Initial attempt at Collabora Online setup for Idacloud

This commit is contained in:
Vili Sinervä 2025-04-20 23:15:51 +03:00
parent 143b8ab3f3
commit 75af0e9b19
No known key found for this signature in database
GPG key ID: DF8FEAF54EFAC996
2 changed files with 102 additions and 41 deletions

View file

@ -2,6 +2,7 @@
{
custom.nextcloud_domain = "idacloud.sinerva.eu";
services.nextcloud.settings.trusted_domains = [ "idacloud.vsinerva.fi" ];
custom.collabora_domain = "idacollab.sinerva.eu";
imports = [
../base.nix

View file

@ -7,48 +7,108 @@
{
imports = [ ./cert-store-client.nix ];
options.custom.nextcloud_domain = lib.mkOption {
type = lib.types.str;
description = "Domain used by Nextcloud";
};
options.custom = {
nextcloud_domain = lib.mkOption {
type = lib.types.str;
description = "Domain used by Nextcloud";
};
config = {
networking.firewall.allowedTCPPorts = [ 443 ];
services = {
nextcloud = {
package = pkgs.nextcloud31;
enable = true;
hostName = config.custom.nextcloud_domain;
autoUpdateApps.enable = true;
https = true;
maxUploadSize = "512M"; # Default
config = {
adminpassFile = "/var/lib/nextcloud/adminpass";
};
settings = {
overwriteprotocol = "https";
default_phone_region = "FI";
maintenance_window_start = 1;
};
phpOptions = {
"opcache.interned_strings_buffer" = 32;
};
};
nginx = {
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
virtualHosts.${config.services.nextcloud.hostName} = {
forceSSL = true;
kTLS = true;
sslCertificate = "/mnt/acme/fullchain.pem";
sslCertificateKey = "/mnt/acme/key.pem";
};
};
collabora_domain = lib.mkOption {
type = with lib.types; nullOr str;
default = null;
description = "Domain used by Collabora Online";
};
};
config = lib.mkMerge [
{
networking.firewall.allowedTCPPorts = [ 443 ];
services = {
nextcloud = {
package = pkgs.nextcloud31;
enable = true;
hostName = config.custom.nextcloud_domain;
autoUpdateApps.enable = true;
https = true;
maxUploadSize = "512M"; # Default
config = {
adminpassFile = "/var/lib/nextcloud/adminpass";
};
settings = {
overwriteprotocol = "https";
default_phone_region = "FI";
maintenance_window_start = 1;
};
phpOptions = {
"opcache.interned_strings_buffer" = 32;
};
};
nginx = {
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
virtualHosts.${config.services.nextcloud.hostName} = {
forceSSL = true;
kTLS = true;
sslCertificate = "/mnt/acme/fullchain.pem";
sslCertificateKey = "/mnt/acme/key.pem";
};
};
};
}
(
# Optional Collabora Client
lib.mkIf (config.custom.collabora_domain != null) {
services = {
collabora-online = {
enable = true;
port = 9980; # default
settings = {
ssl = {
enable = false;
termination = true;
};
net = {
listen = "loopback";
post_allow.host = [ "::1" ];
};
storage.wopi = {
"@allow" = true;
host = [ config.services.nextcloud.hostName ] ++ config.services.nextcloud.settings.trusted_domains;
};
server_name = config.custom.collabora_domain;
};
};
nginx.virtualHosts.${config.services.collabora-online.settings.server_name} = {
forceSSL = true;
kTLS = true;
sslCertificate = "/mnt/acme/fullchain.pem";
sslCertificateKey = "/mnt/acme/key.pem";
locations."/" = {
proxyPass = "http://[::1]:${toString config.services.collabora-online.port}";
proxyWebsockets = true; # collabora uses websockets
};
};
nextcloud = {
appstoreEnable = true;
extraAppsEnable = true;
extraApps = with config.services.nextcloud.package.packages.apps; {
inherit
richdocuments
;
};
};
};
}
)
];
}