From 9f0d50d0e8b31208d8df66910157d256292db3b7 Mon Sep 17 00:00:00 2001 From: Gene Liverman Date: Wed, 21 May 2025 14:47:38 -0400 Subject: [PATCH] Setup Collabora / Nextcloud Office --- .../nixos/hetznix01/post-install/default.nix | 70 +++++++++++++++++-- .../nixos/hetznix01/post-install/nginx.nix | 9 +++ 2 files changed, 72 insertions(+), 7 deletions(-) diff --git a/modules/hosts/nixos/hetznix01/post-install/default.nix b/modules/hosts/nixos/hetznix01/post-install/default.nix index 74cf303..38856fe 100644 --- a/modules/hosts/nixos/hetznix01/post-install/default.nix +++ b/modules/hosts/nixos/hetznix01/post-install/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, username, ... }: let +{ config, lib, pkgs, username, ... }: let domain = "technicalissues.us"; in { imports = [ @@ -31,6 +31,32 @@ in { }; services = { + collabora-online = { + enable = true; + port = 9980; # default + settings = { + # Rely on reverse proxy for SSL + ssl = { + enable = false; + termination = true; + }; + + # Listen on loopback interface only, and accept requests from ::1 + net = { + listen = "loopback"; + post_allow.host = ["::1"]; + }; + + # Restrict loading documents from WOPI Host nextcloud.example.com + storage.wopi = { + "@allow" = true; + host = [ "https://cloud.pack1828.org" ]; + }; + + # Set FQDN of server + server_name = "collabora.pack1828.org"; + }; + }; nextcloud = { enable = true; hostName = "cloud.pack1828.org"; @@ -44,12 +70,14 @@ in { }; configureRedis = true; database.createLocally = true; - #extraApps = with config.services.nextcloud.package.packages.apps; { - # # List of apps we want to install and are already packaged in - # # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json - # inherit calendar contacts cookbook maps notes tasks; - #}; - #extraAppsEnable = true; + extraApps = with config.services.nextcloud.package.packages.apps; { + # List of apps we want to install and are already packaged in + # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json + inherit + richdocuments # Collabora Online for Nextcloud - https://apps.nextcloud.com/apps/richdocuments + ; + }; + extraAppsEnable = true; home = "/pack1828/nextcloud"; https = true; maxUploadSize = "3G"; # Increase the PHP maximum file upload size @@ -153,6 +181,34 @@ in { }; }; + systemd.services = { + nextcloud-config-collabora = let + inherit (config.services.nextcloud) occ; + + wopi_url = "http://[::1]:${toString config.services.collabora-online.port}"; + public_wopi_url = "https://collabora.pack1828.org"; + wopi_allowlist = lib.concatStringsSep "," [ + "127.0.0.1" + "::1" + "5.161.244.95" + "2a01:4ff:f0:977c::1" + ]; + in { + wantedBy = ["multi-user.target"]; + after = ["nextcloud-setup.service" "coolwsd.service"]; + requires = ["coolwsd.service"]; + script = '' + ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url} + ${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url} + ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist} + ${occ}/bin/nextcloud-occ richdocuments:setup + ''; + serviceConfig = { + Type = "oneshot"; + }; + }; + }; + # Enable common container config files in /etc/containers virtualisation.containers.enable = true; virtualisation = { diff --git a/modules/hosts/nixos/hetznix01/post-install/nginx.nix b/modules/hosts/nixos/hetznix01/post-install/nginx.nix index b52d6d7..e71953f 100644 --- a/modules/hosts/nixos/hetznix01/post-install/nginx.nix +++ b/modules/hosts/nixos/hetznix01/post-install/nginx.nix @@ -104,6 +104,15 @@ in { acmeRoot = null; forceSSL = true; }; + "collabora.pack1828.org" = { + enableACME = true; + acmeRoot = null; + forceSSL = true; + locations."/" = { + proxyPass = "http://[::1]:${toString config.services.collabora-online.port}"; + proxyWebsockets = true; # collabora uses websockets + }; + }; "location.${domain}" = { enableACME = true; acmeRoot = null;