs.nextcloud30;
# Let NixOS install and configure the database automatically.
database.createLocally = true;
# Let NixOS install and configure Redis caching automatically.
configureRedis = true;
# Increase the maximum file upload size.
maxUploadSize = "16G";
https = true;
autoUpdateApps.enable = true;
extraAppsEnable = true;
extraApps = with config.services.nextcloud.package.packages.apps; {
# List of apps we want to install and are already packaged in
# https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
inherit calendar contacts notes onlyoffice tasks cookbook;
};
settings = {
#overwriteprotocol = "https";
trusted_proxies = [ "localhost" "127.0.0.1" "100.82.24.89" ];
#trusted_domains = [ "nextcloud.knossos.arkadi.one" ];
};
config = {
dbtype = "pgsql";
adminuser = "admin";
adminpassFile = "/var/lib/secrets/nextcloud-admin-pass";
};
# Suggested by Nextcloud's health check.
phpOptions."opcache.interned_strings_buffer" = "16";
};
/*
# Nightly database backups.
postgresqlBackup = {
enable = true;
startAt = "*-*-* 01:15:00";
};
*/
services.nginx.virtualHosts."nextcloud.knossos.arkadi.one".listen = [ { addr = "127.0.0.1"; port = 8009; } ];
}

4
services/nextcloud-reset.sh
View file

@ -5,5 +5,5 @@ sudo systemctl stop nextcloud-cron
sudo systemctl stop phpfm-nextcloud
sudo systemctl stop redis-nextcloud
sudo rm -rf /var/lib/nextcloud
sudo rm -rf /var/lib/postgresql
#sudo rm -rf /var/lib/postgresql
#sudo rm -rf /var/lib/redis-nextcloud

39
services/nextcloud.nix
View file

@ -1,41 +1,14 @@
{ config, pkgs, ... }:
{
services.nextcloud = {
enable = true;
configureRedis = true;
package = pkgs.nextcloud30;
hostName = "nextcloud.knossos";
datadir = "/home/elias/nextcloud/";
settings = {
overwriteprotocol = "https";
trusted_proxies = [ "localhost" "127.0.0.1" "100.82.24.89" ];
#trusted_domains = [ "knossos.zebra-rudd.ts.net" ];
};
config = {
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
dbname = "nextcloud";
adminpassFile = "/var/lib/secrets/nextcloud-admin-pass";
adminuser = "admin";
};
enable = true;
package = pkgs.nextcloud31;
hostName = "nextcloud.knossos";
config.adminpassFile = "/var/lib/nextcloud-admin-pass";
config.dbtype = "sqlite";
};
services.postgresql = {
enable = true;
ensureDatabases = [ "nextcloud" ];
ensureUsers = [
{ name = "nextcloud";
ensureDBOwnership = true;
}
];
};
# ensure that postgres is running *before* running the setup
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
services.nginx.virtualHosts."nextcloud.knossos".listen = [ { addr = "127.0.0.1"; port = 8009; } ];

42
services/old-nextcloud.nix Normal file
View file

@ -0,0 +1,42 @@
{ config, pkgs, ... }:
{
services.nextcloud = {
enable = true;
configureRedis = true;
package = pkgs.nextcloud31;
hostName = "nextcloud.knossos";
datadir = "/var/lib/nextcloud/";
settings = {
overwriteprotocol = "https";
trusted_proxies = [ "localhost" "127.0.0.1" "100.82.24.89" ];
trusted_domains = [ "nextcloud.knossos.arkadi.one" ];
};
config = {
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
dbname = "nextcloud";
adminpassFile = "/var/lib/secrets/nextcloud-admin-pass";
adminuser = "admin";
};
};
services.postgresql = {
enable = true;
ensureDatabases = [ "nextcloud" ];
ensureUsers = [
{ name = "nextcloud";
ensureDBOwnership = true;
}
];
};
# ensure that postgres is running *before* running the setup
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
services.nginx.virtualHosts."nextcloud.knossos".listen = [ { addr = "127.0.0.1"; port = 8009; } ];
}