karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add nextcloud

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-06-16 00:40:24 +01:00
parent 6505f74ef3
commit f819c8c5e3
36 changed files with 572 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
packages/default.nix
View File

@@ -15,10 +15,9 @@
docker-grafana = import ./docker/grafana { inherit pkgs; };
docker-grafana-image-renderer = import ./docker/grafana-image-renderer { inherit pkgs; };
docker-mariadb = import ./docker/mariadb { inherit pkgs; };
docker-nextcloud = import ./docker/nextcloud { inherit pkgs; };
docker-ntfy = import ./docker/ntfy { inherit pkgs; };
docker-oidcwarden = import ./docker/oidcwarden {
inherit pkgs inputs system;
};
docker-oidcwarden = import ./docker/oidcwarden { inherit pkgs inputs system; };
docker-outline = import ./docker/outline { inherit pkgs; };
docker-postgresql = import ./docker/postgresql { inherit pkgs; };
docker-prometheus = import ./docker/prometheus { inherit pkgs; };

2
packages/docker/authelia/default.nix
View File

@@ -10,7 +10,7 @@ pkgs.dockerTools.buildImage {
};
config = {
Entrypoint = [ "/bin/authelia" ];
Entrypoint = [ "authelia" ];
ExposedPorts = {
"9091/tcp" = { };
};

5
packages/docker/base/default.nix
View File

@@ -11,9 +11,14 @@ pkgs.dockerTools.buildImage {
bashInteractive
ncurses
coreutils
util-linux
gnugrep
gawk
findutils
which
vim
iputils
iproute2
curl
];
pathsToLink = [

2
packages/docker/gitea/default.nix
View File

@@ -17,7 +17,7 @@ pkgs.dockerTools.buildImage {
'';
config = {
Entrypoint = [ "/bin/gitea" ];
Entrypoint = [ "gitea" ];
Cmd = [
"web"
"-c"

2
packages/docker/grafana-image-renderer/default.nix
View File

@@ -10,7 +10,7 @@ pkgs.dockerTools.buildImage {
};
config = {
Entrypoint = [ "/bin/grafana-image-renderer" ];
Entrypoint = [ "grafana-image-renderer" ];
Cmd = [ "server" ];
ExposedPorts = {
"8081/tcp" = { };

2
packages/docker/grafana/default.nix
View File

@@ -17,7 +17,7 @@ pkgs.dockerTools.buildImage {
'';
config = {
Entrypoint = [ "/bin/grafana" ];
Entrypoint = [ "grafana" ];
Cmd = [
"server"
"--homepath"

2
packages/docker/mariadb/default.nix
View File

@@ -30,7 +30,7 @@ pkgs.dockerTools.buildImage {
'';
config = {
Entrypoint = [ "/bin/entrypoint" ];
Entrypoint = [ "entrypoint" ];
WorkingDir = "/var/lib/mysql";
ExposedPorts = {
"3306/tcp" = { };

34
packages/docker/nextcloud/declarative-secrets.patch Normal file
View File

@@ -0,0 +1,34 @@
diff --git a/lib/private/Setup.php b/lib/private/Setup.php
index 271e10d6..d21e2dd6 100644
--- a/lib/private/Setup.php
+++ b/lib/private/Setup.php
@@ -272,21 +272,22 @@ class Setup {
$dbType = 'sqlite3';
}
- //generate a random salt that is used to salt the local passwords
- $salt = $this->random->generate(30);
- // generate a secret
- $secret = $this->random->generate(48);
-
//write the config file
$newConfigValues = [
- 'passwordsalt' => $salt,
- 'secret' => $secret,
'trusted_domains' => $trustedDomains,
'datadirectory' => $dataDir,
'dbtype' => $dbType,
'version' => implode('.', \OCP\Util::getVersion()),
];
+ if ($this->config->getValue('passwordsalt', null) === null) {
+ $newConfigValues['passwordsalt'] = $this->random->generate(30);
+ }
+
+ if ($this->config->getValue('secret', null) === null) {
+ $newConfigValues['secret'] = $this->random->generate(48);
+ }
+
if ($this->config->getValue('overwrite.cli.url', null) === null) {
$newConfigValues['overwrite.cli.url'] = $request->getServerProtocol() . '://' . $request->getInsecureServerHost() . \OC::$WEBROOT;
}

