{ config, pkgs, ... }: let inherit (config.sops) secrets; inherit (config.khepri) rwDataDir; mainContainerName = "app-server"; rwPath = rwDataDir + "/nextcloud"; in { khepri.compositions."nextcloud" = { networks.proxy_net = {external = true;}; services = { "${mainContainerName}" = { image = import ./images/nextcloud.nix pkgs; restart = "always"; expose = [ "80" "9000" ]; networks = ["proxy_net"]; volumes = [ "${rwPath}/data:/var/www/html" "/data/docs:/var/www/drive" ]; environmentFiles = [secrets.nextcloud.path]; environment = { POSTGRES_DB = "nextcloud"; POSTGRES_HOST = "nextcloud-db"; REDIS_HOST = "nextcloud-cache"; NEXTCLOUD_INIT_HTACCESS = "true"; }; }; "onlyoffice-document-server" = let filePath = "/var/www/onlyoffice/documentserver/web-apps/apps/*/mobile/dist/js/app.js"; func = "isSupportEditFeature=function()"; entrypoint = pkgs.writeScript "entrypoint" # bash '' #!/bin/sh # Fix proxies sed -i 's/"allowPrivateIPAddress": false,/"allowPrivateIPAddress": true,/' /etc/onlyoffice/documentserver/default.json sed -i 's/"allowMetaIPAddress": false/"allowMetaIPAddress": true/' /etc/onlyoffice/documentserver/default.json # Fix mobile editing sed -i 's/${func}{return!1}/${func}{return 1}/g' ${filePath} apt update apt install imagemagick -y exec /app/ds/run-document-server.sh ''; in { image = import ./images/onlyoffice.nix pkgs; restart = "always"; environment.JWT_ENABLED = "false"; ports = ["8055:80"]; expose = [ "80" "443" ]; networks = ["proxy_net"]; entrypoint = "/entrypoint.sh"; volumes = [ "${entrypoint}:/entrypoint.sh" "${rwPath}/data-onlyoffice:/var/log/onlyoffice" ]; tmpfs = [ "/var/www/onlyoffice/Data" "/var/lib/postgresql" "/usr/share/fonts/truetype/custom" "/var/lib/rabbitmq" "/var/lib/redis" "/var/lib/onlyoffice" ]; }; "nginx-server" = { image = import ./images/nginx.nix pkgs; restart = "always"; ports = ["8042:80"]; networks = ["proxy_net"]; volumes = [ "${./nginx.conf}:/etc/nginx/nginx.conf" "${rwPath}/data:/var/www/html" ]; }; "nextcloud-db" = { image = import ./images/postgres.nix pkgs; restart = "always"; environmentFiles = [secrets.nextcloud.path]; volumes = [ "${rwPath}/database:/var/lib/postgresql/data" "/etc/localtime:/etc/localtime:ro" ]; networks = ["proxy_net"]; }; "nextcloud-cache" = let entrypoint = pkgs.writeScript "entrypoint" # bash '' #!/bin/sh exec redis-server --requirepass "$REDIS_HOST_PASSWORD" ''; in { image = import ./images/redis.nix pkgs; restart = "always"; #mem_limit = "2048m"; #mem_reservation = "512m"; environmentFiles = [secrets.nextcloud.path]; entrypoint = "/entrypoint.sh"; volumes = ["${entrypoint}:/entrypoint.sh"]; tmpfs = ["/data"]; networks = ["proxy_net"]; }; }; }; # Cron job systemd.timers.nextcloud-cron = { description = "Timer For Nextcloud Cron"; wantedBy = ["timers.target"]; timerConfig.OnBootSec = "5m"; timerConfig.OnUnitActiveSec = "5m"; }; systemd.services.nextcloud-cron = { description = "Nextcloud Cron"; requires = ["docker-nextcloud_app-server.service"]; after = ["docker-nextcloud_app-server.service"]; serviceConfig = { Type = "oneshot"; ExecStart = "${pkgs.docker}/bin/docker exec -u www-data nextcloud_${mainContainerName} php -f /var/www/html/cron.php"; }; }; }