zuckerberg/nix-config
zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

Add collabora online and move nextcloud domain

Browse Source
This commit is contained in:
Zuckerberg 2025-07-13 18:45:47 -07:00
parent f4e40955c8
commit a45125421e
2 changed files with 84 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
common/server/nextcloud.nix
View File

@ -3,28 +3,42 @@
let
cfg = config.services.nextcloud;
nextcloudHostname = "runyan.org";
collaboraOnlineHostname = "collabora.runyan.org";
# Hardcoded public ip of ponyo... I wish I didn't need this...
public_ip_address = "147.135.114.130";
in
{
config = lib.mkIf cfg.enable {
services.nextcloud = {
https = true;
package = pkgs.nextcloud31;
hostName = "neet.cloud";
hostName = nextcloudHostname;
config.dbtype = "sqlite";
config.adminuser = "jeremy";
config.adminpassFile = "/run/agenix/nextcloud-pw";
# Apps
autoUpdateApps.enable = true;
extraAppsEnable = true;
extraApps = with config.services.nextcloud.package.packages.apps; {
# Want
inherit end_to_end_encryption mail spreed;
# For file and document editing (collabora online and excalidraw)
inherit richdocuments;
# Might use
inherit bookmarks calendar cookbook deck memories onlyoffice qownnotesapi;
inherit calendar qownnotesapi;
# Try out
# inherit maps music news notes phonetrack polls forms;
# inherit bookmarks cookbook deck memories maps music news notes phonetrack polls forms;
};
extraAppsEnable = true;
# Allows installing Apps from the UI (might remove later)
appstoreEnable = true;
};
age.secrets.nextcloud-pw = {
file = ../../secrets/nextcloud-pw.age;
@ -40,5 +54,68 @@ in
enableACME = true;
forceSSL = true;
};
# collabora-online
# https://diogotc.com/blog/collabora-nextcloud-nixos/
services.collabora-online = {
enable = true;
port = 15972;
settings = {
# Rely on reverse proxy for SSL
ssl = {
enable = false;
termination = true;
};
# Listen on loopback interface only
net = {
listen = "loopback";
post_allow.host = [ "localhost" ];
};
# Restrict loading documents from WOPI Host
storage.wopi = {
"@allow" = true;
host = [ config.services.nextcloud.hostName ];
};
server_name = collaboraOnlineHostname;
};
};
services.nginx.virtualHosts.${config.services.collabora-online.settings.server_name} = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.collabora-online.port}";
proxyWebsockets = true;
};
};
systemd.services.nextcloud-config-collabora =
let
wopi_url = "http://localhost:${toString config.services.collabora-online.port}";
public_wopi_url = "https://${collaboraOnlineHostname}";
wopi_allowlist = lib.concatStringsSep "," [
"127.0.0.1"
"::1"
public_ip_address
];
in
{
wantedBy = [ "multi-user.target" ];
after = [ "nextcloud-setup.service" "coolwsd.service" ];
requires = [ "coolwsd.service" ];
path = [
config.services.nextcloud.occ
];
script = ''
nextcloud-occ -- config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
nextcloud-occ -- config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
nextcloud-occ -- config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
nextcloud-occ -- richdocuments:setup
'';
serviceConfig = {
Type = "oneshot";
};
};
};
}

6
machines/ponyo/default.nix
View File

@ -95,12 +95,12 @@
root = "/var/www/tmp";
};
# redirect runyan.org to github
services.nginx.virtualHosts."runyan.org" = {
# redirect neet.cloud to nextcloud instance on runyan.org
services.nginx.virtualHosts."neet.cloud" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
rewrite ^/(.*)$ https://github.com/GoogleBot42 redirect;
return 302 https://runyan.org$request_uri;
'';
};