181
packages/docker/nextcloud/default.nix Normal file
View File

@@ -0,0 +1,181 @@
{ pkgs, ... }:
let
apacheHttpd = pkgs.apacheHttpd.overrideAttrs (oldAttrs: {
env.NIX_CFLAGS_COMPILE = "-DBIG_SECURITY_HOLE";
});
# https://docs.nextcloud.com/server/latest/admin_manual/installation/php_configuration.html
php =
(pkgs.php83.override {
inherit apacheHttpd;
apxs2Support = true;
}).buildEnv
{
extensions =
{ all, ... }:
with all;
[
ctype
curl
dom
fileinfo
filter
gd
mbstring
openssl
posix
session
simplexml
xmlreader
xmlwriter
zip
zlib
pdo_pgsql
intl
sodium
apcu
imagick
exif
pcntl
opcache
gmp
sysvsem
];
extraConfig = ''
expose_php = Off
memory_limit = 2048M
apc.shm_size = 128M
opcache.jit = 1255
opcache.jit_buffer_size = 8M
opcache.interned_strings_buffer = 16
upload_max_filesize = 100G
post_max_size = 100G
max_input_time = 3600
max_execution_time = 3600
output_buffering = 0
'';
};
apacheHttpdConfig = pkgs.writeTextDir "/etc/httpd/httpd.conf" ''
ServerRoot ${apacheHttpd}
ServerName localhost
Listen 80
LoadModule mpm_event_module modules/mod_mpm_event.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule headers_module modules/mod_headers.so
LoadModule env_module modules/mod_env.so
LoadModule dir_module modules/mod_dir.so
LoadModule mime_module modules/mod_mime.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule php_module ${php}/modules/libphp.so
User root
Group root
PidFile /run/httpd/httpd.pid
LogLevel warn
ErrorLog /dev/stderr
TypesConfig conf/mime.types
AddType application/x-httpd-php .php .phtml
DocumentRoot "/var/www/nextcloud"
DirectoryIndex index.php index.html
LimitRequestBody 0
TimeOut 3600
<Directory />
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
</Directory>
<Files ".ht*">
Require all denied
</Files>
'';
occ = pkgs.writeShellApplication {
name = "occ";
text = ''
exec ${pkgs.lib.meta.getExe php} /var/www/nextcloud/occ "$@"
'';
};
nextcloud31 =
let
nextcloud31 = pkgs.nextcloud31.overrideAttrs (oldAttrs: {
patches = oldAttrs.patches or [ ] ++ [ ./declarative-secrets.patch ];
});
in
pkgs.runCommandLocal "nextcloud" { } ''
mkdir -p $out/var/www
cp -r ${nextcloud31} $out/var/www/nextcloud
'';
crontab = pkgs.writeTextDir "/var/cron/tabs/root" ''
*/5 * * * * ${pkgs.lib.meta.getExe php} -f /var/www/nextcloud/cron.php
'';
entrypoint = pkgs.writeTextFile {
name = "entrypoint";
executable = true;
destination = "/bin/entrypoint";
text = builtins.readFile ./entrypoint.sh;
};
in
pkgs.dockerTools.buildImage {
name = "nextcloud";
fromImage = import ../base { inherit pkgs; };
diskSize = 2048;
copyToRoot = pkgs.buildEnv {
name = "root";
paths = [
apacheHttpd
apacheHttpdConfig
php
nextcloud31
occ
entrypoint
crontab
pkgs.cron
pkgs.ffmpeg
];
pathsToLink = [
"/bin"
"/etc"
"/var"
];
};
runAsRoot = ''
${pkgs.dockerTools.shadowSetup}
mkdir -p /run/httpd
'';
config = {
Entrypoint = [ "entrypoint" ];
Cmd = [
"-DFOREGROUND"
"-f"
"/etc/httpd/httpd.conf"
];
Volumes = {
"/var/www/nextcloud/config" = { };
"/var/www/nextcloud/apps" = { };
"/var/lib/nextcloud" = { };
};
WorkingDir = "/var/www/nextcloud";
ExposedPorts = {
"80/tcp" = { };
};
};
}

