numbus/numbus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Migrated from Nextcloud-AIO to standard nextcloud.

Browse Source
This commit is contained in:
Raphaël Numbus
2026-02-16 14:09:41 +01:00
parent 1d820d4f87
commit c6ce0be03e
7 changed files with 202 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deploy.sh
+4 -2
View File
@@ -499,8 +499,10 @@ services_generation() {
# Nextcloud config # Nextcloud config
elif [[ "${service}" == "nextcloud" ]]; then elif [[ "${service}" == "nextcloud" ]]; then
generate_network "${service}" "0" "nextcloud-aio" generate_network "${service}" "1"
envsubst < templates/podman-config/traefik/nextcloud.yaml > final-nix-config/mnt/config/traefik/rules/nextcloud.yaml generate_db_creds "NEXTCLOUD"
export "NEXTCLOUD_REDIS_PASSWORD"="$(xkcdpass -d "-")"
# envsubst < templates/podman-config/traefik/nextcloud.yaml > final-nix-config/mnt/config/traefik/rules/nextcloud.yaml
# Passbolt config # Passbolt config
elif [[ "${service}" == "passbolt" ]]; then elif [[ "${service}" == "passbolt" ]]; then
templates/nix-config/misc/activation.nix
+14 -14
View File
@@ -64,20 +64,20 @@ PODMAN_NETWORKS
DOMAIN_NAME="$(cat /run/secrets/domain_name)" DOMAIN_NAME="$(cat /run/secrets/domain_name)"
echo "Applying Pi-Hole quirks..." #echo "Applying Pi-Hole quirks..."
if [[ -e /etc/nixos/podman/pi-hole.nix ]]; then #if [[ -e /etc/nixos/podman/pi-hole.nix ]]; then
mkdir -p /mnt/config/pi-hole/ # mkdir -p /mnt/config/pi-hole/
chown -R numbus-admin:users /mnt/config/pi-hole/ # chown -R numbus-admin:users /mnt/config/pi-hole/
echo "Waiting for Pi-hole to be ready..." # echo "Waiting for Pi-hole to be ready..."
until [[ -e /mnt/config/pi-hole/pihole-FTL.db ]]; do # until [[ -e /mnt/config/pi-hole/pihole-FTL.db ]]; do
sleep 15 # sleep 15
done # done
sleep 60 # sleep 60
sudo -u numbus-admin podman exec pi-hole pihole -g # sudo -u numbus-admin podman exec pi-hole pihole -g
sleep 60 # sleep 60
systemctl restart pi-hole.service # systemctl restart pi-hole.service
echo "Pi-Hole quirk applied and service ready !" # echo "Pi-Hole quirk applied and service ready !"
fi #fi
echo "Applying Home Assistant quirks..." echo "Applying Home Assistant quirks..."
if [[ -e /etc/nixos/podman/home-assistant.nix ]]; then if [[ -e /etc/nixos/podman/home-assistant.nix ]]; then
templates/nix-config/podman/nextcloud-aio.nix
+98
View File
@@ -0,0 +1,98 @@
{ config, pkgs, ... }:
let
container_name = "nextcloud";
compose_file = "podman/nextcloud/compose.yaml";
data_dir = "/mnt/data/nextcloud";
in
{
config = {
environment.etc."${compose_file}".text =
/*
yaml
*/
''
services:
nextcloud-aio-mastercontainer:
image: ghcr.io/nextcloud-releases/all-in-one:latest
container_name: nextcloud-aio-mastercontainer
networks:
nextcloud-aio:
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config
- /run/user/1000/podman/podman.sock:/var/run/docker.sock:ro
environment:
APACHE_PORT: 11000
APACHE_IP_BINDING: 127.0.0.1
