many cleanup, secrets, onlyoffice

2025-03-25 17:29:04 -05:00
parent 629b3ee68f
commit dcab646449
29 changed files with 299 additions and 814 deletions
--- a/hosts/nas/apps/nextcloud/default.nix
+++ b/hosts/nas/apps/nextcloud/default.nix
@@ -2,6 +2,7 @@
 let
  adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path;
  secretsFile =  config.sops.secrets."jallen-nas/nextcloud/smtp_settings".path;
+  jwtSecretFile =  config.sops.secrets."jallen-nas/onlyoffice-key".path;
  nextcloudUserId = config.users.users.nix-apps.uid;
  nextcloudGroupId = config.users.groups.jallen-nas.gid;
  nextcloudPackage = pkgs.unstable.nextcloud31;
@@ -19,6 +20,12 @@ in
        isReadOnly = true;
        mountPoint = "/run/secrets/jallen-nas/nextcloud";
      };
+      
+      secrets2 = {
+        hostPath = "/run/secrets/jallen-nas/onlyoffice-key";
+        isReadOnly = true;
+        mountPoint = "/run/secrets/jallen-nas/onlyoffice-key";
+      };

      data = {
        hostPath = "/media/nas/main/nextcloud";
@@ -32,11 +39,11 @@ in
        mountPoint = "/var/lib/nextcloud";
      };

-      # "/var/lib/onlyoffice" = {
-      #   hostPath = "/media/nas/ssd/nix-app-data/onlyoffice";
-      #   isReadOnly = false;
-      #   mountPoint = "/var/lib/onlyoffice";
-      # };
+      "/var/lib/onlyoffice" = {
+        hostPath = "/media/nas/ssd/nix-app-data/onlyoffice";
+        isReadOnly = false;
+        mountPoint = "/var/lib/onlyoffice";
+      };
    };

    config =
@@ -108,11 +115,19 @@ in
              user_oidc = {
                auto_provision = false;
                soft_auto_provision = false;
+                allow_multiple_user_backends = false; # auto redirect to authentik for login
              };
            };
          };
        };

+        services.onlyoffice = {
+          enable = true;
+          port = 9980;
+          hostname = "office.mjallen.dev";
+          jwtSecretFile = jwtSecretFile;
+        };
+
        # System packages
        environment.systemPackages = with pkgs; [
          cudaPackages.cudnn
@@ -121,7 +136,7 @@ in
          # libtensorflow-bin
          nextcloud31
          nodejs
-          # onlyoffice-documentserver
+          onlyoffice-documentserver
          sqlite
        ];

@@ -132,9 +147,9 @@ in
          group = "nextcloud";
        };

-        # users.users.onlyoffice = {
-        #   group = lib.mkForce "nextcloud";
-        # };
+        users.users.onlyoffice = {
+          group = lib.mkForce "nextcloud";
+        };

        users.groups = {
          nextcloud = {
@@ -183,6 +198,7 @@ in
            allowedTCPPorts = [
              80
              443
+              9980
            ];
          };
          # Use systemd-resolved inside the container
@@ -209,6 +225,10 @@ in
          destination = "10.0.2.18:8000";
          sourcePort = 8000;
        }
+        {
+          destination = "10.0.2.18:9980";
+          sourcePort = 9980;
+        }
      ];
    };
  };