72
packages/docker/nextcloud/entrypoint.sh Normal file
View File

@@ -0,0 +1,72 @@
#!/bin/sh
set -o errexit
set -o nounset
if [ ! -f "/var/www/nextcloud/config/config.php" ]; then
POSTGRES_HOST="${POSTGRES_HOST:-nextcloud-postgresql}"
POSTGRES_PORT="${POSTGRES_PORT:-5432}"
POSTGRES_USER="${POSTGRES_USER:-nextcloud}"
POSTGRES_PASSWORD="${POSTGRES_PASSWORD:-nextcloud}"
POSTGRES_DB="${POSTGRES_DB:-$POSTGRES_USER}"
ADMIN_USER="admin"
ADMIN_PASS="$(head -c 128 /dev/urandom | tr -dc 'A-Za-z0-9' | head -c 64)"
echo "Installing Nextcloud..."
occ maintenance:install \
--database "pgsql" \
--database-host "$POSTGRES_HOST" \
--database-port "$POSTGRES_PORT" \
--database-user "$POSTGRES_USER" \
--database-pass "$POSTGRES_PASSWORD" \
--database-name "$POSTGRES_DB" \
--admin-user "$ADMIN_USER" \
--admin-pass "$ADMIN_PASS" \
--data-dir "/var/lib/nextcloud"
occ user:delete admin
occ app:disable \
app_api \
contactsinteraction \
dashboard \
federation \
firstrunwizard \
photos \
recommendations \
sharebymail \
support \
survey_client \
user_status \
weather_status
occ app:install \
oidc_login
fi
occ upgrade
occ app:update --all
occ db:add-missing-columns
occ db:add-missing-indices
occ db:add-missing-primary-keys
occ maintenance:repair --include-expensive
occ background:cron
occ maintenance:update:htaccess
[ -n "${EXTRA_INIT:-}" ] && eval "$EXTRA_INIT"
cron
PHPRC="$(dirname "$(readlink -f "$(which php)")")/../lib/php.ini"
export PHPRC
setsid --wait httpd "$@" &
pid=$!
trap 'kill -INT $pid' INT
wait $pid
exit $?

2
packages/docker/ntfy/default.nix
View File

@@ -10,7 +10,7 @@ pkgs.dockerTools.buildImage {
};
config = {
Entrypoint = [ "/bin/ntfy" ];
Entrypoint = [ "ntfy" ];
Cmd = [ "serve" ];
ExposedPorts = {
"80/tcp" = { };

2
packages/docker/oidcwarden/default.nix
View File

@@ -24,7 +24,7 @@ pkgs.dockerTools.buildImage {
};
config = {
Entrypoint = [ "/bin/oidcwarden" ];
Entrypoint = [ "oidcwarden" ];
Env = [
"WEB_VAULT_FOLDER=${selfPkgs.oidcwarden.webvault}/share/vaultwarden/vault"
"DATA_FOLDER=/var/lib/vaultwarden"

2
packages/docker/outline/default.nix
View File

@@ -13,7 +13,7 @@ pkgs.dockerTools.buildImage {
};
config = {
Entrypoint = [ "/bin/outline-server" ];
Entrypoint = [ "outline-server" ];
ExposedPorts = {
"3000/tcp" = { };
};

2
packages/docker/postgresql/default.nix
View File

@@ -36,7 +36,7 @@ pkgs.dockerTools.buildImage {
'';
config = {
Entrypoint = [ "/bin/entrypoint" ];
Entrypoint = [ "entrypoint" ];
WorkingDir = "/var/lib/postgresql";
ExposedPorts = {
"5432/tcp" = { };

