{ config, pkgs, ... }: let serverCfg = config.syscfg.server; in { project.name = "cloud"; networks = { internal = { internal = true; external = false; }; external = { external = true; }; }; services = { cloud_nextcloud.service = { image = "nextcloud:27"; container_name = "cloud"; restart = "unless-stopped"; networks = [ "external" ]; volumes = [ "${serverCfg.configPath}/data/nextcloud:/var/www/html" "${serverCfg.dataPath}/data/music:/media/music" "${serverCfg.dataPath}/data/video:/media/video" "${serverCfg.dataPath}/data/photo:/media/photo" ]; tmpfs = [ "/tmp" ]; labels = { "traefik.enable" = "true"; "traefik.http.routers.nextcloud.entrypoints" = "web-secure"; "traefik.http.routers.nextcloud.rule" = "Host(`cloud.${serverCfg.hostDomain}`)"; "traefik.http.routers.nextcloud.tls" = "true"; "traefik.http.routers.nextcloud.middlewares" = "sts_headers,nextcloud-caldav"; "traefik.http.middlewares.nextcloud-caldav.redirectregex.permanent" = "true"; "traefik.http.middlewares.nextcloud-caldav.redirectregex.regex" = "^https://(.*)/.well-known/(card|cal)dav"; "traefik.http.middlewares.nextcloud-caldav.redirectregex.replacement" = "https://$\${1}/remote.php/dav/"; "traefik.http.middlewares.sts_headers.headers.stsSeconds" = "15552000"; "traefik.http.middlewares.sts_headers.headers.stsIncludeSubdomains" = "true"; }; }; cloud_office.service = { image = "collabora/code:latest"; container_name = "cloud_office"; restart = "unless-stopped"; networks = [ "external" ]; volumes = [ ]; environment = { username = "COLLABORA_USER"; password = "COLLABORA_PASSWORD"; aliasgroup1 = "https://cloud.${serverCfg.hostDomain}"; server_name = "office.${serverCfg.hostDomain}"; VIRTUAL_HOST = "office.${serverCfg.hostDomain}"; VIRTUAL_PORT = "9980"; VIRTUAL_PROTO = "http"; DONT_GEN_SSL_CERT = "true"; RESOLVE_TO_PROXY_IP = "true"; NETWORK_ACCESS = "internal"; extra_params = "--o:ssl.enable=false --o:ssl.termination=true"; dictionaries = "en fr de jp"; }; labels = { "traefik.enable" = "true"; "traefik.http.routers.collabora.entrypoints" = "web-secure"; "traefik.http.routers.collabora.rule" = "Host(`office.${serverCfg.hostDomain}`)"; "traefik.http.routers.collabora.tls" = "true"; }; }; cloud_etherpad.service = { image = "etherpad/etherpad:latest"; container_name = "etherpad"; restart = "unless-stopped"; networks = [ "external" ]; volumes = [ "${serverCfg.dataPath}/ether/etherpad/data:/opt/etherpad-lite/var" "/${serverCfg.dataPath}/ether/etherpad/APIKEY.txt:/opt/etherpad-lite/APIKEY.txt" ]; environment = { NODE_ENV = "production"; TITLE = "Helcel-Pad"; DB_TYPE = "mysql"; DB_HOST = serverCfg.dbHost; DB_PORT = serverCfg.dbPort; DB_NAME = "etherpad"; DB_USER = "ETHERPAD_DB_USER"; DB_PASS = "ETHERPAD_DB_PASSWORD"; DB_CHARSET = "utf8mb4"; DEFAULT_PAD_TEXT = "P A D"; PAD_OPTIONS_SHOW_LINE_NUMBERS = "true"; PAD_OPTIONS_USE_MONOSPACE_FONT = "true"; ADMIN_PASSWORD = "ETHERPAD_ADMIN_PASSWORD"; SKIN_VARIANTS = "super-dark-toolbar light-editor dark-background"; }; labels = { "traefik.enable" = "true"; "traefik.http.routers.etherpad.entrypoints" = "web-secure"; "traefik.http.routers.etherpad.rule" = "Host(`pad.${serverCfg.hostDomain}`)"; "traefik.http.routers.etherpad.tls" = "true"; }; }; cloud_ethercalc.service = { image = "audreyt/ethercalc:latest"; container_name = "ethercalc"; restart = "unless-stopped"; networks = [ "external" "internal" ]; volumes = [ "${serverCfg.dataPath}/ether/etherpad/data:/opt/etherpad-lite/var" "/${serverCfg.dataPath}/ether/etherpad/APIKEY.txt:/opt/etherpad-lite/APIKEY.txt" ]; environment = { NODE_ENV = "production"; TITLE = "Helcel-Calc"; REDIS_PORT_6379_TCP_ADDR = "redis"; REDIS_PORT_6379_TCP_PORT = "6379"; ADMIN_PASSWORD = "ETHERPAD_ADMIN_PASSWORD"; SKIN_VARIANTS = "super-dark-toolbar light-editor dark-background"; }; labels = { "traefik.enable" = "true"; "traefik.http.routers.ethercalc.entrypoints" = "web-secure"; "traefik.http.routers.ethercalc.rule" = "Host(`calc.${serverCfg.hostDomain}`)"; "traefik.http.routers.ethercalc.tls" = "true"; }; }; cloud_redis.service = { image = "redis:latest"; container_name = "ethercalc-redis"; restart = "unless-stopped"; networks = [ "internal" ]; volumes = [ "${serverCfg.dataPath}/ether/ethercalc/redis:/data" ]; environment = { }; labels = { "traefik.enable" = "false"; }; }; }; }