phpMyAdmin - NixOS Container Setup

phpMyAdmin is a free webbased software tool intended to handle the administration of MySQL or MariaDB.

Configuration

This container is configured for use with NixOS and Podman. My configuration is probably easy to translate to Podman or Docker running on another OS.

NixOS specific

If you are not using NixOS, skip the steps below and go to Container.

For each container I put the Podman container configuration in a separate nix file. Then I refer to this file in the NixOS configuration.nix like this:

containers = {
	phpmyadmin = import ./containers/phpmyadmin.nix;
};

I also make sure that a macvlan network (net_macvlan) has been created via the NixOS configuration.nix so that the containers have their own network and their own IP address:

systemd.services.create-podman-network = with config.virtualisation.oci-containers; {
	serviceConfig.Type = "oneshot";
	wantedBy = [ "${backend}-phpmyadmin.service" ];
	script = ''${pkgs.podman}/bin/podman network exists net_macvlan || \ ${pkgs.podman}/bin/podman network create --driver=macvlan --gateway=192.168.xx.1 --subnet=192.168.xx.0/24 -o parent=ens18 net_macvlan'';
};

Adjust the following:

192.168.xx.1 and 192.168.xx.0/24
Replace xx with your own range / VLAN tag

parent=ens18
Replace ens18 with the name of your network interface

Also add the following to the NixOS configuration.nix to make sure the folders are created that are used by containers and to create the config.user.inc.php when the file does not exist.

# Create folders for the containers
  system.activationScripts = {
    script.text = ''
      # phpMyAdmin
      install -d -m 755 /home/USER/phpmyadmin -o root -g root
      test -f /home/USER/phpmyadmin/config.user.inc.php || echo -e "<?php\n\n\$cfg['ShowPhpInfo'] = true; // Adds a link to phpinfo() on the home page\n\$cfg['SendErrorReports'] = 'never';" > /home/USER/phpmyadmin/config.user.inc.php
    '';
  };

IMPORTANT: make sure the folders are created with the root user and group else the container will not work properly

Adjust the following:

USER
Replace USER with your NixOS user

$cfg[‘ShowPhpInfo’] = true
This is used as example entry in the config.user.inc.php. You can remove this entry or adjust it to false

$cfg[‘SendErrorReports’] = ‘never’
Personally I do not want phpMyAdmin to send error reports. You can remove this entry or adjust it to ask or always

Here you can view the full NixOS configuration.nix.
Then I created phpmyadmin.nix:

mkdir -p /etc/nixos/containers # make sure the directory exists
sudo nano /etc/nixos/containers/phpmyadmin.nix

Container

The configuration below might also help you if you don’t use NixOS and use the podman/docker run command, for example.

Copy the below to phpmyadmin.nix:

{
  image = "phpmyadmin:latest";

  environment = {
    "TZ" = "Europe/Amsterdam";
    "MYSQL_ROOT_PASSWORD" = "PWD";
    "PMA_HOST" = "HOST_IP";
    "PMA_ABSOLUTE_URI" = "https://phpmyadmin.home.arpa";
    "UPLOAD_LIMIT" = "10M";
  };

  volumes = [
    "/home/USER/phpmyadmin/config.user.inc.php:/etc/phpmyadmin/config.user.inc.php"
  ];

  extraOptions = [
    "--pull=newer" # Pull if the image on the registry is newer than the one in the local containers storage
    "--name=phpmyadmin"
    "--hostname=phpmyadmin"
    "--network=net_macvlan"
    "--ip=IP"
    "--mac-address=MAC"
  ];

  dependsOn = [ "mariadb" ];
}

Adjust the following if needed:

“TZ” = “Europe/Amsterdam”
Pick the right timezone

“MYSQL_ROOT_PASSWORD” = “PWD”
Replace PWD with your password

“PMA_HOST” = “HOST_IP”
Replace HOST_IP with the IP address of your database instance, for example MariaDB

“PMA_ABSOLUTE_URI” = “https://phpmyadmin.home.arpa”
Only needed when running a reverse proxy. Replace https://phpmyadmin.home.arpa with your
domain name

“UPLOAD_LIMIT” = “10M”
The default value is 2048K. I always set it a little higher so that I can read SQL files without problems

volumes
Replace USER with your username

”–pull=newer”
Disable this option if you do not want the image to be automatically replaced by new versions

”–network=net_macvlan”
Make sure you have created a macvlan network. Replace net_macvlan with the name of your network

”–ip=IP”
Choose an IP address for this container. Make sure it is within the range of the macvlan network

”–mac-address=MAC”
Enter a (randomly generated) MAC address. Otherwise, every time the container is started, a new mac address will be used, which for example will be created as a new device within the Unifi Network Application. Or temporarily disable this option and use the mac address that is then generated (instead of random generation): sudo podman inspect homer |grep MacAddress|tr -d ' ,"'|sort -u

dependsOn = [ “mariadb” ]
In my case this container depends on the MariaDB container

Exit Nano (CTRL-X) and save the changes.

Switch NixOS configuration

Now you can switch to the new configuration within NixOS, the image will be downloaded and the container will be created:

sudo nix-collect-garbage # optional: clean up
sudo nixos-rebuild switch

Check that the container is working properly:

journalctl -u podman-phpmyadmin.service

Using phpMyAdmin

phpMyAdmin can be reached via the URL:

http://CONTAINER_IP

Adjust the following:

CONTAINER_IP
Replace with the IP address of the container

For an explanation of how to access phpMyAdmin with a local domain name (local reverse proxy), for example phpmyadmin.home.arpa served over HTTPS, please see this note.

Read other notes