wayne/system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity
b7006e904d
system/modules/containers.nix
wayne b7006e904d Containers and Refinements Oh my
2024-11-01 09:04:24 -07:00

259 lines
7.2 KiB
Nix
Raw Blame History

# ssh-keygen -f /etc/ssh/ssh_host_ed25519_key
# ssh-keygen -f ~/.ssh/<name>.containers
# edit secrets file
# agenix -e secret.age
{ inputs, config, lib, pkgs, ... }:
{
containers = {
nextcloud = {
privateNetwork = true;
# hostAddress = "192.168.12.40";
localAddress = "192.168.12.71/24";
hostBridge = "br0";
autoStart = true;
bindMounts = {
"/etc/ssh/ssh_host_ed25519_key".isReadOnly = true;
};
config = { config, pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [ 80 ];
imports = [ inputs.agenix.nixosModules.default ];
age = {
identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
secrets."nextcloud" = {
file = ../secrets/nextcloud.age;
mode = "770";
owner = "nextcloud";
group = "nextcloud";
};
};
services.openssh = {
enable = true;
ports = [ 22 ];
settings = {
PasswordAuthentication = true;
AllowUsers = [ "wayne" ]; # Allows all users by default. Can be [ "user1" "user2" ]
UseDns = true;
X11Forwarding = false;
PermitRootLogin = "no"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no"
};
};
services.nextcloud = {
enable = true;
package = pkgs.nextcloud30;
hostName = "nextcloud";
https = false;
database.createLocally = true;
configureRedis = true;
autoUpdateApps.enable = true;
maxUploadSize = "16G";
extraAppsEnable = true;
appstoreEnable = true;
extraApps = with config.services.nextcloud.package.packages.apps; {
# List of apps we want to install and are already packaged in
# https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
inherit calendar contacts mail notes onlyoffice tasks qownnotesapi;
# Custom app installation example.
# cookbook = pkgs.fetchNextcloudApp rec {
# url =
# "https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz";
# sha256 = "sha256-XgBwUr26qW6wvqhrnhhhhcN4wkI+eXDHnNSm1HDbP6M=";
# };
};
enableImagemagick = true;
settings = {
default_phone_region = "US";
trusted_domains = [ "localhost" "launchpad" "192.168.12.40" "192.168.12.71" ];
};
config = {
dbtype = "pgsql";
adminuser = "nextcloud";
adminpassFile = config.age.secrets.nextcloud.path;
};
};
system.stateVersion = "24.05";
};
};
livebook = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
localAddress = "192.168.12.72/24";
bindMounts = {
"/etc/ssh/ssh_host_ed25519_key".isReadOnly = true;
};
config = { config, pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [ 80 ];
imports = [ inputs.agenix.nixosModules.default ];
age = {
identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
secrets."whayes" = {
file = ../secrets/whayes.age;
mode = "770";
owner = "wayne";
group = "wayne";
};
};
services.livebook = {
enableUserService = true;
environment = {
LIVEBOOK_PORT = 20123;
LIVEBOOK_PASSWORD = config.age.secrets.whayes.path;
};
# See note below about security
environmentFile = "/var/lib/livebook.env";
extraPackages = with pkgs; [ gcc gnumake ];
};
system.stateVersion = "24.05";
};
};
grocy = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
localAddress = "192.168.12.73/24";
bindMounts = {
"/etc/ssh/ssh_host_ed25519_key".isReadOnly = true;
};
config = { config, pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [ 80 ];
imports = [ inputs.agenix.nixosModules.default ];
age = {
identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
secrets."whayes" = {
file = ../secrets/whayes.age;
mode = "770";
owner = "wayne";
group = "wayne";
};
};
services.grocy = {
enable = true;
hostName = "grocy";
settings = {
currency = "USD";
culture = "en";
};
nginx = {
enableSSL = false;
};
phpfpm = {
settings = {
catch_workers_output = true;
"listen.owner" = "nginx";
"php_admin_flag[log_errors]" = true;
"php_admin_value[error_log]" = "stderr";
pm = "dynamic";
"pm.max_children" = "32";
"pm.max_requests" = "500";
"pm.max_spare_servers" = "4";
"pm.min_spare_servers" = "2";
"pm.start_servers" = "2";
};
};
};
system.stateVersion = "24.05";
};
};
onlyoffice = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
localAddress = "192.168.12.74/24";
bindMounts = {
"/etc/ssh/ssh_host_ed25519_key".isReadOnly = true;
};
config = { config, lib, pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [ 80 ];
nixpkgs.config.allowUnfree = true;
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [ "corefonts" ];
fonts.packages = with pkgs; [
corefonts
];
imports = [ inputs.agenix.nixosModules.default ];
age = {
identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
secrets."onlyoffice" = {
file = ../secrets/onlyoffice-jwt.age;
mode = "770";
owner = "onlyoffice";
group = "onlyoffice";
};
};
services.onlyoffice = {
enable = true;
port = 8000;
hostname = "onlyoffice";
package = pkgs.onlyoffice-documentserver;
jwtSecretFile = config.age.secrets.onlyoffice.path;
enableExampleServer = true;
examplePort = 8001;
};
system.stateVersion = "24.05";
};
};
# template = {
# autoStart = true;
# privateNetwork = true;
# hostBridge = "br0";
# localAddress = "192.168.12.73/24";
# bindMounts = {
# "/etc/ssh/ssh_host_ed25519_key".isReadOnly = true;
# };
# config = { config, pkgs, ... }:
# {
# networking.firewall.allowedTCPPorts = [ 80 ];
# imports = [ inputs.agenix.nixosModules.default ];
# age = {
# identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# secrets."whayes" = {
# file = ../secrets/whayes.age;
# mode = "770";
# owner = "wayne";
# group = "wayne";
# };
# };
# services.name = { ... };
# system.stateVersion = "24.05";
# };
# };
};
}
Reference in New Issue View Git Blame Copy Permalink