infra/nixos
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
nixos/nextcloud.nix
mewp 9f27e056d5 Initial commit.
2025-01-20 12:26:16 +00:00

129 lines
3.2 KiB
Nix
Raw Blame History

{ config, pkgs, ... }:
{
services.nextcloud = {
enable = true;
hostName = "cloud.orga.cebula.camp";
package = pkgs.nextcloud30;
settings = {
overwriteprotocol = "https";
trusted_proxies = [ "127.0.0.1" ];
};
config = {
dbtype = "pgsql";
dbname = "nextcloud";
dbuser = "nextcloud";
dbhost = "/run/postgresql";
adminpassFile = "/opt/nextcloudpass";
};
};
services.nginx.virtualHosts."${config.services.nextcloud.hostName}" = {
forceSSL = true;
enableACME = true;
};
services.nginx.virtualHosts."office.orga.cebula.camp" = {
forceSSL = true;
enableACME = true;
locations = {
"^~ /browser" = {
proxyPass = "http://localhost:9980";
extraConfig = ''
proxy_set_header Host $host;
'';
};
"^~ /hosting/discovery" = {
proxyPass = "http://localhost:9980";
extraConfig = ''
proxy_set_header Host $host;
'';
};
"^~ /hosting/capabilities" = {
proxyPass = "http://localhost:9980";
extraConfig = ''
proxy_set_header Host $host;
'';
};
"~ ^/cool" = {
proxyPass = "http://localhost:9980";
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 36000s;
'';
};
"^~ ^/(c|l)ool" = {
proxyPass = "http://localhost:9980";
extraConfig = ''
proxy_set_header Host $host;
'';
};
"^~ /lool/adminws" = {
proxyPass = "http://localhost:9980";
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 36000s;
'';
};
};
};
services.postgresql = let
nc = config.services.nextcloud.config;
in {
enable = true;
package = pkgs.postgresql_16;
ensureDatabases = [ nc.dbname ];
ensureUsers = [
{
name = nc.dbuser;
ensureDBOwnership = true;
}
];
};
virtualisation.oci-containers.containers.collabora = {
image = "collabora/code:24.04.11.3.1";
ports = [ "127.0.0.1:9980:9980" ];
environment = {
extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
domain = "office.orga.cebula.camp";
username = "admin";
};
environmentFiles = [
"/var/secrets/collabora-admin-password"
];
};
#virtualisation.oci-containers.containers.office = {
# image = "onlyoffice/documentserver:6.4.1.45";
# ports = [ "127.0.0.1:8181:80" ];
# volumes = [
# "onlyoffice_logs:/var/log/onlyoffice"
# "onlyoffice_data:/var/www/onlyoffide/Data"
# "onlyoffice_cache:/var/lib/onlyoffice"
# "onlyoffice_db:/var/lib/postgresql"
# ];
# environment = let
# # Secret used to limit access to ONLYOFFICE from our nextcloud instance.
# # This doesn't give access to any documents, and is just a shared key to
# # ensure nothing but our nextcloud instance has access to the server.
# secretKey = "…";
# in {
# JWT_ENABLED = "true";
# JWT_SECRET = secretKey;
# };
#};
}
Reference in a new issue View git blame Copy permalink