Compare commits
No commits in common. "ba4184713921633f5105bbfb96354f3b7794b9cd" and "f4e40955c80d059a0f479247fd1ac5edefa0ed57" have entirely different histories.
ba41847139
...
f4e40955c8
@ -3,39 +3,28 @@
|
|||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.services.nextcloud;
|
cfg = config.services.nextcloud;
|
||||||
|
|
||||||
nextcloudHostname = "runyan.org";
|
|
||||||
collaboraOnlineHostname = "docs.runyan.org";
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
services.nextcloud = {
|
services.nextcloud = {
|
||||||
https = true;
|
https = true;
|
||||||
package = pkgs.nextcloud31;
|
package = pkgs.nextcloud31;
|
||||||
hostName = nextcloudHostname;
|
hostName = "neet.cloud";
|
||||||
config.dbtype = "sqlite";
|
config.dbtype = "sqlite";
|
||||||
config.adminuser = "jeremy";
|
config.adminuser = "jeremy";
|
||||||
config.adminpassFile = "/run/agenix/nextcloud-pw";
|
config.adminpassFile = "/run/agenix/nextcloud-pw";
|
||||||
|
|
||||||
# Apps
|
|
||||||
autoUpdateApps.enable = true;
|
autoUpdateApps.enable = true;
|
||||||
extraAppsEnable = true;
|
|
||||||
extraApps = with config.services.nextcloud.package.packages.apps; {
|
extraApps = with config.services.nextcloud.package.packages.apps; {
|
||||||
# Want
|
# Want
|
||||||
inherit end_to_end_encryption mail spreed;
|
inherit end_to_end_encryption mail spreed;
|
||||||
|
|
||||||
# For collabora-online
|
|
||||||
inherit richdocuments;
|
|
||||||
|
|
||||||
# Might use
|
# Might use
|
||||||
inherit bookmarks calendar cookbook deck memories qownnotesapi;
|
inherit bookmarks calendar cookbook deck memories onlyoffice qownnotesapi;
|
||||||
|
|
||||||
# Try out
|
# Try out
|
||||||
# inherit maps music news notes phonetrack polls forms;
|
# inherit maps music news notes phonetrack polls forms;
|
||||||
};
|
};
|
||||||
|
extraAppsEnable = true;
|
||||||
# Allows installing Apps from the UI (might remove later)
|
|
||||||
appstoreEnable = true;
|
|
||||||
};
|
};
|
||||||
age.secrets.nextcloud-pw = {
|
age.secrets.nextcloud-pw = {
|
||||||
file = ../../secrets/nextcloud-pw.age;
|
file = ../../secrets/nextcloud-pw.age;
|
||||||
@ -51,64 +40,5 @@ in
|
|||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
# https://diogotc.com/blog/collabora-nextcloud-nixos/
|
|
||||||
services.collabora-online = {
|
|
||||||
enable = true;
|
|
||||||
port = 15972;
|
|
||||||
settings = {
|
|
||||||
# Rely on reverse proxy for SSL
|
|
||||||
ssl = {
|
|
||||||
enable = false;
|
|
||||||
termination = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# Listen on loopback interface only
|
|
||||||
net = {
|
|
||||||
listen = "loopback";
|
|
||||||
post_allow.host = [ "localhost" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
# Restrict loading documents from WOPI Host
|
|
||||||
storage.wopi = {
|
|
||||||
"@allow" = true;
|
|
||||||
host = [ config.services.nextcloud.hostName ];
|
|
||||||
};
|
|
||||||
|
|
||||||
server_name = collaboraOnlineHostname;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
services.nginx.virtualHosts.${config.services.collabora-online.settings.server_name} = {
|
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
locations."/" = {
|
|
||||||
proxyPass = "http://localhost:${toString config.services.collabora-online.port}";
|
|
||||||
proxyWebsockets = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
systemd.services.nextcloud-config-collabora =
|
|
||||||
let
|
|
||||||
inherit (config.services.nextcloud) occ;
|
|
||||||
|
|
||||||
wopi_url = "http://localhost:${toString config.services.collabora-online.port}";
|
|
||||||
public_wopi_url = "https://${collaboraOnlineHostname}";
|
|
||||||
wopi_allowlist = lib.concatStringsSep "," [
|
|
||||||
"127.0.0.1"
|
|
||||||
"::1"
|
|
||||||
];
|
|
||||||
in
|
|
||||||
{
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
after = [ "nextcloud-setup.service" ];
|
|
||||||
script = ''
|
|
||||||
${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
|
|
||||||
${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
|
|
||||||
${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
|
|
||||||
${occ}/bin/nextcloud-occ richdocuments:setup
|
|
||||||
'';
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "oneshot";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@ -66,7 +66,7 @@
|
|||||||
host = "chat.neet.space";
|
host = "chat.neet.space";
|
||||||
};
|
};
|
||||||
jitsi-meet = {
|
jitsi-meet = {
|
||||||
enable = true;
|
enable = false; # disabled until vulnerable libolm dependency is removed/fixed
|
||||||
host = "meet.neet.space";
|
host = "meet.neet.space";
|
||||||
};
|
};
|
||||||
turn = {
|
turn = {
|
||||||
@ -95,12 +95,12 @@
|
|||||||
root = "/var/www/tmp";
|
root = "/var/www/tmp";
|
||||||
};
|
};
|
||||||
|
|
||||||
# redirect neet.cloud to nextcloud instance on runyan.org
|
# redirect runyan.org to github
|
||||||
services.nginx.virtualHosts."neet.cloud" = {
|
services.nginx.virtualHosts."runyan.org" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
return 302 https://runyan.org$request_uri;
|
rewrite ^/(.*)$ https://github.com/GoogleBot42 redirect;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user