Initial attempt at Collabora Online setup for Idacloud

2025-04-20 23:15:51 +03:00 · 2025-04-20 23:15:51 +03:00 · 75af0e9b19
commit 75af0e9b19
parent 143b8ab3f3
2 changed files with 102 additions and 41 deletions
--- a/machine-confs/idacloud.nix
+++ b/machine-confs/idacloud.nix
@ -2,6 +2,7 @@
 {
  custom.nextcloud_domain = "idacloud.sinerva.eu";
  services.nextcloud.settings.trusted_domains = [ "idacloud.vsinerva.fi" ];
+  custom.collabora_domain = "idacollab.sinerva.eu";

  imports = [
    ../base.nix
--- a/services/nextcloud.nix
+++ b/services/nextcloud.nix
@ -7,12 +7,21 @@
 {
  imports = [ ./cert-store-client.nix ];

-  options.custom.nextcloud_domain = lib.mkOption {
+  options.custom = {
+    nextcloud_domain = lib.mkOption {
      type = lib.types.str;
      description = "Domain used by Nextcloud";
    };

-  config = {
+    collabora_domain = lib.mkOption {
+      type = with lib.types; nullOr str;
+      default = null;
+      description = "Domain used by Collabora Online";
+    };
+  };
+
+  config = lib.mkMerge [
+    {
      networking.firewall.allowedTCPPorts = [ 443 ];

      services = {
@ -50,5 +59,56 @@
          };
        };
      };
+    }
+    (
+      # Optional Collabora Client
+      lib.mkIf (config.custom.collabora_domain != null) {
+        services = {
+          collabora-online = {
+            enable = true;
+            port = 9980; # default
+            settings = {
+              ssl = {
+                enable = false;
+                termination = true;
              };
+
+              net = {
+                listen = "loopback";
+                post_allow.host = [ "::1" ];
+              };
+
+              storage.wopi = {
+                "@allow" = true;
+                host = [ config.services.nextcloud.hostName ] ++ config.services.nextcloud.settings.trusted_domains;
+              };
+
+              server_name = config.custom.collabora_domain;
+            };
+          };
+
+          nginx.virtualHosts.${config.services.collabora-online.settings.server_name} = {
+            forceSSL = true;
+            kTLS = true;
+            sslCertificate = "/mnt/acme/fullchain.pem";
+            sslCertificateKey = "/mnt/acme/key.pem";
+            locations."/" = {
+              proxyPass = "http://[::1]:${toString config.services.collabora-online.port}";
+              proxyWebsockets = true; # collabora uses websockets
+            };
+          };
+
+          nextcloud = {
+            appstoreEnable = true;
+            extraAppsEnable = true;
+            extraApps = with config.services.nextcloud.package.packages.apps; {
+              inherit
+                richdocuments
+                ;
+            };
+          };
+        };
+      }
+    )
+  ];
 }