add nextcloud and postgres to docker

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
2024-08-15 23:35:11 -04:00
parent bb3a853bbc
commit b99dd1514b
5 changed files with 267 additions and 48 deletions
--- a/systems/palatine-hill/docker/default.nix
+++ b/systems/palatine-hill/docker/default.nix
@ -6,7 +6,36 @@
 }:

 {
-  imports = [ ./archiveteam.nix ];
+  imports = [
+    ./archiveteam.nix
+    ./docker.nix
+    ./nextcloud.nix
+  ];

  virtualisation.oci-containers.backend = "docker";
+
+  # "nextcloud-go-vod-1 radialapps/go-vod"
+  # "nextcloud-nextcloud-1 nextcloud-nextcloud"
+  # "nextcloud-redis-1 redis"
+
+  # "rlcraft-mc-1 itzg/minecraft-server:java8"
+  # "mc-router-mc-router-1 itzg/mc-router"
+
+  # "unifi-controller lscr.io/linuxserver/unifi-network-application:latest"
+  # "unifi-20-mongodb-1 mongo:7.0"
+
+  # "restic-grafana-1 grafana/grafana:latest"
+  # "restic-prometheus-1 prom/prometheus:latest"
+  # "restic-restserver-1 restic/rest-server:latest"
+
+  # "firefly-iii-fidi-1 fireflyiii/data-importer:latest"
+  # "firefly-iii-app-1 fireflyiii/core:latest"
+
+  # "haproxy-haproxy-1 haproxy:latest"
+  # "calibre-web lscr.io/linuxserver/calibre-web:latest"
+  # "glances-glances-1 nicolargo/glances:latest-full"
+  # "foundry felddy/foundryvtt:11"
+
+  # "Qbit ghcr.io/linuxserver/qbittorrent:latest"
+  # "Qbitvpn binhex/arch-qbittorrentvpn:latest"
 }
--- a/systems/palatine-hill/docker/nextcloud-image.nix
+++ b/systems/palatine-hill/docker/nextcloud-image.nix
@ -0,0 +1,84 @@
+{ pkgs, ... }:
+let
+  nextcloud-apache = pkgs.dockerTools.pullImage {
+    imageName = "nextcloud";
+    digest = "sha256:2ab0c5de2afd33c55721e69e87bd1667cad6c4550ba0fd0303cfeb7abb260750";
+    sha256sum = "11fh4jaz1asiihf2092sh7ma9xm35hmnkafpbjr3igkv8jicsky1";
+    finalImageName = "nextcloud";
+    finalImageTag = "apache";
+  };
+in
+
+pkgs.dockerTools.buildLayeredImage {
+  name = "nextcloud-custom";
+  tag = "latest";
+  fromImage = nextcloud-apache;
+  runAsRoot = ''
+    RUN set -ex; \
+        \
+        apt-get update; \
+        apt-get install -y --no-install-recommends \
+            ffmpeg \
+            ghostscript \
+            libmagickcore-6.q16-6-extra \
+            procps \
+            smbclient \
+            supervisor \
+    #       libreoffice \
+        ; \
+        rm -rf /var/lib/apt/lists/*
+
+    RUN set -ex; \
+        \
+        savedAptMark="$(apt-mark showmanual)"; \
+        \
+        apt-get update; \
+        apt-get install -y --no-install-recommends \
+            libbz2-dev \
+            libc-client-dev \
+            libkrb5-dev \
+            libsmbclient-dev \
+        ; \
+        \
+        docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
+        docker-php-ext-install \
+            bz2 \
+            imap \
+        ; \
+        pecl install smbclient; \
+        docker-php-ext-enable smbclient; \
+        \
+    # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
+        apt-mark auto '.*' > /dev/null; \
+        apt-mark manual $savedAptMark; \
+        ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
+            | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \
+            | sort -u \
+            | xargs -r dpkg-query --search \
+            | cut -d: -f1 \
