diff --git a/hosts/nas/apps.nix b/hosts/nas/apps.nix index a4ee6c6..a7e8a1d 100644 --- a/hosts/nas/apps.nix +++ b/hosts/nas/apps.nix @@ -12,12 +12,13 @@ ../../modules ./apps/netdata + ./apps/collabora ]; nas-apps = { collabora = { - enable = true; + enable = false; environmentFiles = [ config.sops.secrets."jallen-nas/collabora".path ]; }; diff --git a/hosts/nas/apps/collabora/default.nix b/hosts/nas/apps/collabora/default.nix index 35f87df..14b4455 100644 --- a/hosts/nas/apps/collabora/default.nix +++ b/hosts/nas/apps/collabora/default.nix @@ -1,7 +1,26 @@ -{ ... }: +{ config, ... }: { - services.collabora-online = { - enable = true; - port = 9980; - }; + virtualisation.oci-containers.containers.onlyoffice = { + image = "onlyoffice/documentserver:latest"; + ports = ["9980:80"]; + environment = { + USE_UNAUTHORIZED_STORAGE = "true"; + }; + + environmentFiles = [ + config.sops.secrets."jallen-nas/onlyoffice-key".path + ]; + }; + # services.collabora-online = { + # enable = false; + # port = 9980; + # }; + + # services.onlyoffice = { + # enable = true; + # port = 9980; + # hostname = "office.mjallen.dev"; + # }; + # users.users.onlyoffice.isSystemUser = true; + # users.users.onlyoffice.isNormalUser = false; } diff --git a/hosts/nas/apps/nextcloud/default.nix b/hosts/nas/apps/nextcloud/default.nix index 01caaff..c0359db 100644 --- a/hosts/nas/apps/nextcloud/default.nix +++ b/hosts/nas/apps/nextcloud/default.nix @@ -32,11 +32,11 @@ in mountPoint = "/var/lib/nextcloud"; }; - "/var/lib/onlyoffice" = { - hostPath = "/media/nas/ssd/nix-app-data/onlyoffice"; - isReadOnly = false; - mountPoint = "/var/lib/onlyoffice"; - }; + # "/var/lib/onlyoffice" = { + # hostPath = "/media/nas/ssd/nix-app-data/onlyoffice"; + # isReadOnly = false; + # mountPoint = "/var/lib/onlyoffice"; + # }; }; config = @@ -110,18 +110,12 @@ in }; }; }; - - onlyoffice = { - enable = true; - port = 8000; - hostname = "office.mjallen.dev"; - }; }; # System packages environment.systemPackages = with pkgs; [ nextcloud30 - onlyoffice-documentserver + # onlyoffice-documentserver sqlite ]; @@ -132,9 +126,9 @@ in group = "nextcloud"; }; - users.users.onlyoffice = { - group = lib.mkForce "nextcloud"; - }; + # users.users.onlyoffice = { + # group = lib.mkForce "nextcloud"; + # }; users.groups = { nextcloud = { diff --git a/hosts/nas/apps/traefik/default.nix b/hosts/nas/apps/traefik/default.nix index a3ddbcc..810d9cc 100644 --- a/hosts/nas/apps/traefik/default.nix +++ b/hosts/nas/apps/traefik/default.nix @@ -107,6 +107,11 @@ in ]; }; }; + onlyoffice-websocket = { + headers.customrequestheaders = { + X-Forwarded-Proto = "https"; + }; + }; # test-errors = { # errors = { # status = [ @@ -186,6 +191,7 @@ in entryPoints = [ "websecure" ]; rule = "Host(`office.${domain}`)"; service = "collabora"; + middlewares = "onlyoffice-websocket"; tls.certResolver = "letsencrypt"; }; cloud = { diff --git a/hosts/nas/sops.nix b/hosts/nas/sops.nix index 5998714..7a24e77 100644 --- a/hosts/nas/sops.nix +++ b/hosts/nas/sops.nix @@ -69,6 +69,10 @@ restartUnits = [ "netdata.service" ]; }; + sops.secrets."jallen-nas/onlyoffice-key" = { + restartUnits = [ "podman-onlyoffice.service" ]; + }; + sops.secrets."jallen-nas/paperless/secret" = { restartUnits = [ "container@paperless.service" ]; }; diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 91b5000..122c73b 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -12,6 +12,7 @@ jallen-nas: dbpassword: ENC[AES256_GCM,data:Xu92h2psR4jAJDM=,iv:UsJD1zq9Uy0Exxk58nkyPGyI8m2BOuvr2DK843h5pSk=,tag:k4MvHT8BoahCf9ZxQw8ovA==,type:str] adminpassword: ENC[AES256_GCM,data:y4PXSbrAAw3A6cg=,iv:10Dm3IYqKJz2FNRteauuYSKXCHE2IKHv4ytidUvblXA=,tag:OAsZ69s4g2p0JEenLbkXdA==,type:str] smtppassword: ENC[AES256_GCM,data:AIn3HJ3oX90nzcmSLSIeizqL1w==,iv:EyIgk3mxJ1Pn9Gff6ia6c2ekreSFGUWDbLrtC/meMyI=,tag:LvkT98sSOVDV+mxMyJKnbQ==,type:str] + onlyoffice-key: ENC[AES256_GCM,data:htJ+CEyeHgdxbOGKT5SFPaQeFYw0vw==,iv:J/yl1vYx4As8TwpgNYkeiZZixXzHMFeF0/D3zY+MmIc=,tag:wdc8hRLs+qWpVhwGsvSqZg==,type:str] manyfold: secretkeybase: ENC[AES256_GCM,data:b+fgTrtnZcp34DOQ0dtKc6bX6/dm9j0o3QJr,iv:e4hOwgTFCXVokGqhwKsYHt5IQgtaKcMmEqvDoMly5aI=,tag:E8gFiOuozA4T1mmcgXfbDg==,type:str] immich: @@ -66,8 +67,8 @@ sops: UGhsN2N0Mjl3UEJvUVlGRlJiN05WaUkKW37lU4G4CLTo6JoHC2OyhKsG/FuO+BiN pzlVJwzRnmAqwklRbc6RMbQLl2EQrp6KQcgYsUxCMH9OQ/9WJ98dxQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-25T05:08:43Z" - mac: ENC[AES256_GCM,data:TFwJdmF0M4s3etKYXZAsMsEqcn7pt2Z6wgxPnLOpukFCGpNBorVsSWiFa/0UbvpZ7QRzNIEucEGAk0rspgnk0t+1EDxsW/UqXmieoLIQy317UHI/PVPprG6HPH/PHPCyhp/U4ddM94lKbxnEgf4kQDmL8Hl90vSWQs+8hOoByUk=,iv:1MjcEx4InMaDFStTLLvb/e0vAWyXoVb24dh2XwHvg3A=,tag:ZQQsuON1DFFD4aRWD2GTyg==,type:str] + lastmodified: "2025-01-25T19:42:11Z" + mac: ENC[AES256_GCM,data:dzOyTwO0bPCPVqus25r6oEXjjpNjfefkeqk16jW7DXugEcizCmS58nPMCGaHb4KrDyxjkzaMRHm7/tDqfRTtKh/nf14R+geWSk/J+c91cV5xCptfAphP53w5YeJkiOjCF3A08iSwEORvrzFY/xiomhO9xkew0bYzUV38Spe9Vfc=,iv:64NbSqYbO/YwqwlMh3WJgdkPNbNPd6lln2cRIlkmO5I=,tag:1ESax9tQ9ygghVLeHOkfJw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.3