zuckerberg/nix-config
zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

Compare commits

base: zuckerberg:f4e40955c80d059a0f479247fd1ac5edefa0ed57
Branches Tags
zuckerberg:master
zuckerberg:stage
zuckerberg:rpi-hotspot
zuckerberg:attic
zuckerberg:kexec_luks2
zuckerberg:pia-client
...
compare: zuckerberg:ba4184713921633f5105bbfb96354f3b7794b9cd
Branches Tags
zuckerberg:master
zuckerberg:stage
zuckerberg:rpi-hotspot
zuckerberg:attic
zuckerberg:kexec_luks2
zuckerberg:pia-client

2 Commits
f4e40955c8 ... ba41847139

Author SHA1 Message Date
Zuckerberg
ba41847139 Add collabora online and move nextcloud domain
Some checks failed
Check Flake / check-flake (push) Failing after 20s
Details
2025-07-13 18:37:21 -07:00
Zuckerberg
09fb3803bb Turn on jitsi meet again 2025-07-13 18:36:41 -07:00
2 changed files with 77 additions and 7 deletions
Show Stats Expand all files Collapse all files

76
common/server/nextcloud.nix
View File

@ -3,28 +3,39 @@
let let
cfg = config.services.nextcloud; cfg = config.services.nextcloud;
nextcloudHostname = "runyan.org";
collaboraOnlineHostname = "docs.runyan.org";
in in
{ {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.nextcloud = { services.nextcloud = {
https = true; https = true;
package = pkgs.nextcloud31; package = pkgs.nextcloud31;
hostName = "neet.cloud"; hostName = nextcloudHostname;
config.dbtype = "sqlite"; config.dbtype = "sqlite";
config.adminuser = "jeremy"; config.adminuser = "jeremy";
config.adminpassFile = "/run/agenix/nextcloud-pw"; config.adminpassFile = "/run/agenix/nextcloud-pw";
# Apps
autoUpdateApps.enable = true; autoUpdateApps.enable = true;
extraAppsEnable = true;
extraApps = with config.services.nextcloud.package.packages.apps; { extraApps = with config.services.nextcloud.package.packages.apps; {
# Want # Want
inherit end_to_end_encryption mail spreed; inherit end_to_end_encryption mail spreed;
# For collabora-online
inherit richdocuments;
# Might use # Might use
inherit bookmarks calendar cookbook deck memories onlyoffice qownnotesapi; inherit bookmarks calendar cookbook deck memories qownnotesapi;
# Try out # Try out
# inherit maps music news notes phonetrack polls forms; # inherit maps music news notes phonetrack polls forms;
}; };
extraAppsEnable = true;
# Allows installing Apps from the UI (might remove later)
appstoreEnable = true;
}; };
age.secrets.nextcloud-pw = { age.secrets.nextcloud-pw = {
file = ../../secrets/nextcloud-pw.age; file = ../../secrets/nextcloud-pw.age;
@ -40,5 +51,64 @@ in
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
}; };
# https://diogotc.com/blog/collabora-nextcloud-nixos/
services.collabora-online = {
enable = true;
port = 15972;
settings = {
# Rely on reverse proxy for SSL
ssl = {
enable = false;
termination = true;
};
# Listen on loopback interface only
net = {
listen = "loopback";
post_allow.host = [ "localhost" ];
};
# Restrict loading documents from WOPI Host
storage.wopi = {
"@allow" = true;
host = [ config.services.nextcloud.hostName ];
};
server_name = collaboraOnlineHostname;
};
};
services.nginx.virtualHosts.${config.services.collabora-online.settings.server_name} = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.collabora-online.port}";
proxyWebsockets = true;
};
};
systemd.services.nextcloud-config-collabora =
let
inherit (config.services.nextcloud) occ;
wopi_url = "http://localhost:${toString config.services.collabora-online.port}";
public_wopi_url = "https://${collaboraOnlineHostname}";
wopi_allowlist = lib.concatStringsSep "," [
"127.0.0.1"
"::1"
];
in
{
wantedBy = [ "multi-user.target" ];
after = [ "nextcloud-setup.service" ];
script = ''
${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
${occ}/bin/nextcloud-occ richdocuments:setup
'';
serviceConfig = {
Type = "oneshot";
};
};
}; };
} }

8
machines/ponyo/default.nix
View File

@ -66,7 +66,7 @@
host = "chat.neet.space"; host = "chat.neet.space";
}; };
jitsi-meet = { jitsi-meet = {
enable = false; # disabled until vulnerable libolm dependency is removed/fixed enable = true;
host = "meet.neet.space"; host = "meet.neet.space";
}; };
turn = { turn = {
@ -95,12 +95,12 @@
root = "/var/www/tmp"; root = "/var/www/tmp";
}; };
# redirect runyan.org to github # redirect neet.cloud to nextcloud instance on runyan.org
services.nginx.virtualHosts."runyan.org" = { services.nginx.virtualHosts."neet.cloud" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
extraConfig = '' extraConfig = ''
rewrite ^/(.*)$ https://github.com/GoogleBot42 redirect; return 302 https://runyan.org$request_uri;
''; '';
}; };