+            | sort -u \
+            | xargs -rt apt-mark manual; \
+        \
+        apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+        rm -rf /var/lib/apt/lists/*
+
+    RUN mkdir -p \
+        /var/log/supervisord \
+        /var/run/supervisord \
+    ;
+  '';
+  copyToRoot = ./supervisord.conf;
+  config = {
+    ENV = {
+      NEXTCLOUD_UPDATE = 1;
+    };
+    CMD = [
+      "/usr/bin/supervisord"
+      "-c"
+      "/supervisord.conf"
+    ];
+
+  };
+
+}
+# build: nextcloud-dockerfiles/full/apache/
--- a/systems/palatine-hill/docker/nextcloud.nix
+++ b/systems/palatine-hill/docker/nextcloud.nix
@ -0,0 +1,38 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  nextcloud-image = import ./nextcloud-image.nix;
+in
+{
+  virtualisation.oci-containers.containers = {
+    nextcloud = {
+      image = "nextcloud-custom:latest";
+      imageFile = nextcloud-image;
+      hostname = "nextcloud";
+      ports = [
+        "9999:80"
+
+      ];
+      restart = "unless-stopped";
+      volumes = [
+        "/ZFS/ZFS-primary/nextcloud/nc_data:/var/www/html:z"
+        "/ZFS/ZFS-primary/nextcloud/nc_php:/usr/local/etc/php"
+        "/ZFS/ZFS-primary/nextcloud/nc_prehooks:/docker-entrypoint-hooks.d/before-starting"
+      ];
+      extraOption = [
+        "--network=haproxy-net"
+        "--network=postgres-net"
+        "--network=nextcloud_default"
+      ];
+      dependsOn = [
+
+        "redis"
+      ];
+    };
+  };
+}
--- a/systems/palatine-hill/docker/postgres.nix
+++ b/systems/palatine-hill/docker/postgres.nix
@ -0,0 +1,65 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  virtualisation.oci-containers.containers = {
+    postgres = {
+      image = "postgres:16";
+      user = "600:600";
+      volumes = [
+        "/ZFS/ZFS-primary/db/postgresql/primary_new:/var/lib/postgresql/data"
+        "/ZFS/ZFS-primary/db/postgresql/pg_archives:/opt/pg_archives"
+      ];
+      log-driver = "local";
+      extraOptions = [
+        "--network=postgres-net"
+        "--health-cmd='pg_isready -U firefly'"
+        "--health-interval=1s"
+        "--health-timeout=5s"
+        "--health-retries=15"
+        "--shm-size=1gb"
+      ];
+      environmentFiles = [ config.sops.secrets."docker/pg".path ];
+      restart = "always";
+    };
+
+    postgres-secondary = {
+      image = "postgres:16";
+      user = "600:600";
+      volumes = [
+        "/ZFS/ZFS-primary/db/postgresql/primary_new:/var/lib/postgresql/data"
+        "/ZFS/ZFS-primary/db/postgresql/pg_archives:/opt/pg_archives"
+      ];
+      log-driver = "local";
+      extraOptions = [
+        "--network=postgres-net"
+        "--health-cmd='pg_isready -U firefly'"
+        "--health-interval=1s"
+        "--health-timeout=5s"
+        "--health-retries=15"
+        "--shm-size=1gb"
+      ];
+      environmentFiles = [ config.sops.secrets."docker/pg".path ];
+      restart = "always";
+    };
+
+    postgres-adminer = {
+      image = "adminer/latest";
+      user = "600:600";
+      restart = "always";
+      ports = [ "4191:8080" ];
+      dependsOn = [ "postgres" ];
+      extraOptions = [ "--network=postgres-net" ];
+    };
+  };
+  sops = {
+    defaultSopsFile = ../secrets.yaml;
+    secrets = {
+      "docker/pg".owner = "docker-service";
+    };
+  };
+
+}