nixos-conf/nextcloud.nix

# Nextcloud instance
{ config, pkgs, ... }:
{
	networking.firewall.allowedTCPPorts = [ 80 443 ];
	networking.firewall.allowedUDPPorts = [ 443 ];

	services.nextcloud = {
		package = pkgs.nextcloud28;
		enable = true;
		hostName = "nextcloud.vsinerva.fi";
		autoUpdateApps.enable = true;
		https = true;
		maxUploadSize = "10G";
		config = {
			overwriteProtocol = "https";
			adminpassFile = "/var/lib/nextcloud/adminpass";
		};
	};

	services.nginx.virtualHosts =
	{
		${config.services.nextcloud.hostName} = {
			forceSSL = true;
			kTLS = true;
			sslCertificate = "/var/lib/nextcloud/nextcloud_fullchain.pem";
			sslCertificateKey = "/var/lib/nextcloud/nextcloud_privkey.pem";
			locations = { 
				"/".proxyWebsockets = true;
				"~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/)" = {};
			};
		};
	};

  services.nginx.virtualHosts."collabora.vsinerva.fi" =
  {
	forceSSL = true;
	sslCertificate = "/var/lib/nextcloud/collabora_fullchain.pem";
	sslCertificateKey = "/var/lib/nextcloud/collabora_privkey.pem";
    locations = {
      # static files
      "^~ /loleaflet" = {
        proxyPass = "https://localhost:9980";
        extraConfig = ''
          proxy_set_header Host $host;
        '';
      };
      # WOPI discovery URL
      "^~ /hosting/discovery" = {
        proxyPass = "https://localhost:9980";
        extraConfig = ''
          proxy_set_header Host $host;
        '';
      };

      # Capabilities
      "^~ /hosting/capabilities" = {
        proxyPass = "https://localhost:9980";
        extraConfig = ''
          proxy_set_header Host $host;
        '';
      };

      # download, presentation, image upload and websocket
      "~ ^/lool" = {
        proxyPass = "https://localhost:9980";
        extraConfig = ''
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "Upgrade";
          proxy_set_header Host $host;
          proxy_read_timeout 36000s;
        '';
      };

      # Admin Console websocket
      "^~ /lool/adminws" = {
        proxyPass = "https://localhost:9980";
        extraConfig = ''
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "Upgrade";
          proxy_set_header Host $host;
          proxy_read_timeout 36000s;
        '';
      };
    };
  };

  virtualisation.oci-containers = {
    backend = "docker";
    containers.collabora = {
      image = "collabora/code";
      ports = ["9980:9980"];
      environment = {
        domain = "collabora.vsinerva.fi";
        extra_params = "--o:ssl.enable=true --o:ssl.termination=true";
      };
      extraOptions = ["--cap-add" "MKNOD"];
    };
  };
}
Init 2024-05-23 13:39:48 +03:00			`# Nextcloud instance`
			`{ config, pkgs, ... }:`
			`{`
			`networking.firewall.allowedTCPPorts = [ 80 443 ];`
			`networking.firewall.allowedUDPPorts = [ 443 ];`

			`services.nextcloud = {`
			`package = pkgs.nextcloud28;`
			`enable = true;`
			`hostName = "nextcloud.vsinerva.fi";`
			`autoUpdateApps.enable = true;`
			`https = true;`
			`maxUploadSize = "10G";`
			`config = {`
			`overwriteProtocol = "https";`
			`adminpassFile = "/var/lib/nextcloud/adminpass";`
			`};`
			`};`

			`services.nginx.virtualHosts =`
			`{`
			`${config.services.nextcloud.hostName} = {`
			`forceSSL = true;`
			`kTLS = true;`
			`sslCertificate = "/var/lib/nextcloud/nextcloud_fullchain.pem";`
			`sslCertificateKey = "/var/lib/nextcloud/nextcloud_privkey.pem";`
			`locations = {`
			`"/".proxyWebsockets = true;`
			`"~ ^\/nextcloud\/(?:index\|remote\|public\|cron\|core\/ajax\/update\|status\|ocs\/v[12]\|updater\/.+\|oc[ms]-provider\/.+\|.+\/richdocumentscode\/proxy)\.php(?:$\|\/)" = {};`
			`};`
			`};`
			`};`

			`services.nginx.virtualHosts."collabora.vsinerva.fi" =`
			`{`
			`forceSSL = true;`
			`sslCertificate = "/var/lib/nextcloud/collabora_fullchain.pem";`
			`sslCertificateKey = "/var/lib/nextcloud/collabora_privkey.pem";`
			`locations = {`
			`# static files`
			`"^~ /loleaflet" = {`
			`proxyPass = "https://localhost:9980";`
			`extraConfig = ''`
			`proxy_set_header Host $host;`
			`'';`
			`};`
			`# WOPI discovery URL`
			`"^~ /hosting/discovery" = {`
			`proxyPass = "https://localhost:9980";`
			`extraConfig = ''`
			`proxy_set_header Host $host;`
			`'';`
			`};`

			`# Capabilities`
			`"^~ /hosting/capabilities" = {`
			`proxyPass = "https://localhost:9980";`
			`extraConfig = ''`
			`proxy_set_header Host $host;`
			`'';`
			`};`

			`# download, presentation, image upload and websocket`
			`"~ ^/lool" = {`
			`proxyPass = "https://localhost:9980";`
			`extraConfig = ''`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection "Upgrade";`
			`proxy_set_header Host $host;`
			`proxy_read_timeout 36000s;`
			`'';`
			`};`

			`# Admin Console websocket`
			`"^~ /lool/adminws" = {`
			`proxyPass = "https://localhost:9980";`
			`extraConfig = ''`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection "Upgrade";`
			`proxy_set_header Host $host;`
			`proxy_read_timeout 36000s;`
			`'';`
			`};`
			`};`
			`};`

			`virtualisation.oci-containers = {`
			`backend = "docker";`
			`containers.collabora = {`
			`image = "collabora/code";`
			`ports = ["9980:9980"];`
			`environment = {`
			`domain = "collabora.vsinerva.fi";`
			`extra_params = "--o:ssl.enable=true --o:ssl.termination=true";`
			`};`
			`extraOptions = ["--cap-add" "MKNOD"];`
			`};`
			`};`
			`}`