numbus/numbus-server-module
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Services are ready

Browse Source
This commit is contained in:
Raphaël Numbus
2026-02-23 23:05:54 +01:00
parent 944ffcea85
commit 4bbd62a93e
11 changed files with 276 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/services/nextcloud.nix
+136 -28
View File
@@ -3,39 +3,37 @@
with lib;
let
# Version tagging
nextcloudVersion = "32.0.6";
redisVersion = "8.6-alpine";
databaseVersion = "11.4";
databaseVersion = "11.8";
onlyofficeVersion = "9.2";
whiteboardVersion = "v1.5.6";
# Helper
helper = import ./lib.nix { inherit config pkgs lib; };
cfg = config.numbus.services.nextcloud;
cfg2 = config.numbus.services.onlyoffice;
cfg3 = config.numbus.services.whiteboard;
in
helper.mkPodmanService {
description = "Nextcloud, your own online office suite";
name = "nextcloud";
pod = "nextcloud";
defaultPort = "11000";
defaultPort = "1100";
generatedSecrets = {
DB_NAME = "xkcdpass -n 2 -d -";
DB_USERNAME = "xkcdpass -n 2 -d -";
DB_PASSWORD = "xkcdpass -n 8 -d -";
REDIS_PASSWORD = "xkcdpass -n 8 -d -";
};
importedSecrets = {
DOMAIN_NAME = "${config.numbus.services.domain}";
REDIS_HOSTNAME = "immich-redis";
DB_HOSTNAME = "immich-database";
UPLOAD_LOCATION = "${cfg.dataDir}";
DB_DATA_LOCATION = "${cfg.configDir}/database";
TZ = "${time.timeZone}";
DB_PASSWORD = "xkcdpass -n 10 -d -";
REDIS_PASSWORD = "xkcdpass -n 10 -d -";
ONLYOFFICE_PASSWORD = "xkcdpass -n 10 -d -";
WHITEBOARD_PASSWORD = "xkcdpass -n 10 -d -";
SMTP_PASSWORD = "cat ${config.numbus.mail.smtpPasswordPath}";
};
dirPermissions = [
"100999:users ${cfg.dataDir}"
"100999:users ${cfg.configDir}"
"100032:users ${cfg.configDir}/web"
"100999:users ${cfg.configDir}/redis"
"100999:users ${cfg.configDir}/database"
"100999:users ${cfg.configDir}/onlyoffice"
"100032:users ${cfg.dataDir}"
];
# Compose file good
@@ -61,16 +59,21 @@ helper.mkPodmanService {
REDIS_HOST_PASSWORD: $REDIS_PASSWORD
NEXTCLOUD_TRUSTED_DOMAINS: ${cfg.subdomain}.${config.numbus.services.domain}
NEXTCLOUD_DATA_DIR: /mnt/ncdata
SMTP_HOST: $SMTP_HOST
SMTP_SECURE: tls
SMTP_PORT: $SMTP_PORT
SMTP_NAME: $SMTP_NAME
SMTP_HOST: ${config.numbus.mail.smtpServer}
SMTP_PORT: ${config.numbus.mail.smtpPort}
SMTP_NAME: ${config.numbus.mail.smtpUsername}
SMTP_PASSWORD: $SMTP_PASSWORD
MAIL_FROM_ADDRESS: nextcloud-noreply
MAIL_DOMAIN: ${config.numbus.services.domain}
APACHE_DISABLE_REWRITE_IP: 1
TRUSTED_PROXIES: 192.168.11.5
TRUSTED_PROXIES: ${config.numbus.networking.ipAddress}
OVERWRITEPROTOCOL: https
NC_default_phone_region: "${config.numbus.language}"
NC_default_language: "${config.numbus.language}"
NC_default_locale: "${config.numbus.locale}"
NC_default_timezone: "${time.timeZone}"
NC_maintenance_window_start: "1"
depends_on:
- nextcloud-database
security_opt:
@@ -87,7 +90,7 @@ helper.mkPodmanService {
nextcloud:
volumes:
- ${cfg.configDir}/redis:/data
command: redis-server --requirepass $REDIS_HOST_PASSWORD --save 60 1 --loglevel warning
command: redis-server --requirepass $REDIS_PASSWORD --save 60 1 --loglevel warning
security_opt:
- no-new-privileges:true
cap_drop:
@@ -111,19 +114,20 @@ helper.mkPodmanService {
- no-new-privileges:true
cap_drop:
- NET_RAW
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
restart: unless-stopped
nextcloud-onlyoffice:
container_name: nextcloud-onlyoffice
hostname: nextcloud-onlyoffice
image: docker.io/onlyoffice/documentserver:${onlyofficeVersion}
environment:
- JWT_SECRET=$JWT_SECRET
- JWT_SECRET=$ONLYOFFICE_PASSWORD
ports:
- "${cfg2.port}:80/tcp"
- "9980:80/tcp"
volumes:
- ${cfg2.configDir}/log:/var/log/onlyoffice
- ${cfg2.configDir}/cache:/var/lib/onlyoffice
- ${cfg2.configDir}/database:/var/lib/postgresql
- ${cfg.configDir}/onlyoffice/log:/var/log/onlyoffice
- ${cfg.configDir}/onlyoffice/cache:/var/lib/onlyoffice
- ${cfg.configDir}/onlyoffice/database:/var/lib/postgresql
security_opt:
- no-new-privileges:true
cap_drop:
@@ -135,10 +139,10 @@ helper.mkPodmanService {
hostname: nextcloud-whiteboard
user: '1000:1000'
ports:
- "${cfg3.port}:3002/tcp"
- "3002:3002/tcp"