NEXTCLOUD_DATADIR: ${data_dir}
NEXTCLOUD_ENABLE_DRI_DEVICE: $NEXTCLOUD_ENABLE_DRI_DEVICE
NEXTCLOUD_UPLOAD_LIMIT: 16G
NEXTCLOUD_MAX_TIME: 3600
NEXTCLOUD_MEMORY_LIMIT: 2048M
NEXTCLOUD_ADDITIONAL_APKS: imagemagick
NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick
WATCHTOWER_DOCKER_SOCKET_PATH: /run/user/1000/podman/podman.sock
labels:
- traefik.enable=true
- traefik.docker.network=nextcloud-aio
- traefik.http.services.nextcloud-aio.loadbalancer.server.port=8080
- traefik.http.services.nextcloud-aio.loadbalancer.server.scheme=https
- traefik.http.routers.nextcloud-aio-https.entrypoints=websecure
- traefik.http.routers.nextcloud-aio-https.rule=Host(`nextcloud-aio.$DOMAIN_NAME`)
- traefik.http.routers.nextcloud-aio-https.tls=true
- traefik.http.routers.nextcloud-aio-https.tls.certresolver=cloudflare
init: true
restart: always
networks:
nextcloud-aio:
external: true
volumes:
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer
'';
systemd.services."${container_name}" = {
description = "Podman container : ${container_name}";
after = [ "network.target" "traefik.service" "pi-hole.service" ];
requires = [ "traefik.service" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.podman pkgs.coreutils ];
serviceConfig = {
User = "numbus-admin";
Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ];
Type = "exec";
TimeoutStartSec = "600";
ExecStartPre = [
"${pkgs.bash}/bin/bash -c 'sleep $((RANDOM % 180))'"
"-${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"
];
ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
Restart = "on-failure";
RestartSec = "5m";
StartLimitBurst = "3";
};
};
systemd.services."update-${container_name}" = {
description = "Update ${container_name} container";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.systemd}/bin/systemctl restart ${container_name}.service";
};
};
systemd.timers."update-${container_name}" = {
timerConfig = {
OnCalendar = "02:00";
RandomizedDelaySec = "60m";
Unit = "update-${container_name}.service";
};
wantedBy = [ "timers.target" ];
};
};
}
templates/nix-config/podman/nextcloud.nix
+62 -28
View File
@@ -14,44 +14,78 @@ in
*/ */
'' ''
services: services:
nextcloud-aio-mastercontainer: nextcloud-server:
image: ghcr.io/nextcloud-releases/all-in-one:latest image: docker.io/library/nextcloud:latest
container_name: nextcloud-aio-mastercontainer container_name: nextcloud-server
restart: unless-stopped
networks: networks:
nextcloud-aio: nextcloud_frontend:
nextcloud_backend:
volumes: volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config - nextcloud_data:/var/www/html
- /run/user/1000/podman/podman.sock:/var/run/docker.sock:ro
environment: environment:
APACHE_PORT: 11000 MYSQL_HOST: nextcloud-database
APACHE_IP_BINDING: 127.0.0.1 MYSQL_DATABASE: $MYSQL_DATABASE
NEXTCLOUD_DATADIR: ${data_dir} MYSQL_USER: $MYSQL_USER
NEXTCLOUD_ENABLE_DRI_DEVICE: $NEXTCLOUD_ENABLE_DRI_DEVICE MYSQL_PASSWORD: $MYSQL_PASSWORD
NEXTCLOUD_UPLOAD_LIMIT: 16G REDIS_HOST: nextcloud-redis
