From 07ec8df992a075420b297ec47429df6fd00438d1 Mon Sep 17 00:00:00 2001 From: tootbrute Date: Sun, 1 Jun 2025 22:39:20 +0800 Subject: [PATCH] nextcloud docker working --- configuration.nix | 5 +- docker/nextcloud/docker-compose.yml | 74 +++++++++++++++++++++++++++++ docker/nextcloud/pass.txt | 1 + services/ChatGPT-nextcloud.nix | 56 ++++++++++++++++++++++ services/lup-nextcloud.nix | 47 ++++++++++++++++++ services/nextcloud-reset.sh | 4 +- services/nextcloud.nix | 39 +++------------ services/old-nextcloud.nix | 42 ++++++++++++++++ 8 files changed, 231 insertions(+), 37 deletions(-) create mode 100644 docker/nextcloud/docker-compose.yml create mode 100644 docker/nextcloud/pass.txt create mode 100644 services/ChatGPT-nextcloud.nix create mode 100644 services/lup-nextcloud.nix create mode 100644 services/old-nextcloud.nix diff --git a/configuration.nix b/configuration.nix index 9d42afc..cdf5801 100644 --- a/configuration.nix +++ b/configuration.nix @@ -16,7 +16,8 @@ ./services/glances.nix ./services/fail2ban.nix ./services/transmission.nix - ./services/nextcloud.nix +# ./services/nextcloud.nix +# user docker for now ]; # Bootloader. boot.loader.systemd-boot.enable = true; @@ -36,7 +37,7 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3Ihu9CsCL17FuHl6EqyMDT5BPjh8GlLTWHM+Y1D1I7 elias@bluenix" #bluenix "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILv96m1nCz3D0lzjzeGa+n4m3krEyl7KZ0tstjIZdTkq elias@bluefin" #acer "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8zlxSVOTCnAgb4U5vkC3ietH3Jd9gLE+FA6UOZp64J elias@arkadi.one" #arkadi - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVWt9UsavFfdwQzklW/zSlwGwQXaDvFk+MdzsCp0gnp tootbrute@tutanota.com" #greynix + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILLT5HqaL4l0+D4kesHph1pD74VnFy6eMxhGrBdwDThQ elias@greynix" ]; # to login: ssh -p 2222 root@192.168.15.180 "zfs load-key -a && killall zfs" }; diff --git a/docker/nextcloud/docker-compose.yml b/docker/nextcloud/docker-compose.yml new file mode 100644 index 0000000..704fd71 --- /dev/null +++ b/docker/nextcloud/docker-compose.yml @@ -0,0 +1,74 @@ +services: + nextcloud-aio-mastercontainer: + image: ghcr.io/nextcloud-releases/all-in-one:latest + init: true + restart: always + container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly + dns: + - "192.168.200.146" #internal DNS ip + volumes: + - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work + - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'! + network_mode: bridge # add to the same network as docker run would do + ports: + # - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md + - 8080:8080 + # - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md + environment: # Is needed when using any of the options below + # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section + # AIO_COMMUNITY_CONTAINERS: # With this variable, you can add community containers very easily. See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers + APACHE_PORT: 8009 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md + APACHE_IP_BINDING: 0.0.0.0 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md + # APACHE_ADDITIONAL_NETWORK: frontend_net # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md + # BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy + # COLLABORA_SECCOMP_DISABLED: false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature + # FULLTEXTSEARCH_JAVA_OPTIONS: "-Xms1024M -Xmx1024M" # Allows to adjust the fulltextsearch java options. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-fulltextsearch-java-options + NEXTCLOUD_DATADIR: /home/elias/nextcloud/ # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir + # NEXTCLOUD_MOUNT: /mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host + # NEXTCLOUD_UPLOAD_LIMIT: 16G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud + # NEXTCLOUD_MAX_TIME: 3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud + # NEXTCLOUD_MEMORY_LIMIT: 512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud + # NEXTCLOUD_TRUSTED_CACERTS_DIR: /path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nextcloud container (Useful e.g. for LDAPS) See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca + # NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup + # NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container + # NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container + # NEXTCLOUD_ENABLE_DRI_DEVICE: true # This allows to enable the /dev/dri device for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud + # NEXTCLOUD_ENABLE_NVIDIA_GPU: true # This allows to enable the NVIDIA runtime and GPU access for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if an NVIDIA gpu is installed on the server. