From 4e97e2afb615e63cf4159e947ae18d1197f2444b Mon Sep 17 00:00:00 2001
From: ibizaman <ibizapeanut@gmail.com>
Date: Sun, 27 Aug 2023 22:20:59 -0700
Subject: [PATCH] add openoffice to nextcloud

---
 modules/nextcloud-server.nix | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/modules/nextcloud-server.nix b/modules/nextcloud-server.nix
index bb8dfcd..57f0e43 100644
--- a/modules/nextcloud-server.nix
+++ b/modules/nextcloud-server.nix
@@ -26,6 +26,12 @@ in
       description = "Sops file location";
       example = "secrets/nextcloud.yaml";
     };
+
+    localNetworkIPRange = lib.mkOption {
+      type = lib.types.str;
+      description = "Local network range, to restrict access to the UI to only those IPs.";
+      example = "192.168.1.1/24";
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -116,6 +122,35 @@ in
       };
     };
 
+    services.onlyoffice = {
+      enable = true;
+      hostname = "oo.${cfg.domain}";
+      port = 13444;
+
+      postgresHost = "/run/postgresql";
+
+      jwtSecretFile = "/run/secrets/nextcloud/onlyoffice/jwt_secret";
+    };
+    services.nginx.virtualHosts."oo.${cfg.domain}" = {
+      sslCertificate = "/var/lib/acme/${cfg.domain}/cert.pem";
+      sslCertificateKey = "/var/lib/acme/${cfg.domain}/key.pem";
+      forceSSL = true;
+      locations."/" = {
+        extraConfig = ''
+        allow ${cfg.localNetworkIPRange};
+        '';
+      };
+    };
+
+    # Secret needed for services.onlyoffice.jwtSecretFile
+    sops.secrets."nextcloud/onlyoffice/jwt_secret" = {
+      inherit (cfg) sopsFile;
+      mode = "0440";
+      owner = "onlyoffice";
+      group = "onlyoffice";
+      restartUnits = [ "onlyoffice-docservice.service" ];
+    };
+
     # Secret needed for services.nextcloud.config.adminpassFile.
     sops.secrets."nextcloud/adminpass" = {
       inherit (cfg) sopsFile;