NEXTCLOUD_MAX_TIME: 3600 REDIS_HOST_PASSWORD: $REDIS_HOST_PASSWORD
NEXTCLOUD_MEMORY_LIMIT: 2048M NEXTCLOUD_TRUSTED_DOMAINS: $DOMAIN_NAME
NEXTCLOUD_ADDITIONAL_APKS: imagemagick NEXTCLOUD_DATA_DIR: ${data_dir}
NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick SMTP_HOST: $SMTP_HOST
WATCHTOWER_DOCKER_SOCKET_PATH: /run/user/1000/podman/podman.sock SMTP_SECURE: tls
SMTP_PORT: $SMTP_PORT
SMTP_NAME: $SMTP_NAME
SMTP_PASSWORD: $SMTP_PASSWORD
MAIL_FROM_ADDRESS: $MAIL_FROM_ADDRESS
MAIL_DOMAIN: $DOMAIN_NAME
APACHE_DISABLE_REWRITE_IP: 1
TRUSTED_PROXIES: traefik
OVERWRITEPROTOCOL: https
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.docker.network=nextcloud-aio - traefik.docker.network=nextcloud_frontend
- traefik.http.services.nextcloud-aio.loadbalancer.server.port=8080 - traefik.http.services.nextcloud.loadbalancer.server.port=80
- traefik.http.services.nextcloud-aio.loadbalancer.server.scheme=https - traefik.http.services.nextcloud.loadbalancer.server.scheme=http
- traefik.http.routers.nextcloud-aio-https.entrypoints=websecure - traefik.http.routers.nextcloud-https.entrypoints=websecure
- traefik.http.routers.nextcloud-aio-https.rule=Host(`nextcloud-aio.$DOMAIN_NAME`) - traefik.http.routers.nextcloud-https.rule=Host(`nextcloud.$DOMAIN_NAME`)
- traefik.http.routers.nextcloud-aio-https.tls=true - traefik.http.routers.nextcloud-https.tls=true
- traefik.http.routers.nextcloud-aio-https.tls.certresolver=cloudflare - traefik.http.routers.nextcloud-https.tls.certresolver=cloudflare
init: true depends_on:
restart: always - nextcloud-database
- nextcloud-redis
nextcloud-redis:
image: docker.io/library/redis:alpine
name: nextcloud-redis
restart: unless-stopped
networks:
nextcloud_backend:
command: redis-server --requirepass $REDIS_HOST_PASSWORD
nextcloud-database:
image: docker.io/library/mariadb:latest
container_name: nextcloud-database
restart: unless-stopped
networks:
nextcloud_backend:
volumes:
- nextcloud_database:/var/lib/mysql
environment:
MARIADB_DATABASE: $MYSQL_DATABASE
MARIADB_USER: $MYSQL_USER
MARIADB_PASSWORD: $MYSQL_PASSWORD
MARIADB_RANDOM_ROOT_PASSWORD: true
networks: networks:
nextcloud-aio: nextcloud_frontend:
external: true
nextcloud_backend:
external: true external: true
volumes: volumes:
nextcloud_aio_mastercontainer: nextcloud_data:
name: nextcloud_aio_mastercontainer nextcloud_database:
''; '';
systemd.services."${container_name}" = { systemd.services."${container_name}" = {
templates/nix-config/podman/passbolt.nix
+4 -4
View File
@@ -30,10 +30,10 @@ in
DATASOURCES_DEFAULT_PASSWORD: $PASSBOLT_MYSQL_PASSWORD DATASOURCES_DEFAULT_PASSWORD: $PASSBOLT_MYSQL_PASSWORD
DATASOURCES_DEFAULT_DATABASE: $PASSBOLT_MYSQL_DATABASE DATASOURCES_DEFAULT_DATABASE: $PASSBOLT_MYSQL_DATABASE
EMAIL_DEFAULT_FROM_NAME: "Passbolt" EMAIL_DEFAULT_FROM_NAME: "Passbolt"
EMAIL_TRANSPORT_DEFAULT_HOST: $SENDER_EMAIL_DOMAIN EMAIL_TRANSPORT_DEFAULT_HOST: $EMAIL_TRANSPORT_DEFAULT_HOST