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud. + # NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps + # SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-skip-the-domain-validation + # TALK_PORT: 3478 # This allows to adjust the port that the talk container is using which is exposed on the host. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port + # WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock' + # security_opt: ["label:disable"] # Is needed when using SELinux + +# # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/discussions/575 +# # Alternatively, use Tailscale if you don't have a domain yet. See https://github.com/nextcloud/all-in-one/discussions/5439 +# # Hint: You need to uncomment APACHE_PORT: 11000 above, adjust cloud.example.com to your domain and uncomment the necessary docker volumes at the bottom of this file in order to make it work +# # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588 +# caddy: +# image: caddy:alpine +# restart: always +# container_name: caddy +# volumes: +# - caddy_certs:/certs +# - caddy_config:/config +# - caddy_data:/data +# - caddy_sites:/srv +# network_mode: "host" +# configs: +# - source: Caddyfile +# target: /etc/caddy/Caddyfile +# configs: +# Caddyfile: +# content: | +# # Adjust cloud.example.com to your domain below +# https://cloud.example.com:443 { +# reverse_proxy localhost:11000 +# } + +volumes: # If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive + nextcloud_aio_mastercontainer: + name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work + # caddy_certs: + # caddy_config: + # caddy_data: + # caddy_sites: diff --git a/docker/nextcloud/pass.txt b/docker/nextcloud/pass.txt new file mode 100644 index 0000000..dabcace --- /dev/null +++ b/docker/nextcloud/pass.txt @@ -0,0 +1 @@ +enduring expiring venus easter catchable creed material scaling diff --git a/services/ChatGPT-nextcloud.nix b/services/ChatGPT-nextcloud.nix new file mode 100644 index 0000000..1cb13bb --- /dev/null +++ b/services/ChatGPT-nextcloud.nix @@ -0,0 +1,56 @@ + # + # Nextcloud Service Configuration + # + services.nextcloud = { + enable = true; + # The hostname Nextcloud will use. This should be how you access it in your browser. + # If you don't have a domain, use your server's IP address. + hostName = "nextcloud.local"; # <--- IMPORTANT: Change to your actual domain or IP + + # Use the built-in web server (Apache in this case) provided by the Nextcloud module. + # This means you don't need to configure services.httpd or services.nginx separately. + inheritBuiltinWebserver = true; + + # Directory where Nextcloud will store user data. + # Ensure this path is on a persistent storage volume. + dataDir = "/var/lib/nextcloud/data"; # <--- IMPORTANT: Ensure this path is suitable for your setup + + # Database configuration: PostgreSQL is recommended for production. + database = { + type = "postgresql"; + createLocally = true; # NixOS will manage and create the PostgreSQL database + userName = "nextcloud"; # Database username for Nextcloud + # Securely store the database password in a file. + # You MUST create this file before rebuilding your system (see instructions below). + passwordFile = "/run/keys/nextcloud-db-password"; + }; + + # Nextcloud application-specific configuration options. + # These map directly to Nextcloud's config.php settings. + config = { + # The host Nextcloud will use for internal redirects. Should match hostName. + overwritehost = "nextcloud.local"; # <--- IMPORTANT: Adjust if using a different hostname/IP + + # List of trusted domains/IPs from which Nextcloud can be accessed. + # Add your server's IP address and any domain names you'll use. + trusted_domains = [ + "nextcloud.local" # <--- IMPORTANT: Add your domain or IP here + "192.168.1.100" # <--- IMPORTANT: Replace with your server's actual IP address + ]; + + # Configure local memory caching for performance. APCu is recommended. + memcache.local = "\\OC\\Memcache\\APCu"; + }; + + # PHP FPM options required by Nextcloud for optimal performance. + phpOptions = { + "opcache.enable" = true; + "opcache.interned_strings_buffer" = 8; + "opcache.max_accelerated_files" = 10000; + "opcache.memory_consumption" = 128; + "opcache.save_comments" = 1; + "opcache.revalidate_freq" = 1; + "apc.enable_cli" = 1; + }; + }; + diff --git a/services/lup-nextcloud.nix b/services/lup-nextcloud.nix new