mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

clouds

Browse Source
This commit is contained in:
mjallen18
2025-12-09 20:26:18 -06:00
parent 989e717e4e
commit 764ce12aea
5 changed files with 121 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
modules/nixos/services/onlyoffice/default.nix
View File

@@ -5,29 +5,66 @@
... ...
}: }:
let let
inherit (lib.${namespace}) mkOpt mkReverseProxyOpt;
cfg = config.${namespace}.services.onlyoffice; cfg = config.${namespace}.services.onlyoffice;
jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path; jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path;
in in
{ {
options.${namespace}.services.onlyoffice = { options.${namespace}.services.onlyoffice = with lib; {
enable = lib.mkEnableOption ""; enable = lib.mkEnableOption "";
port = mkOpt types.int 9943 "Port for opencloud to be hosted on";
configPath = mkOpt types.str "/media/nas/main/nix-app-data/onlyoffice" "Path to the data dir";
puid = mkOpt types.str "911" "puid";
pgid = mkOpt types.str "1000" "pgid";
timeZone = mkOpt types.str "America/Chicago" "container tz";
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.nginx.virtualHosts."office.mjallen.dev".listen = [ # services.nginx.virtualHosts."office.mjallen.dev".listen = [
{ # {
addr = "0.0.0.0"; # addr = "0.0.0.0";
port = 9943; # port = 9943;
} # }
# ];
# services.onlyoffice = {
# enable = true;
# port = 9943;
# hostname = "office.mjallen.dev";
# jwtSecretFile = jwtSecretFile;
# securityNonceFile = jwtSecretFile;
# };
virtualisation.oci-containers.containers.onlyoffice = {
autoStart = true;
image = "onlyoffice/documentserver";
ports = [
"${toString cfg.port}:80"
]; ];
services.onlyoffice = { volumes = [
enable = true; "${cfg.configPath}/logs:/var/log/onlyoffice"
port = 9943; "${cfg.configPath}/data:/var/www/onlyoffice/Data"
hostname = "office.mjallen.dev"; "${cfg.configPath}/lib:/var/lib/onlyoffice"
jwtSecretFile = jwtSecretFile; "${cfg.configPath}/db:/var/lib/postgresql"
securityNonceFile = jwtSecretFile; ];
environmentFiles = [ ];
environment = {
DB_TYPE = "postgres";
DB_HOST = "10.0.1.3";
DB_PORT = "5432";
DB_USER = "onlyoffice";
REDIS_SERVER_HOST = "10.0.1.3";
REDIS_SERVER_PORT = "6381";
WOPI_ENABLED = "true";
JWT_SECRET = "BogieDudie1";
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
}; };
}; };
} }

70
modules/nixos/services/opencloud/default.nix
View File

@@ -10,20 +10,50 @@ let
cfg = config.${namespace}.services.opencloud; cfg = config.${namespace}.services.opencloud;
opencloudConfig = { opencloudConfig = {
services.opencloud = { virtualisation.oci-containers.containers.opencloud = {
enable = true; autoStart = true;
port = cfg.port; image = "opencloudeu/opencloud-rolling";
stateDir = cfg.dataDir; ports = [
address = "0.0.0.0"; "${toString cfg.port}:9200"
url = "https://10.0.1.3:${toString cfg.port}"; ];
# environment = { volumes = [
# OC_OIDC_ISSUER = ""; "${cfg.dataPath}:/var/lib/opencloud"
# OC_EXCLUDE_RUN_SERVICES = "idp"; "${cfg.configPath}:/etc/opencloud"
# PROXY_OIDC_REWRITE_WELLKNOWN = "true"; ];
# PROXY_USER_OIDC_CLAIM = "preferred_username"; environmentFiles = [ ];
# PROXY_AUTOPROVISION_ACCOUNTS = "true"; environment = {
# PROXY_ROLE_ASSIGNMENT_DRIVER = "oidc"; OC_ADD_RUN_SERVICES = "collaboration";
# }; APP_PROVIDER_WOPI_APP_NAME = "OnlyOffice";
COLLABORATION_APP_NAME = "OnlyOffice";
COLLABORATION_APP_PRODUCT = "OnlyOffice";
COLLABORATION_WOPI_SRC = "https://cloud.mjallen.dev";
COLLABORATION_APP_ADDR = "https://office.mjallen.dev";
COLLABORATION_APP_INSECURE = "false";
COLLABORATION_LOG_LEVEL = "info";
COLLABORATION_APP_PROOF_DISABLE = "true";
COLLABORATION_WOPI_SHORTTOKENS = "false";
COLLABORATION_GRPC_ADDR = "0.0.0.0:9301";
COLLABORATION_HTTP_ADDR = "0.0.0.0:9300";
MICRO_REGISTRY = "nats-js-kv";
MICRO_REGISTRY_ADDRESS = "opencloud:9233";
NATS_NATS_HOST = "0.0.0.0";
GATEWAY_GRPC_ADDR = "0.0.0.0:9142";
OC_DB_TYPE = "postgres";
OC_DB_HOST = "10.0.1.3";
OC_DB_PORT = "5432";
OC_DB_USER = "opencloud";
OC_DB_NAME = "opencloud";
OC_INSECURE = "true";
PROXY_TLS = "false";
PROXY_HTTP_ADDR = "0.0.0.0:9200";
OC_URL = "https://cloud.mjallen.dev";
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
}; };
}; };
@@ -46,11 +76,19 @@ in
options.${namespace}.services.opencloud = { options.${namespace}.services.opencloud = {
enable = mkEnableOption "opencloud service"; enable = mkEnableOption "opencloud service";
port = mkOpt types.int 8400 "Port for opencloud to be hosted on"; port = mkOpt types.int 9200 "Port for opencloud to be hosted on";
localAddress = mkOpt types.str "127.0.0.1" "local address of the service"; localAddress = mkOpt types.str "127.0.0.1" "local address of the service";
dataDir = mkOpt types.str "/media/nas/main/nix-app-data/opencloud" "Path to the data dir"; dataPath = mkOpt types.str "/media/nas/main/opencloud" "Path to the data dir";
configPath = mkOpt types.str "/media/nas/main/nix-app-data/opencloud" "Path to the data dir";
puid = mkOpt types.str "911" "puid";
pgid = mkOpt types.str "1000" "pgid";
timeZone = mkOpt types.str "America/Chicago" "container tz";
reverseProxy = mkReverseProxyOpt; reverseProxy = mkReverseProxyOpt;
}; };