2
packages/docker/prometheus-fail2ban-exporter/default.nix
View File

@@ -28,7 +28,7 @@ pkgs.dockerTools.buildImage {
};
config = {
Entrypoint = [ "/bin/entrypoint" ];
Entrypoint = [ "entrypoint" ];
ExposedPorts = {
"9191/tcp" = { };
};

2
packages/docker/prometheus-fail2ban-exporter/entrypoint.sh
View File

@@ -20,4 +20,4 @@ LOG_PID=$!
trap 'kill $LOG_PID' EXIT
exec /bin/prometheus-fail2ban-exporter "$@" > "$LOG_PIPE" 2>&1
exec prometheus-fail2ban-exporter "$@" > "$LOG_PIPE" 2>&1

2
packages/docker/prometheus-node-exporter/default.nix
View File

@@ -10,7 +10,7 @@ pkgs.dockerTools.buildImage {
};
config = {
Entrypoint = [ "/bin/node_exporter" ];
Entrypoint = [ "node_exporter" ];
Cmd = [ "--log.level=warn" ];
ExposedPorts = {
"9100/tcp" = { };

2
packages/docker/prometheus-podman-exporter/default.nix
View File

@@ -32,7 +32,7 @@ pkgs.dockerTools.buildImage {
'';
config = {
Entrypoint = [ "/bin/entrypoint" ];
Entrypoint = [ "entrypoint" ];
ExposedPorts = {
"9882/tcp" = { };
};

2
packages/docker/prometheus-podman-exporter/entrypoint.sh
View File

@@ -20,4 +20,4 @@ LOG_PID=$!
trap 'kill $LOG_PID' EXIT
exec /bin/prometheus-podman-exporter "$@" > "$LOG_PIPE" 2>&1
exec prometheus-podman-exporter "$@" > "$LOG_PIPE" 2>&1

2
packages/docker/prometheus-smartctl-exporter/default.nix
View File

@@ -10,7 +10,7 @@ pkgs.dockerTools.buildImage {
};
config = {
Entrypoint = [ "/bin/smartctl_exporter" ];
Entrypoint = [ "smartctl_exporter" ];
Cmd = [ "--log.level=warn" ];
ExposedPorts = {
"9633/tcp" = { };

2
packages/docker/prometheus/default.nix
View File

@@ -10,7 +10,7 @@ pkgs.dockerTools.buildImage {
};
config = {
Entrypoint = [ "/bin/prometheus" ];
Entrypoint = [ "prometheus" ];
ExposedPorts = {
"9090/tcp" = { };
};

2
packages/docker/redis/default.nix
View File

@@ -16,7 +16,7 @@ pkgs.dockerTools.buildImage {
};
config = {
Entrypoint = [ "/bin/redis-server" ];
Entrypoint = [ "redis-server" ];
WorkingDir = "/var/lib/redis";
ExposedPorts = {
"6379/tcp" = { };

2
packages/docker/sish/default.nix
View File

@@ -10,7 +10,7 @@ pkgs.dockerTools.buildImage {
};
config = {
Entrypoint = [ "/bin/sish" ];
Entrypoint = [ "sish" ];
Cmd = [
"--ssh-address=0.0.0.0:2222"
"--http-address=0.0.0.0:80"

2
packages/docker/traefik/default.nix
View File

@@ -10,7 +10,7 @@ pkgs.dockerTools.buildImage {
};
config = {
Entrypoint = [ "/bin/traefik" ];
Entrypoint = [ "traefik" ];
ExposedPorts = {
"80/tcp" = { };
};

2
packages/docker/whoami/default.nix
View File

@@ -15,7 +15,7 @@ pkgs.dockerTools.buildImage {
};
config = {
Entrypoint = [ "/bin/whoami" ];
Entrypoint = [ "whoami" ];
ExposedPorts = {
"80/tcp" = { };
};

2
packages/docker/yq/default.nix
View File

@@ -10,6 +10,6 @@ pkgs.dockerTools.buildImage {
};
config = {
Entrypoint = [ "/bin/yq" ];
Entrypoint = [ "yq" ];
};
}