nix-dotfiles/systems/palatine-hill/docker/nextcloud.nix

{ config, ... }:

let
  vars = import ../vars.nix;
  nextcloud_path = vars.primary_nextcloud;
  redis_path = vars.primary_redis;

  # nextcloud-image = import ./nextcloud-image { inherit pkgs; };
  nextcloud-base = {
    # image comes from running docker compose build in nextcloud-docker/.examples/full/apache
    image = "nextcloud-nextcloud";
    # pull = "always";
    # do NOT enable pull here, this image is generated based on a custom docker image
    hostname = "nextcloud";
    volumes = [
      "${nextcloud_path}/nc_data:/var/www/html:z"
      "${nextcloud_path}/nc_php:/usr/local/etc/php"
      "${nextcloud_path}/nc_prehooks:/docker-entrypoint-hooks.d/before-starting"
      #"${nextcloud_path}/remoteip.conf:/etc/apache2/conf-enabled/remoteip.conf:ro"
    ];
    extraOptions = [
      "--network=haproxy-net"
      "--network=postgres-net"
      "--network=nextcloud_default"
    ];
    dependsOn = [ "redis" ];
    environmentFiles = [ config.sops.secrets."docker/nextcloud".path ];
  };
in
{
  virtualisation.oci-containers.containers = {
    nextcloud = nextcloud-base // {
      ports = [ "9999:80" ];
    };
    redis = {
      image = "redis:latest";
      pull = "always";
      user = "600:600";
      volumes = [
        "${config.sops.secrets."docker/redis".path}:/usr/local/etc/redis/redis.conf"
        "${redis_path}:/data"
      ];
      extraOptions = [
        "--network=nextcloud_default"
      ];
      cmd = [
        "redis-server"
        "/usr/local/etc/redis/redis.conf"
      ];
    };
    go-vod = {
      image = "radialapps/go-vod:latest";
      pull = "always";
      dependsOn = [ "nextcloud" ];
      environment = {
        NEXTCLOUD_HOST = "https://nextcloud.alicehuston.xyz";
      };
      volumes = [ "${nextcloud_path}/nc_data:/var/www/html:ro" ];
      extraOptions = [
        "--device=/dev/dri:/dev/dri"
      ];
    };
    collabora-code = {
      image = "collabora/code:latest";
      pull = "always";
      dependsOn = [ "nextcloud" ];
      environment = {
        aliasgroup1 = "https://collabora.nayenoie.com:443";
        aliasgroup2 = "https://nextcloud.alicehuston.xyz:443";
        aliasgroup3 = "https://.*:443";
        extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
      };
      environmentFiles = [
        config.sops.secrets."docker/collabora".path
      ];
      extraOptions = [
        "--network=haproxy-net"
        "--privileged"
      ];
      ports = [ "9980:9980" ];
    };
  };

  users.users.www-data = {
    uid = 33;
    isSystemUser = true;
    group = "www-data";
  };

  users.groups.www-data = {
    gid = 33;
    members = [ "www-data" ];
  };

