Add Whiteboard app to Nextcloud

2025-07-16 20:49:39 -07:00 · 2025-07-16 20:49:39 -07:00 · 82b67ed566
commit 82b67ed566
parent 53c2e2222c
3 changed files with 43 additions and 1 deletions
--- a/common/server/nextcloud.nix
+++ b/common/server/nextcloud.nix
@ -6,6 +6,8 @@ let

  nextcloudHostname = "runyan.org";
  collaboraOnlineHostname = "collabora.runyan.org";
+  whiteboardHostname = "whiteboard.runyan.org";
+  whiteboardPort = 3002; # Seems impossible to change

  # Hardcoded public ip of ponyo... I wish I didn't need this...
  public_ip_address = "147.135.114.130";
@ -28,7 +30,7 @@ in
        inherit end_to_end_encryption mail spreed;

        # For file and document editing (collabora online and excalidraw)
-        inherit richdocuments;
+        inherit richdocuments whiteboard;

        # Might use
        inherit calendar qownnotesapi;
@ -117,5 +119,37 @@ in
          Type = "oneshot";
        };
      };
+
+    # Whiteboard
+    services.nextcloud-whiteboard-server = {
+      enable = true;
+      settings.NEXTCLOUD_URL = "https://${nextcloudHostname}";
+      secrets = [ "/run/agenix/whiteboard-server-jwt-secret" ];
+    };
+    systemd.services.nextcloud-config-whiteboard = {
+      wantedBy = [ "multi-user.target" ];
+      after = [ "nextcloud-setup.service" ];
+      requires = [ "coolwsd.service" ];
+      path = [
+        config.services.nextcloud.occ
+      ];
+      script = ''
+        nextcloud-occ -- config:app:set whiteboard collabBackendUrl --value="https://${whiteboardHostname}"
+        nextcloud-occ -- config:app:set whiteboard jwt_secret_key --value="$JWT_SECRET_KEY"
+      '';
+      serviceConfig = {
+        Type = "oneshot";
+        EnvironmentFile = [ "/run/agenix/whiteboard-server-jwt-secret" ];
+      };
+    };
+    age.secrets.whiteboard-server-jwt-secret.file = ../../secrets/whiteboard-server-jwt-secret.age;
+    services.nginx.virtualHosts.${whiteboardHostname} = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://localhost:${toString whiteboardPort}";
+        proxyWebsockets = true;
+      };
+    };
  };
 }
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -31,6 +31,7 @@ with roles;

  # cloud
  "nextcloud-pw.age".publicKeys = nextcloud;
+  "whiteboard-server-jwt-secret.age".publicKeys = nextcloud;
  "smb-secrets.age".publicKeys = personal ++ media-center;
  "oauth2-proxy-env.age".publicKeys = server;

--- a/secrets/whiteboard-server-jwt-secret.age
+++ b/secrets/whiteboard-server-jwt-secret.age
@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 6AT2/g IKBONbSLcU2+HkuAsOv2Hehpx42Euw1arhM4BjNALUQ
+lGKw2+U27LHEDGBrQV9wvcF/uACjyYukFA0Mjbgvfrs
+-> ssh-ed25519 w3nu8g dYRX57rbE8OEZiK1cDJdBhUGyA/9OrhO8RMejU/nh3s
+F0Y+adJD+L+OCVCJ78o1XiS0HkVLceOadqWcKEYxOlk
+--- P3KkdM78M9DiqUOnkgnxd+JwOmFpMTYWDS3FuJZKG3M
+˜§«]Læ=r)†ä#ó™ýšEŽ~_*¥m*Ñò‡RöD`âÐ„VI/—³™¬ÎÝ‚Àâû.]3r<33>{^<5–YZÈX¸‘²¬å¢,,}Úñá|ªzé¸Á