Move one nextcloud out of container. Only retain container for chor-cloud
This commit is contained in:
parent
0ae8bd8120
commit
0954813341
|
@ -9,7 +9,50 @@ let
|
|||
} "nextcloud-admin";
|
||||
inherit (config.m-0) hosts;
|
||||
certPath = "/var/lib/acme";
|
||||
nextcloud-container = { v6, v4, hostname, rss ? false, extraMounts ? { } }: {
|
||||
nextcloudServices = hostname: {
|
||||
nextcloud-pg-backup = {
|
||||
script =
|
||||
let
|
||||
name = "nextcloud-psql-${hostname}";
|
||||
in
|
||||
''
|
||||
${config.services.postgresql.package}/bin/pg_dump nextcloud > /var/lib/db-backup-dumps/${name}
|
||||
'';
|
||||
serviceConfig = {
|
||||
User = "nextcloud";
|
||||
Type = "oneshot";
|
||||
};
|
||||
};
|
||||
prometheus-nginx-exporter.serviceConfig.RestartSec = 10;
|
||||
nextcloud-setup = {
|
||||
requires = [ "postgresql.service" ];
|
||||
after = [ "postgresql.service" ];
|
||||
};
|
||||
};
|
||||
nextcloudConf = hostname:
|
||||
{
|
||||
enable = true;
|
||||
hostName = hostname;
|
||||
package = pkgs.nextcloud21;
|
||||
maxUploadSize = "10g";
|
||||
caching = {
|
||||
redis = true;
|
||||
apcu = false;
|
||||
memcached = false;
|
||||
};
|
||||
config = {
|
||||
dbtype = "pgsql";
|
||||
dbname = "nextcloud";
|
||||
dbuser = "nextcloud";
|
||||
dbhost = "localhost";
|
||||
defaultPhoneRegion = "DE";
|
||||
} // adminCreds;
|
||||
autoUpdateApps = {
|
||||
enable = true;
|
||||
startAt = "20:30";
|
||||
};
|
||||
};
|
||||
nextcloud-container = { v6, v4, hostname }: {
|
||||
bindMounts = {
|
||||
"${certPath}" = {
|
||||
hostPath = certPath;
|
||||
|
@ -19,7 +62,7 @@ let
|
|||
hostPath = "/var/lib/db-backup-dumps";
|
||||
isReadOnly = false;
|
||||
};
|
||||
} // extraMounts;
|
||||
};
|
||||
timeoutStartSec = "360";
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
|
@ -54,35 +97,14 @@ let
|
|||
firewall.allowedTCPPorts = [ 80 443 ];
|
||||
};
|
||||
|
||||
systemd.services = nextcloudServices hostname;
|
||||
services = {
|
||||
nextcloud = nextcloudConf hostname;
|
||||
prometheus.exporters = {
|
||||
node.openFirewall = true;
|
||||
nginx.openFirewall = true;
|
||||
};
|
||||
|
||||
nextcloud = {
|
||||
enable = true;
|
||||
hostName = hostname;
|
||||
package = pkgs.nextcloud21;
|
||||
maxUploadSize = "10g";
|
||||
caching = {
|
||||
redis = true;
|
||||
apcu = false;
|
||||
memcached = false;
|
||||
};
|
||||
config = {
|
||||
dbtype = "pgsql";
|
||||
dbname = "nextcloud";
|
||||
dbuser = "nextcloud";
|
||||
dbhost = "localhost";
|
||||
defaultPhoneRegion = "DE";
|
||||
} // adminCreds;
|
||||
autoUpdateApps = {
|
||||
enable = true;
|
||||
startAt = "20:30";
|
||||
};
|
||||
};
|
||||
|
||||
redis.enable = true;
|
||||
|
||||
postgresql = {
|
||||
|
@ -90,100 +112,36 @@ let
|
|||
package = pkgs.postgresql_12;
|
||||
};
|
||||
};
|
||||
systemd = {
|
||||
services = {
|
||||
rss-server = mkIf rss {
|
||||
serviceConfig = {
|
||||
WorkingDirectory = "/var/www/rss";
|
||||
ExecStart = "${pkgs.python3}/bin/python -m http.server 8842";
|
||||
};
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
pg_backup = {
|
||||
script =
|
||||
let
|
||||
name = "nextcloud-psql-${hostname}";
|
||||
in
|
||||
''
|
||||
${config.services.postgresql.package}/bin/pg_dump nextcloud > /var/lib/db-backup-dumps/${name}
|
||||
'';
|
||||
serviceConfig = {
|
||||
User = "nextcloud";
|
||||
Type = "oneshot";
|
||||
};
|
||||
};
|
||||
prometheus-nginx-exporter.serviceConfig.RestartSec = 10;
|
||||
nextcloud-setup = {
|
||||
requires = [ "postgresql.service" ];
|
||||
after = [ "postgresql.service" ];
|
||||
};
|
||||
nextcloud-news-updater = mkIf rss {
|
||||
startAt = "20:00";
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = "nextcloud";
|
||||
ExecStart =
|
||||
let
|
||||
config = pkgs.writeText "updater.ini" (
|
||||
generators.toINI { } {
|
||||
updater = {
|
||||
user = adminCreds.adminuser;
|