file mode 100644 index 0000000..aecf435 --- /dev/null +++ b/services/lup-nextcloud.nix @@ -0,0 +1,47 @@ +# nextcloud.nix +# from Linux Unplugged +{ config, pkgs, ... }: +{ + services.nextcloud = { + enable = true; + hostName = "nextcloud.knossos.arkadi.one"; + # Need to manually increment with every major upgrade. + package = pkgs.nextcloud30; + # Let NixOS install and configure the database automatically. + database.createLocally = true; + # Let NixOS install and configure Redis caching automatically. + configureRedis = true; + # Increase the maximum file upload size. + maxUploadSize = "16G"; + https = true; + autoUpdateApps.enable = true; + extraAppsEnable = true; + extraApps = with config.services.nextcloud.package.packages.apps; { + # List of apps we want to install and are already packaged in + # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json + inherit calendar contacts notes onlyoffice tasks cookbook; + }; + + settings = { + #overwriteprotocol = "https"; + trusted_proxies = [ "localhost" "127.0.0.1" "100.82.24.89" ]; + #trusted_domains = [ "nextcloud.knossos.arkadi.one" ]; + }; + config = { + dbtype = "pgsql"; + adminuser = "admin"; + adminpassFile = "/var/lib/secrets/nextcloud-admin-pass"; + }; + # Suggested by Nextcloud's health check. + phpOptions."opcache.interned_strings_buffer" = "16"; + }; +/* + # Nightly database backups. + postgresqlBackup = { + enable = true; + startAt = "*-*-* 01:15:00"; + }; +*/ + services.nginx.virtualHosts."nextcloud.knossos.arkadi.one".listen = [ { addr = "127.0.0.1"; port = 8009; } ]; + +} diff --git a/services/nextcloud-reset.sh b/services/nextcloud-reset.sh index 6ff76a6..aee9354 100755 --- a/services/nextcloud-reset.sh +++ b/services/nextcloud-reset.sh @@ -5,5 +5,5 @@ sudo systemctl stop nextcloud-cron sudo systemctl stop phpfm-nextcloud sudo systemctl stop redis-nextcloud sudo rm -rf /var/lib/nextcloud -sudo rm -rf /var/lib/postgresql - +#sudo rm -rf /var/lib/postgresql +#sudo rm -rf /var/lib/redis-nextcloud diff --git a/services/nextcloud.nix b/services/nextcloud.nix index 42bc9d3..7b6fe3d 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -1,41 +1,14 @@ { config, pkgs, ... }: { + services.nextcloud = { - enable = true; - configureRedis = true; - package = pkgs.nextcloud30; - hostName = "nextcloud.knossos"; - datadir = "/home/elias/nextcloud/"; - settings = { - overwriteprotocol = "https"; - trusted_proxies = [ "localhost" "127.0.0.1" "100.82.24.89" ]; - #trusted_domains = [ "knossos.zebra-rudd.ts.net" ]; - }; - config = { - dbtype = "pgsql"; - dbuser = "nextcloud"; - dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself - dbname = "nextcloud"; - adminpassFile = "/var/lib/secrets/nextcloud-admin-pass"; - adminuser = "admin"; - }; + enable = true; + package = pkgs.nextcloud31; + hostName = "nextcloud.knossos"; + config.adminpassFile = "/var/lib/nextcloud-admin-pass"; + config.dbtype = "sqlite"; }; -services.postgresql = { - enable = true; - ensureDatabases = [ "nextcloud" ]; - ensureUsers = [ - { name = "nextcloud"; - ensureDBOwnership = true; - } - ]; -}; - -# ensure that postgres is running *before* running the setup -systemd.services."nextcloud-setup" = { - requires = ["postgresql.service"]; - after = ["postgresql.service"]; -}; services.nginx.virtualHosts."nextcloud.knossos".listen = [ { addr = "127.0.0.1"; port = 8009; } ]; diff --git a/services/old-nextcloud.nix b/services/old-nextcloud.nix new file mode 100644 index 0000000..e193c5f --- /dev/null +++ b/services/old-nextcloud.nix @@ -0,0 +1,42 @@ +{ config, pkgs, ... }: +{ +services.nextcloud = { + enable = true; + configureRedis = true; + package = pkgs.nextcloud31; + hostName = "nextcloud.knossos"; + datadir = "/var/lib/nextcloud/"; + settings = { + overwriteprotocol = "https"; + trusted_proxies = [ "localhost" "127.0.0.1" "100.82.24.89" ]; + trusted_domains = [ "nextcloud.knossos.arkadi.one" ]; + }; + config = { + dbtype = "pgsql"; + dbuser = "nextcloud"; + dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself + dbname = "nextcloud"; + adminpassFile = "/var/lib/secrets/nextcloud-admin-pass"; + adminuser = "admin"; + }; +}; + +services.postgresql = { + enable = true; + ensureDatabases = [ "nextcloud" ]; + ensureUsers = [ + { name = "nextcloud"; + ensureDBOwnership = true; + } + ]; +}; + +# ensure that postgres is running *before* running the setup +systemd.services."nextcloud-setup" = { + requires = ["postgresql.service"]; + after = ["postgresql.service"]; +}; + +services.nginx.virtualHosts."nextcloud.knossos".listen = [ { addr = "127.0.0.1"; port = 8009; } ]; + +}