sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

setup scripts

Browse Source
This commit is contained in:
soraefir
2026-05-09 17:50:23 +02:00
parent 55d678df19
commit 63d2dddd1e
2 changed files with 70 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
modules/server/containers/default.nix
View File

@@ -6,10 +6,12 @@ let
containerSetsList = lib.mapAttrsToList (name: containerCfg: containerSetsList = lib.mapAttrsToList (name: containerCfg:
let defs = import (./defs + "/${name}.nix") {inherit config pkgs lib containerCfg builder name;}; let defs = import (./defs + "/${name}.nix") {inherit config pkgs lib containerCfg builder name;};
in{ in{
name = name;
containers = lib.mapAttrs' (cName: cValue: containers = lib.mapAttrs' (cName: cValue:
lib.nameValuePair "${name}-${cName}" cValue lib.nameValuePair "${name}-${cName}" cValue
) defs.containers; ) defs.containers;
paths = defs.paths or []; paths = defs.paths or [];
setup = defs.setup or null;
} }
) enabledConfigs; ) enabledConfigs;
mergedContainers = lib.attrsets.mergeAttrsList (lib.map(e: e.containers) containerSetsList); mergedContainers = lib.attrsets.mergeAttrsList (lib.map(e: e.containers) containerSetsList);
@@ -24,15 +26,7 @@ in
containers = mergedContainers; containers = mergedContainers;
}; };
systemd.services.podman-gc = { systemd.services
description = "Podman garbage collection";
serviceConfig.Type = "oneshot";
script = ''
${pkgs.podman}/bin/podman container prune -f
${pkgs.podman}/bin/podman image prune -f
'';
startAt = "weekly";
};
system.activationScripts.container-setup-dirs = { system.activationScripts.container-setup-dirs = {
deps = [ "users" "groups" ]; deps = [ "users" "groups" ];
@@ -42,5 +36,46 @@ in
${pkgs.coreutils}/bin/chmod ${cfg.mode} "${cfg.path}" ${pkgs.coreutils}/bin/chmod ${cfg.mode} "${cfg.path}"
'') allPathConfigs); '') allPathConfigs);
}; };
# systemd.services.${name}-init-settings = {
# description = "Initialize ${NAME} settings";
# after = [ "podman-${name}-${setup.trigger}.service" ];
# requires = [ "podman-${name}-${setup.trigger}.service" ];
# wantedBy = [ "multi-user.target" ];
# serviceConfig = {
# Type = "oneshot";
# ExecStart = "${container.setup.script}";
# RemainAfterExit = true;
# };
# };
systemd.services = {
podman-gc = {
description = "Podman garbage collection";
serviceConfig.Type = "oneshot";
script = ''
${pkgs.podman}/bin/podman container prune -f
${pkgs.podman}/bin/podman image prune -f
'';
startAt = "weekly";
};
} // lib.listToAttrs (lib.concatMap (containerSet:
if containerSet.setup != null then [{
name = "${containerSet.name}-setup";
value = {
description = "Run ${containerSet.name} setup";
after = [ "podman-${containerSet.name}-${containerSet.setup.trigger}.service" ];
requires = [ "podman-${containerSet.name}-${containerSet.setup.trigger}.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${containerSet.setup.script}";
RemainAfterExit = true;
User = "root";
};
};
}] else []
) containerSetsList);
}; };
} }

29
modules/server/containers/defs/nextcloud.nix
View File

@@ -33,13 +33,13 @@ in {
"SMTP_PASSWORD" = "mail_password"; "SMTP_PASSWORD" = "mail_password";
"MAIL_FROM_ADDRESS" = "${containerCfg.subdomain}@${serverCfg.hostDomain}"; "MAIL_FROM_ADDRESS" = "${containerCfg.subdomain}@${serverCfg.hostDomain}";
"MAIL_DOMAIN" = serverCfg.mailDomain; "MAIL_DOMAIN" = serverCfg.mailDomain;
"TRUSTED_PROXIES" = "..."; "TRUSTED_PROXIES" = "10.10.0.0/16 192.168.0.0/16";
}; };
extraLabels = { extraLabels = {
"traefik.http.routers.${containerCfg.subdomain}.middlewares" = "sts_headers,${containerCfg.subdomain}-caldav"; "traefik.http.routers.${containerCfg.subdomain}.middlewares" = "sts_headers,${containerCfg.subdomain}-caldav";
"traefik.http.middlewares.${containerCfg.subdomain}-caldav.redirectregex.permanent" = "true"; "traefik.http.middlewares.${containerCfg.subdomain}-caldav.redirectregex.permanent" = "true";
"traefik.http.middlewares.${containerCfg.subdomain}-caldav.redirectregex.regex" = "^https://(.*)/.well-known/(card|cal)dav"; "traefik.http.middlewares.${containerCfg.subdomain}-caldav.redirectregex.regex=https://(.*)/.well-known/(?:card|cal)dav"
"traefik.http.middlewares.${containerCfg.subdomain}-caldav.redirectregex.replacement" = "https://$\${1}/remote.php/dav/"; "traefik.http.middlewares.${containerCfg.subdomain}-caldav.redirectregex.replacement=https://$${1}/remote.php/dav"
"traefik.http.middlewares.sts_headers.headers.stsSeconds" = "15552000"; "traefik.http.middlewares.sts_headers.headers.stsSeconds" = "15552000";
"traefik.http.middlewares.sts_headers.headers.stsIncludeSubdomains" = "true"; "traefik.http.middlewares.sts_headers.headers.stsIncludeSubdomains" = "true";
}; };
@@ -54,6 +54,29 @@ in {
]; ];
}; };
}; };
};
setup = {
trigger="server";
script = pkgs.writeShellScript "setup" ''
# Define the command wrapper
OCC="${pkgs.podman}/bin/podman exec -u www-data nextcloud php occ"
echo "Waiting for Nextcloud container to start..."
until $OCC status > /dev/null 2>&1; do
sleep 2
done
echo "Maintenance ..."
$OCC maintenance:repair --include-expensive --non-interaction
$OCC db:add-missing-indices --non-interaction
echo "Applying settings..."
$OCC app:install calendar || true
$OCC config:system:set phone_region --value="CH"
$OCC config:app:set core backgroundjobs_mode --value="cron"
'';
}; };
} }