update docker configs, upgrade postgres

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
2024-11-02 23:59:38 -04:00
parent 8de5a168ba
commit 9d8164f28d
12 changed files with 116 additions and 74 deletions
--- a/systems/palatine-hill/docker/nextcloud.nix
+++ b/systems/palatine-hill/docker/nextcloud.nix
@ -3,18 +3,20 @@
 let
  vars = import ../vars.nix;
  nextcloud_path = vars.primary_nextcloud;
+  redis_path = vars.primary_redis;

  # nextcloud-image = import ./nextcloud-image { inherit pkgs; };
  nextcloud-base = {
-    image = "nextcloud:stable-apache";
+    # image comes from running docker compose build in nextcloud-docker/.examples/full/apache
+    image = "nextcloud-nextcloud";
    hostname = "nextcloud";
    volumes = [
      "${nextcloud_path}/nc_data:/var/www/html:z"
      "${nextcloud_path}/nc_php:/usr/local/etc/php"
      "${nextcloud_path}/nc_prehooks:/docker-entrypoint-hooks.d/before-starting"
+      #"${nextcloud_path}/remoteip.conf:/etc/apache2/conf-enabled/remoteip.conf:ro"
    ];
    extraOptions = [
-      "--restart=unless-stopped"
      "--network=haproxy-net"
      "--network=postgres-net"
      "--network=nextcloud_default"
@ -28,20 +30,19 @@ in
    nextcloud = nextcloud-base // {
      ports = [ "9999:80" ];
    };
-    nextcloud-cron = nextcloud-base // {
-      entrypoint = "/cron.sh";
-      dependsOn = [
-        "redis"
-        "nextcloud"
-      ];
-    };
    redis = {
      image = "redis:latest";
-      extraOptions = [ "--restart=unless-stopped" ];
-      volumes = [ "${config.sops.secrets."docker/redis".path}:/usr/local/etc/redis/redis.conf" ];
+      user = "600:600";
+      volumes = [
+        "${config.sops.secrets."docker/redis".path}:/usr/local/etc/redis/redis.conf"
+        "${redis_path}:/data"
+      ];
+      extraOptions = [
+        "--network=nextcloud_default"
+      ];
      cmd = [
        "redis-server"
-        config.sops.secrets."docker/redis".path
+        "/usr/local/etc/redis/redis.conf"
      ];
    };
    go-vod = {
@ -52,17 +53,33 @@ in
      };
      volumes = [ "${nextcloud_path}/nc_data:/var/www/html:ro" ];
      extraOptions = [
-        "--restart=always"
        "--device=/dev/dri:/dev/dri"
      ];
    };
  };

+  users.users.www-data = {
+    uid = 33;
+    isSystemUser = true;
+    group = "www-data";
+  };
+
+  users.groups.www-data = {
+    gid = 33;
+    members = [ "www-data" ];
+  };
+
  sops = {
    defaultSopsFile = ../secrets.yaml;
    secrets = {
-      "docker/redis".owner = "docker-service";
-      "docker/nextcloud".owner = "docker-service";
+      "docker/redis" = {
+        owner = "docker-service";
+        restartUnits = [ "docker-redis.service" ];
+      };
+      "docker/nextcloud" = {
+        owner = "www-data";
+        restartUnits = [ "docker-nextcloud.service" ];
+      };
    };
  };
 }