Tristan Daniël Maat
05b6738c85
This will reject connections from anywhere except 127.0.0.1, i.e., the pod's network namespace. This makes password authentication properly obsolete, instead of just hiding the password (but still never authenticating with it), but required a change upstream: https://github.com/docker-library/postgres/pull/859
53 lines
1.4 KiB
Nix
53 lines
1.4 KiB
Nix
{ config, ... }:
|
|
|
|
{
|
|
virtualisation.pods.nextcloud = {
|
|
hostname = "nextcloud.tlater.net";
|
|
publish = [ "3001:80" ];
|
|
network = "slirp4netns";
|
|
|
|
containers = {
|
|
nextcloud = {
|
|
image = "nextcloud:fpm-alpine";
|
|
dependsOn = [ "postgres" ];
|
|
volumes = [
|
|
"nextcloud-apps:/var/www/html/custom_apps"
|
|
"nextcloud-config:/var/www/html/config"
|
|
"nextcloud-data:/var/www/html/data"
|
|
];
|
|
environment = {
|
|
POSTGRES_DB = "nextcloud";
|
|
POSTGRES_USER = "nextcloud";
|
|
POSTGRES_HOST = "nextcloud-postgres";
|
|
OVERWRITEPROTOCOL = "https";
|
|
};
|
|
};
|
|
|
|
cron = {
|
|
image = "nextcloud:fpm-alpine";
|
|
entrypoint = "/cron.sh";
|
|
dependsOn = [ "postgres" "nextcloud" ];
|
|
extraOptions = [ "--volumes-from=nextcloud-nextcloud" ];
|
|
};
|
|
|
|
nginx = {
|
|
image = "nginx:alpine";
|
|
dependsOn = [ "nextcloud" ];
|
|
volumes =
|
|
[ "${./configs/nginx-nextcloud.conf}:/etc/nginx/nginx.conf:ro" ];
|
|
extraOptions = [ "--volumes-from=nextcloud-nextcloud" ];
|
|
};
|
|
|
|
postgres = {
|
|
image = "postgres:alpine";
|
|
environment = {
|
|
POSTGRES_DB = "nextcloud";
|
|
POSTGRES_USER = "nextcloud";
|
|
POSTGRES_HOST_AUTH_METHOD = "reject";
|
|
};
|
|
volumes = [ "nextcloud-db-data:/var/lib/postgresql/data" ];
|
|
};
|
|
};
|
|
};
|
|
}
|