From 764ce12aea129538ecddfa5caa4c9a8990ab9516 Mon Sep 17 00:00:00 2001
From: mjallen18 <matt.l.jallen@gmail.com>
Date: Tue, 9 Dec 2025 20:26:18 -0600
Subject: [PATCH] clouds

---
 modules/nixos/services/onlyoffice/default.nix | 65 +++++++++++++----
 modules/nixos/services/opencloud/default.nix  | 70 ++++++++++++++-----
 modules/nixos/services/traefik/default.nix    |  3 +-
 systems/x86_64-linux/jallen-nas/apps.nix      |  3 +-
 systems/x86_64-linux/jallen-nas/services.nix  | 14 +++-
 5 files changed, 121 insertions(+), 34 deletions(-)

diff --git a/modules/nixos/services/onlyoffice/default.nix b/modules/nixos/services/onlyoffice/default.nix
index e83626e..29d2284 100644
--- a/modules/nixos/services/onlyoffice/default.nix
+++ b/modules/nixos/services/onlyoffice/default.nix
@@ -5,29 +5,66 @@
   ...
 }:
 let
-
+  inherit (lib.${namespace}) mkOpt mkReverseProxyOpt;
   cfg = config.${namespace}.services.onlyoffice;
 
   jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path;
 in
 {
-  options.${namespace}.services.onlyoffice = {
+  options.${namespace}.services.onlyoffice = with lib; {
     enable = lib.mkEnableOption "";
+
+    port = mkOpt types.int 9943 "Port for opencloud to be hosted on";
+
+    configPath = mkOpt types.str "/media/nas/main/nix-app-data/onlyoffice" "Path to the data dir";
+
+    puid = mkOpt types.str "911" "puid";
+
+    pgid = mkOpt types.str "1000" "pgid";
+
+    timeZone = mkOpt types.str "America/Chicago" "container tz";
   };
 
   config = lib.mkIf cfg.enable {
-    services.nginx.virtualHosts."office.mjallen.dev".listen = [
-      {
-        addr = "0.0.0.0";
-        port = 9943;
-      }
-    ];
-    services.onlyoffice = {
-      enable = true;
-      port = 9943;
-      hostname = "office.mjallen.dev";
-      jwtSecretFile = jwtSecretFile;
-      securityNonceFile = jwtSecretFile;
+    # services.nginx.virtualHosts."office.mjallen.dev".listen = [
+    #   {
+    #     addr = "0.0.0.0";
+    #     port = 9943;
+    #   }
+    # ];
+    # services.onlyoffice = {
+    #   enable = true;
+    #   port = 9943;
+    #   hostname = "office.mjallen.dev";
+    #   jwtSecretFile = jwtSecretFile;
+    #   securityNonceFile = jwtSecretFile;
+    # };
+    virtualisation.oci-containers.containers.onlyoffice = {
+      autoStart = true;
+      image = "onlyoffice/documentserver";
+      ports = [
+        "${toString cfg.port}:80"
+      ];
+      volumes = [
+        "${cfg.configPath}/logs:/var/log/onlyoffice"
+        "${cfg.configPath}/data:/var/www/onlyoffice/Data"
+        "${cfg.configPath}/lib:/var/lib/onlyoffice"
+        "${cfg.configPath}/db:/var/lib/postgresql"
+      ];
+      environmentFiles = [ ];
+      environment = {
+        DB_TYPE = "postgres";
+        DB_HOST = "10.0.1.3";
+        DB_PORT = "5432";
+        DB_USER = "onlyoffice";
+        REDIS_SERVER_HOST = "10.0.1.3";
+        REDIS_SERVER_PORT = "6381";
+        WOPI_ENABLED = "true";
+        JWT_SECRET = "BogieDudie1";
+        PUID = cfg.puid;
+        PGID = cfg.pgid;
+        TZ = cfg.timeZone;
+      };
     };
   };
 }
diff --git a/modules/nixos/services/opencloud/default.nix b/modules/nixos/services/opencloud/default.nix
index 6d242d5..b8b521b 100644
--- a/modules/nixos/services/opencloud/default.nix
+++ b/modules/nixos/services/opencloud/default.nix
@@ -10,20 +10,50 @@ let
   cfg = config.${namespace}.services.opencloud;
 