EMAIL_TRANSPORT_DEFAULT_PORT: $SENDER_EMAIL_PORT EMAIL_TRANSPORT_DEFAULT_PORT: $EMAIL_TRANSPORT_DEFAULT_PORT
EMAIL_TRANSPORT_DEFAULT_USERNAME: $SENDER_EMAIL_ADDRESS EMAIL_TRANSPORT_DEFAULT_USERNAME: $EMAIL_TRANSPORT_DEFAULT_USERNAME
EMAIL_TRANSPORT_DEFAULT_PASSWORD: $SENDER_EMAIL_ADDRESS_PASSWORD EMAIL_TRANSPORT_DEFAULT_PASSWORD: $EMAIL_TRANSPORT_DEFAULT_PASSWORD
EMAIL_TRANSPORT_DEFAULT_TLS: true EMAIL_TRANSPORT_DEFAULT_TLS: true
EMAIL_DEFAULT_FROM: $EMAIL_ADDRESS EMAIL_DEFAULT_FROM: $EMAIL_ADDRESS
PASSBOLT_SSL_FORCE: true PASSBOLT_SSL_FORCE: true
templates/nix-config/podman/pi-hole.nix
+4 -2
View File
@@ -3,7 +3,6 @@
let let
container_name = "pi-hole"; container_name = "pi-hole";
compose_file = "podman/pi-hole/compose.yaml"; compose_file = "podman/pi-hole/compose.yaml";
config_dir = "/mnt/config/pi-hole";
in in
{ {
@@ -43,7 +42,7 @@ in
FTLCONF_ntp_ipv6_active: "false" FTLCONF_ntp_ipv6_active: "false"
FTLCONF_ntp_sync_active: "false" FTLCONF_ntp_sync_active: "false"
volumes: volumes:
- ${config_dir}:/etc/pihole - pi-hole_data:/etc/pihole
cap_add: cap_add:
- SYS_NICE - SYS_NICE
labels: labels:
@@ -57,6 +56,9 @@ in
- traefik.http.routers.pihole-https.tls.certresolver=cloudflare - traefik.http.routers.pihole-https.tls.certresolver=cloudflare
restart: unless-stopped restart: unless-stopped
volumes:
pi-hole_data:
networks: networks:
pi-hole_frontend: pi-hole_frontend:
external: true external: true
templates/nix-config/sops-nix/secrets.yaml
+14 -6
View File
@@ -34,17 +34,25 @@ podman:
DOMAIN_NAME="$DOMAIN_NAME" DOMAIN_NAME="$DOMAIN_NAME"
nextcloud: | nextcloud: |
DOMAIN_NAME="$DOMAIN_NAME" DOMAIN_NAME="$DOMAIN_NAME"
NEXTCLOUD_ENABLE_DRI_DEVICE=$TARGET_GRAPHICS MYSQL_DATABASE="$NEXTCLOUD_DB_NAME"
MYSQL_USER="$NEXTCLOUD_DB_USERNAME"
MYSQL_PASSWORD="$NEXTCLOUD_DB_PASSWORD"
REDIS_HOST_PASSWORD="$NEXTCLOUD_REDIS_PASSWORD"
SMTP_HOST="$SENDER_EMAIL_DOMAIN"
SMTP_PORT="$SENDER_EMAIL_PORT"
SMTP_NAME="$SENDER_EMAIL_ADDRESS"
SMTP_PASSWORD="$SENDER_EMAIL_ADDRESS_PASSWORD"
MAIL_FROM_ADDRESS="$EMAIL_ADDRESS"
passbolt: | passbolt: |
DOMAIN_NAME="$DOMAIN_NAME" DOMAIN_NAME="$DOMAIN_NAME"
PASSBOLT_MYSQL_DATABASE="$PASSBOLT_DB_NAME" PASSBOLT_MYSQL_DATABASE="$PASSBOLT_DB_NAME"
PASSBOLT_MYSQL_USER="$PASSBOLT_DB_USERNAME" PASSBOLT_MYSQL_USER="$PASSBOLT_DB_USERNAME"
PASSBOLT_MYSQL_PASSWORD="$PASSBOLT_DB_PASSWORD" PASSBOLT_MYSQL_PASSWORD="$PASSBOLT_DB_PASSWORD"
SENDER_EMAIL_ADDRESS="$SENDER_EMAIL_ADDRESS" EMAIL_TRANSPORT_DEFAULT_HOST="$SENDER_EMAIL_DOMAIN"
SENDER_EMAIL_ADDRESS_PASSWORD="$SENDER_EMAIL_ADDRESS_PASSWORD" EMAIL_TRANSPORT_DEFAULT_PORT="$SENDER_EMAIL_PORT"
SENDER_EMAIL_DOMAIN="$SENDER_EMAIL_DOMAIN" EMAIL_TRANSPORT_DEFAULT_USERNAME="$SENDER_EMAIL_ADDRESS"
SENDER_EMAIL_PORT="$SENDER_EMAIL_PORT" EMAIL_TRANSPORT_DEFAULT_PASSWORD="$SENDER_EMAIL_ADDRESS_PASSWORD"
EMAIL_ADDRESS="$EMAIL_ADDRESS" EMAIL_DEFAULT_FROM="$EMAIL_ADDRESS"
TZ="Europe/Paris" TZ="Europe/Paris"
pi_hole: | pi_hole: |
DOMAIN_NAME="$DOMAIN_NAME" DOMAIN_NAME="$DOMAIN_NAME"