3
modules/nixos/services/traefik/default.nix
View File

@@ -62,7 +62,7 @@ let
authentikUrl = "http://${serverIp}:9000"; authentikUrl = "http://${serverIp}:9000";
cacheUrl = "http://${serverIp}:9012"; cacheUrl = "http://${serverIp}:9012";
cloudUrl = "https:/10.0.1.3:9988"; cloudUrl = "http:/10.0.1.3:9200";
# cloudUrl = "http://${config.containers.nextcloud.localAddress}:80"; # cloudUrl = "http://${config.containers.nextcloud.localAddress}:80";
hassUrl = "http://10.0.1.4:8123"; hassUrl = "http://10.0.1.4:8123";
immichUrl = "http://${serverIp}:${toString config.services.immich.port}"; immichUrl = "http://${serverIp}:${toString config.services.immich.port}";
@@ -395,7 +395,6 @@ in
url = cloudUrl; url = cloudUrl;
} }
]; ];
serversTransport = "internal-https";
}; };
hass.loadBalancer.servers = [ hass.loadBalancer.servers = [
{ {

3
systems/x86_64-linux/jallen-nas/apps.nix
View File

@@ -12,8 +12,9 @@
lubelogger.enable = true; lubelogger.enable = true;
nextcloud.enable = true; nextcloud.enable = true;
opencloud = { opencloud = {
enable = false; enable = true;
port = 9200; port = 9200;
reverseProxy.enable = true;
}; };
onlyoffice.enable = true; onlyoffice.enable = true;
ai.enable = true; ai.enable = true;

14
systems/x86_64-linux/jallen-nas/services.nix
View File

@@ -29,6 +29,7 @@
"authentik" "authentik"
"homeassistant" "homeassistant"
"nextcloud" "nextcloud"
"onlyoffice"
"synapse" "synapse"
]; ];
ensureUsers = [ ensureUsers = [
@@ -44,12 +45,16 @@
name = "nextcloud"; name = "nextcloud";
ensureDBOwnership = true; ensureDBOwnership = true;
} }
{
name = "onlyoffice";
ensureDBOwnership = true;
}
{ {
name = "synapse"; name = "synapse";
ensureDBOwnership = true; ensureDBOwnership = true;
} }
]; ];
# Allow access via pg_hba.conf rules: # Allow access via pg_hba.conf rules:10.88.0.63
authentication = pkgs.lib.mkOverride 50 '' authentication = pkgs.lib.mkOverride 50 ''
# TYPE DATABASE USER ADDRESS METHOD # TYPE DATABASE USER ADDRESS METHOD
local all all trust local all all trust
@@ -57,6 +62,8 @@
local nextcloud nextcloud trust local nextcloud nextcloud trust
host nextcloud nextcloud 10.0.1.0/24 trust host nextcloud nextcloud 10.0.1.0/24 trust
host nextcloud nextcloud ::1/128 trust host nextcloud nextcloud ::1/128 trust
local onlyoffice onlyoffice trust
host onlyoffice onlyoffice 10.88.0.0/24 trust
local synapse synapse trust local synapse synapse trust
host synapse synapse ::1/128 trust host synapse synapse ::1/128 trust
''; '';
@@ -73,6 +80,11 @@
enable = true; enable = true;
port = 6380; port = 6380;
}; };
onlyoffice = {
enable = true;
port = 6381;
};
}; };
}; };