   opencloudConfig = {
-    services.opencloud = {
-      enable = true;
-      port = cfg.port;
-      stateDir = cfg.dataDir;
-      address = "0.0.0.0";
-      url = "https://10.0.1.3:${toString cfg.port}";
-      # environment = {
-      #   OC_OIDC_ISSUER = "";
-      #   OC_EXCLUDE_RUN_SERVICES = "idp";
-      #   PROXY_OIDC_REWRITE_WELLKNOWN = "true";
-      #   PROXY_USER_OIDC_CLAIM = "preferred_username";
-      #   PROXY_AUTOPROVISION_ACCOUNTS = "true";
-      #   PROXY_ROLE_ASSIGNMENT_DRIVER = "oidc";
-      # };
+    virtualisation.oci-containers.containers.opencloud = {
+      autoStart = true;
+      image = "opencloudeu/opencloud-rolling";
+      ports = [
+        "${toString cfg.port}:9200"
+      ];
+      volumes = [
+        "${cfg.dataPath}:/var/lib/opencloud"
+        "${cfg.configPath}:/etc/opencloud"
+      ];
+      environmentFiles = [ ];
+      environment = {
+        OC_ADD_RUN_SERVICES = "collaboration";
+        APP_PROVIDER_WOPI_APP_NAME = "OnlyOffice";
+        COLLABORATION_APP_NAME = "OnlyOffice";
+        COLLABORATION_APP_PRODUCT = "OnlyOffice";
+        COLLABORATION_WOPI_SRC = "https://cloud.mjallen.dev";
+        COLLABORATION_APP_ADDR = "https://office.mjallen.dev";
+        COLLABORATION_APP_INSECURE = "false";
+        COLLABORATION_LOG_LEVEL = "info";
+        COLLABORATION_APP_PROOF_DISABLE = "true";
+        COLLABORATION_WOPI_SHORTTOKENS = "false";
+        COLLABORATION_GRPC_ADDR =  "0.0.0.0:9301";
+        COLLABORATION_HTTP_ADDR = "0.0.0.0:9300";
+        MICRO_REGISTRY = "nats-js-kv";
+        MICRO_REGISTRY_ADDRESS = "opencloud:9233";
+
+        NATS_NATS_HOST = "0.0.0.0";
+        GATEWAY_GRPC_ADDR = "0.0.0.0:9142";
+
+        OC_DB_TYPE = "postgres";
+        OC_DB_HOST = "10.0.1.3";
+        OC_DB_PORT = "5432";
+        OC_DB_USER = "opencloud";
+        OC_DB_NAME = "opencloud";
+
+        OC_INSECURE = "true";
+        PROXY_TLS = "false";
+        PROXY_HTTP_ADDR = "0.0.0.0:9200";
+        OC_URL = "https://cloud.mjallen.dev";
+        PUID = cfg.puid;
+        PGID = cfg.pgid;
+        TZ = cfg.timeZone;
+      };
     };
   };
 
@@ -46,11 +76,19 @@ in
   options.${namespace}.services.opencloud = {
     enable = mkEnableOption "opencloud service";
 
-    port = mkOpt types.int 8400 "Port for opencloud to be hosted on";
+    port = mkOpt types.int 9200 "Port for opencloud to be hosted on";
 
     localAddress = mkOpt types.str "127.0.0.1" "local address of the service";
 
-    dataDir = mkOpt types.str "/media/nas/main/nix-app-data/opencloud" "Path to the data dir";
+    dataPath = mkOpt types.str "/media/nas/main/opencloud" "Path to the data dir";
+
+    configPath = mkOpt types.str "/media/nas/main/nix-app-data/opencloud" "Path to the data dir";
+
+    puid = mkOpt types.str "911" "puid";
+
+    pgid = mkOpt types.str "1000" "pgid";
+
+    timeZone = mkOpt types.str "America/Chicago" "container tz";
 
     reverseProxy = mkReverseProxyOpt;
   };
diff --git a/modules/nixos/services/traefik/default.nix b/modules/nixos/services/traefik/default.nix
index eef6093..7939fda 100755
--- a/modules/nixos/services/traefik/default.nix
+++ b/modules/nixos/services/traefik/default.nix
@@ -62,7 +62,7 @@ let
 
   authentikUrl = "http://${serverIp}:9000";
   cacheUrl = "http://${serverIp}:9012";
-  cloudUrl = "https:/10.0.1.3:9988";
+  cloudUrl = "http:/10.0.1.3:9200";
   # cloudUrl = "http://${config.containers.nextcloud.localAddress}:80";
   hassUrl = "http://10.0.1.4:8123";
   immichUrl = "http://${serverIp}:${toString config.services.immich.port}";
@@ -395,7 +395,6 @@ in
                   url = cloudUrl;
                 }
               ];
-              serversTransport = "internal-https";
             };
             hass.loadBalancer.servers = [
               {
diff --git a/systems/x86_64-linux/jallen-nas/apps.nix b/systems/x86_64-linux/jallen-nas/apps.nix
index 581eb8a..ed3bfde 100755
--- a/systems/x86_64-linux/jallen-nas/apps.nix
+++ b/systems/x86_64-linux/jallen-nas/apps.nix
@@ -12,8 +12,9 @@
       lubelogger.enable = true;
       nextcloud.enable = true;
       opencloud = {
-        enable = false;
+        enable = true;
         port = 9200;
+        reverseProxy.enable = true;
       };
       onlyoffice.enable = true;
       ai.enable = true;
diff --git a/systems/x86_64-linux/jallen-nas/services.nix b/systems/x86_64-linux/jallen-nas/services.nix
index dad8036..109b408 100755
--- a/systems/x86_64-linux/jallen-nas/services.nix
+++ b/systems/x86_64-linux/jallen-nas/services.nix
@@ -29,6 +29,7 @@
         "authentik"
         "homeassistant"
         "nextcloud"
+        "onlyoffice"
         "synapse"
       ];
       ensureUsers = [
@@ -44,12 +45,16 @@
           name = "nextcloud";
           ensureDBOwnership = true;
         }
+        {
+          name = "onlyoffice";
+          ensureDBOwnership = true;
+        }
         {
           name = "synapse";
           ensureDBOwnership = true;
         }
       ];
-      # Allow access via pg_hba.conf rules:
+      # Allow access via pg_hba.conf rules:10.88.0.63
       authentication = pkgs.lib.mkOverride 50 ''
         # TYPE  DATABASE        USER            ADDRESS             METHOD
         local   all             all                                 trust
@@ -57,6 +62,8 @@
         local   nextcloud       nextcloud                           trust
         host    nextcloud       nextcloud       10.0.1.0/24         trust
         host    nextcloud       nextcloud       ::1/128             trust
+        local   onlyoffice      onlyoffice                          trust
+        host    onlyoffice      onlyoffice      10.88.0.0/24        trust
         local   synapse         synapse                             trust
         host    synapse         synapse         ::1/128             trust
       '';
@@ -73,6 +80,11 @@
           enable = true;
           port = 6380;
         };
+
+        onlyoffice = {
+          enable = true;
+          port = 6381;
+        };
       };
     };