||||
password = adminCreds.adminpass;
|
||||
url = "https://${hostname}/";
|
||||
mode = "singlerun";
|
||||
};
|
||||
}
|
||||
);
|
||||
in
|
||||
"${pkgs.nextcloud-news-updater}/bin/nextcloud-news-updater -c ${config}";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
serviceConfig.RestartSec = 10;
|
||||
unitConfig = {
|
||||
StartLimitIntervalSec = 30;
|
||||
StartLimitBurst = 2;
|
||||
};
|
||||
nginx = {
|
||||
rootExtra = "proxy_set_header Host $host; proxy_buffering off;";
|
||||
wellKnown = {
|
||||
priority = 210;
|
||||
extraConfig = ''
|
||||
location = /.well-known/carddav {
|
||||
return 301 https://$host/remote.php/dav;
|
||||
}
|
||||
location = /.well-known/caldav {
|
||||
return 301 https://$host/remote.php/dav;
|
||||
}
|
||||
location ^~ /.well-known {
|
||||
return 301 https://$host/index.php$request_uri;
|
||||
}
|
||||
try_files $uri $uri/ =404;
|
||||
'';
|
||||
};
|
||||
};
|
||||
mainHostName = "cloud.maralorn.de";
|
||||
in
|
||||
{
|
||||
systemd.services."container@cloud" = { inherit serviceConfig unitConfig; };
|
||||
systemd.services."container@chor-cloud" = {
|
||||
inherit serviceConfig unitConfig;
|
||||
systemd = {
|
||||
services = {
|
||||
"container@chor-cloud" = {
|
||||
serviceConfig.RestartSec = 10;
|
||||
unitConfig = {
|
||||
StartLimitIntervalSec = 30;
|
||||
StartLimitBurst = 2;
|
||||
};
|
||||
};
|
||||
rss-server = {
|
||||
serviceConfig = {
|
||||
WorkingDirectory = "/var/www/rss";
|
||||
ExecStart = "${pkgs.python3}/bin/python -m http.server 8842";
|
||||
};
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
} // nextcloudServices mainHostName;
|
||||
};
|
||||
services = {
|
||||
nextcloud = nextcloudConf mainHostName;
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."cloud.maralorn.de" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = {
|
||||
"/" = {
|
||||
proxyPass = "http://cloud";
|
||||
extraConfig = nginx.rootExtra;
|
||||
};
|
||||
"^~ /.well-known" = nginx.wellKnown;
|
||||
};
|
||||
};
|
||||
virtualHosts."cloud.mathechor.de" = {
|
||||
enableACME = true;
|
||||
|
@ -191,9 +149,23 @@ in
|
|||
locations = {
|
||||
"/" = {
|
||||
proxyPass = "http://chor-cloud";
|
||||
extraConfig = nginx.rootExtra;
|
||||
extraConfig = "proxy_set_header Host $host; proxy_buffering off;";
|
||||
};
|
||||
"^~ /.well-known" = {
|
||||
priority = 210;
|
||||
extraConfig = ''
|
||||
location = /.well-known/carddav {
|
||||
return 301 https://$host/remote.php/dav;
|
||||
}
|
||||
location = /.well-known/caldav {
|
||||
return 301 https://$host/remote.php/dav;
|
||||
}
|
||||
location ^~ /.well-known {
|
||||
return 301 https://$host/index.php$request_uri;
|
||||
}
|
||||
try_files $uri $uri/ =404;
|
||||
'';
|
||||
};
|
||||
"^~ /.well-known" = nginx.wellKnown;
|
||||
};
|
||||
extraConfig = ''
|
||||
more_set_headers "Content-Security-Policy: frame-ancestors 'self' https://*.mathechor.de";
|
||||
|
@ -229,18 +201,5 @@ in
|
|||
v6 = hosts.chor-cloud;
|
||||
v4 = hosts.chor-cloud-intern-v4;
|
||||
};
|
||||
cloud = nextcloud-container {
|
||||
hostname = "cloud.maralorn.de";
|
||||
v6 = hosts.cloud;
|
||||
v4 = hosts.cloud-intern-v4;
|
||||
rss = true;
|
||||
extraMounts = {
|
||||
"/media" = {
|
||||
hostPath = "/media";
|
||||
isReadOnly = false;
|
||||
};
|
||||
"/var/www/rss" = { hostPath = "/var/www/rss"; };
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -72,8 +72,8 @@ in
|
|||
set -x
|
||||
set +e
|
||||
${start} pg_backup
|
||||
${container} cloud -- ${start} pg_backup
|
||||
${container} chor-cloud -- ${start} pg_backup
|
||||
${start} nextcloud-pg-backup
|
||||
${container} chor-cloud -- ${start} nextcloud-pg-backup
|
||||
${lib.concatMapStringsSep "\n" (name: "${start} ${name}") backupJobNames}
|
||||
${pkgs.coreutils}/bin/rm -rf /var/lib/db-backup-dumps/*
|
||||
${start} nix-optimise
|
||||
|
|
Loading…
Reference in a new issue