environment:
NEXTCLOUD_URL: https://${cfg.subdomain}.${config.numbus.services.domain}
JWT_SECRET_KEY: $JWT_SECRET
JWT_SECRET_KEY: $WHITEBOARD_PASSWORD
security_opt:
- no-new-privileges:true
cap_drop:
@@ -150,4 +154,108 @@ helper.mkPodmanService {
driver: bridge
'';
extraConfig = {
environment.etc."${config.numbus.traefikDynamicConfigDir}/nextcloud-onlyoffice.yaml".text = ''
http:
routers:
nextcloud-onlyoffice:
rule: "Host(`onlyoffice.${config.numbus.services.domain}`)"
entrypoints:
- "websecure"
service: nextcloud-onlyoffice
middlewares:
- "secureHeaders"
tls:
certresolver: "cloudflare"
options: "secureTLS"
services:
nextcloud-onlyoffice:
loadBalancer:
servers:
- url: "http://host.containers.internal:9980"
'';
environment.etc."${config.numbus.traefikDynamicConfigDir}/nextcloud-whiteboard.yaml".text = ''
http:
routers:
nextcloud-whiteboard:
rule: "Host(`whiteboard.${config.numbus.services.domain}`)"
entrypoints:
- "websecure"
service: nextcloud-whiteboard
middlewares:
- "secureHeaders"
tls:
certresolver: "cloudflare"
options: "secureTLS"
services:
nextcloud-whiteboard:
loadBalancer:
servers:
- url: "http://host.containers.internal:3002"
'';
systemd.services."${name}-quirk" = {
description = "Podman container quirk : ${name}";
wantedBy = [ "multi-user.target" ];
after = [ "${name}.service" "${name}-secrets.service" ];
onFailure = [ "service-failure-notify@%n.service" ];
startLimitBurst = 5;
startLimitIntervalSec = 600;
path = [ pkgs.coreutils pkgs.sudo pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
mkdir -p /var/lib/numbus-server/${name}
if [[ -e /var/lib/numbus-server/${name}/quirk.true ]]; then
exit 0
fi
source /var/lib/numbus-server/${name}/.env
sleep 300
sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ background:cron
sudo -u numbus-admin podman exec --user www-data nextcloud-server php -f /var/www/html/cron.php
sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ db:add-missing-indices
sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ maintenance:repair --include-expensive
sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ files:scan --all
sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ files:repair-tree
for app in calendar contacts mail note onlyoffice cookbook whiteboard; do
sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ app:install $app
sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ app:enable $app
done
for app in activity app_api federatedfilesharing federation webhook_listeners photos recommendations sharebymail teams support richdocumentscode; do
sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ app:disable $app
sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ app:remove $app
done
sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ config:system:set onlyoffice DocumentServerInternalUrl --value="https://onlyoffice.${config.numbus.services.domain}/"
sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ config:system:set onlyoffice DocumentServerUrl --value="https://onlyoffice.${config.numbus.services.domain}/"
sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_PASSWORD"
sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ config:app:set whiteboard collabBackendUrl --value="https://whiteboard.${config.numbus.services.domain}"
sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ config:app:set whiteboard jwt_secret_key --value="$WHITEBOARD_PASSWORD"
touch /var/lib/numbus-server/${name}/quirk.true
'';
};
systemd.services."${name}-cron" = {
description = "Podman container crontab : ${name}";
after = [ "${name}.service" "${name}-quirk.service" ];
onFailure = [ "service-failure-notify@%n.service" ];
path = [ pkgs.coreutils pkgs.sudo pkgs.podman ];
serviceConfig = {
Type = "oneshot";
ExecStart = "sudo -u numbus-admin podman exec --user www-data nextcloud-server php -f /var/www/html/cron.php";
};
};
systemd.timers."${name}-cron" = {
description = "Timer for Nextcloud cron";
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5m";
OnUnitActiveSec = "5m";
Unit = "${name}-cron.service";
};
};
};
}