  sops = {
    defaultSopsFile = ../secrets.yaml;
    secrets = {
      "docker/redis" = {
        owner = "docker-service";
        restartUnits = [ "docker-redis.service" ];
      };
      "docker/nextcloud" = {
        owner = "www-data";
        restartUnits = [ "docker-nextcloud.service" ];
      };
      "docker/collabora" = {
        owner = "www-data";
        restartUnits = [ "docker-collabora-code.service" ];
      };
    };
  };
}
add ffdl, foundry, haproxy, glances, and zfs vars Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-17 21:49:31 -04:00			`{ config, ... }:`
add nextcloud and postgres to docker Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-15 23:35:11 -04:00
			`let`
add ffdl, foundry, haproxy, glances, and zfs vars Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-17 21:49:31 -04:00			`vars = import ../vars.nix;`
			`nextcloud_path = vars.primary_nextcloud;`
update docker configs, upgrade postgres Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-11-02 23:59:38 -04:00			`redis_path = vars.primary_redis;`
add ffdl, foundry, haproxy, glances, and zfs vars Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-17 21:49:31 -04:00
revert to stable apache instead of custom image Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-16 00:08:32 -04:00			`# nextcloud-image = import ./nextcloud-image { inherit pkgs; };`
			`nextcloud-base = {`
update docker configs, upgrade postgres Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-11-02 23:59:38 -04:00			`# image comes from running docker compose build in nextcloud-docker/.examples/full/apache`
fix nextcloud image 2025-03-02 17:22:34 -05:00			`image = "nextcloud-nextcloud";`
Update systems/palatine-hill/docker/nextcloud.nix 2025-06-15 16:13:04 -04:00			`# pull = "always";`
			`# do NOT enable pull here, this image is generated based on a custom docker image`
revert to stable apache instead of custom image Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-16 00:08:32 -04:00			`hostname = "nextcloud";`
			`volumes = [`
add ffdl, foundry, haproxy, glances, and zfs vars Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-17 21:49:31 -04:00			`"${nextcloud_path}/nc_data:/var/www/html:z"`
			`"${nextcloud_path}/nc_php:/usr/local/etc/php"`
			`"${nextcloud_path}/nc_prehooks:/docker-entrypoint-hooks.d/before-starting"`
update docker configs, upgrade postgres Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-11-02 23:59:38 -04:00			`#"${nextcloud_path}/remoteip.conf:/etc/apache2/conf-enabled/remoteip.conf:ro"`
revert to stable apache instead of custom image Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-16 00:08:32 -04:00			`];`
			`extraOptions = [`
			`"--network=haproxy-net"`
			`"--network=postgres-net"`
			`"--network=nextcloud_default"`
			`];`
			`dependsOn = [ "redis" ];`
			`environmentFiles = [ config.sops.secrets."docker/nextcloud".path ];`
			`};`
add nextcloud and postgres to docker Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-15 23:35:11 -04:00			`in`
			`{`
			`virtualisation.oci-containers.containers = {`
revert to stable apache instead of custom image Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-16 00:08:32 -04:00			`nextcloud = nextcloud-base // {`
add redis and go-vod containers Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-15 23:39:19 -04:00			`ports = [ "9999:80" ];`
revert to stable apache instead of custom image Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-16 00:08:32 -04:00			`};`
add redis and go-vod containers Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-15 23:39:19 -04:00			`redis = {`
			`image = "redis:latest";`
newer -> always Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2025-06-01 18:36:37 -04:00			`pull = "always";`
update docker configs, upgrade postgres Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-11-02 23:59:38 -04:00			`user = "600:600";`
			`volumes = [`
			`"${config.sops.secrets."docker/redis".path}:/usr/local/etc/redis/redis.conf"`
			`"${redis_path}:/data"`
			`];`
			`extraOptions = [`
			`"--network=nextcloud_default"`
			`];`
add redis and go-vod containers Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-15 23:39:19 -04:00			`cmd = [`
			`"redis-server"`
update docker configs, upgrade postgres Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-11-02 23:59:38 -04:00			`"/usr/local/etc/redis/redis.conf"`
add redis and go-vod containers Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-15 23:39:19 -04:00			`];`
			`};`
			`go-vod = {`
add collabora, add hydraJobs back in 2025-03-02 17:15:15 -05:00			`image = "radialapps/go-vod:latest";`
newer -> always Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2025-06-01 18:35:15 -04:00			`pull = "always";`
add redis and go-vod containers Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-15 23:39:19 -04:00			`dependsOn = [ "nextcloud" ];`
			`environment = {`
			`NEXTCLOUD_HOST = "https://nextcloud.alicehuston.xyz";`
			`};`
add ffdl, foundry, haproxy, glances, and zfs vars Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-17 21:49:31 -04:00			`volumes = [ "${nextcloud_path}/nc_data:/var/www/html:ro" ];`
add redis and go-vod containers Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-15 23:39:19 -04:00			`extraOptions = [`
			`"--device=/dev/dri:/dev/dri"`
			`];`
			`};`
add collabora, add hydraJobs back in 2025-03-02 17:15:15 -05:00			`collabora-code = {`
			`image = "collabora/code:latest";`
newer -> always Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2025-06-01 18:35:15 -04:00			`pull = "always";`
add collabora, add hydraJobs back in 2025-03-02 17:15:15 -05:00			`dependsOn = [ "nextcloud" ];`
			`environment = {`
aliasgroup expansion 2025-03-02 17:57:13 -05:00			`aliasgroup1 = "https://collabora.nayenoie.com:443";`
			`aliasgroup2 = "https://nextcloud.alicehuston.xyz:443";`
			`aliasgroup3 = "https://.*:443";`
switch collabora to ssl termination 2025-03-02 17:49:00 -05:00			`extra_params = "--o:ssl.enable=false --o:ssl.termination=true";`
add collabora, add hydraJobs back in 2025-03-02 17:15:15 -05:00			`};`
			`environmentFiles = [`
			`config.sops.secrets."docker/collabora".path`
			`];`
			`extraOptions = [`
			`"--network=haproxy-net"`
final fix for collabora 2025-03-02 19:53:42 -05:00			`"--privileged"`
add collabora, add hydraJobs back in 2025-03-02 17:15:15 -05:00			`];`
final fix for collabora 2025-03-02 19:53:42 -05:00			`ports = [ "9980:9980" ];`
add collabora, add hydraJobs back in 2025-03-02 17:15:15 -05:00			`};`
add redis and go-vod containers Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-15 23:39:19 -04:00			`};`

update docker configs, upgrade postgres Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-11-02 23:59:38 -04:00			`users.users.www-data = {`
			`uid = 33;`
			`isSystemUser = true;`
			`group = "www-data";`
			`};`

			`users.groups.www-data = {`
			`gid = 33;`
			`members = [ "www-data" ];`
			`};`

add redis and go-vod containers Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-15 23:39:19 -04:00			`sops = {`
			`defaultSopsFile = ../secrets.yaml;`
			`secrets = {`
update docker configs, upgrade postgres Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-11-02 23:59:38 -04:00			`"docker/redis" = {`
			`owner = "docker-service";`
			`restartUnits = [ "docker-redis.service" ];`
			`};`
			`"docker/nextcloud" = {`
			`owner = "www-data";`
			`restartUnits = [ "docker-nextcloud.service" ];`
			`};`
add collabora, add hydraJobs back in 2025-03-02 17:15:15 -05:00			`"docker/collabora" = {`
			`owner = "www-data";`
fix collabora code service name 2025-03-18 19:18:02 -04:00			`restartUnits = [ "docker-collabora-code.service" ];`
add collabora, add hydraJobs back in 2025-03-02 17:15:15 -05:00			`};`
add nextcloud and postgres to docker Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-08-15 23:35:11 -04:00			`};`
			`};`
			`}`