move onlyoffice to new apps section
This commit is contained in:
parent
4a1291c075
commit
99f0f51406
1 changed files with 203 additions and 189 deletions
|
@ -54,31 +54,6 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
onlyoffice = lib.mkOption {
|
|
||||||
description = "If non null, set up an Only Office service.";
|
|
||||||
default = null;
|
|
||||||
type = lib.types.nullOr (lib.types.submodule {
|
|
||||||
options = {
|
|
||||||
subdomain = lib.mkOption {
|
|
||||||
type = lib.types.str;
|
|
||||||
description = "Subdomain under which Only Office will be served.";
|
|
||||||
default = "oo";
|
|
||||||
};
|
|
||||||
|
|
||||||
localNetworkIPRange = lib.mkOption {
|
|
||||||
type = lib.types.str;
|
|
||||||
description = "Local network range, to restrict access to Open Office to only those IPs.";
|
|
||||||
example = "192.168.1.1/24";
|
|
||||||
};
|
|
||||||
|
|
||||||
jwtSecretFile = lib.mkOption {
|
|
||||||
type = lib.types.path;
|
|
||||||
description = "File containing the JWT secret.";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
});
|
|
||||||
};
|
|
||||||
|
|
||||||
postgresSettings = lib.mkOption {
|
postgresSettings = lib.mkOption {
|
||||||
type = lib.types.nullOr (lib.types.attrsOf lib.types.str);
|
type = lib.types.nullOr (lib.types.attrsOf lib.types.str);
|
||||||
default = null;
|
default = null;
|
||||||
|
@ -134,6 +109,41 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
apps = lib.mkOption {
|
||||||
|
description = ''
|
||||||
|
Applications to enable in Nextcloud. Enabling an application here will also configure
|
||||||
|
various services needed for this application.
|
||||||
|
'';
|
||||||
|
type = lib.types.submodule {
|
||||||
|
options = {
|
||||||
|
onlyoffice = lib.mkOption {
|
||||||
|
description = "If non null, set up an Only Office service.";
|
||||||
|
default = null;
|
||||||
|
type = lib.types.nullOr (lib.types.submodule {
|
||||||
|
options = {
|
||||||
|
subdomain = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
description = "Subdomain under which Only Office will be served.";
|
||||||
|
default = "oo";
|
||||||
|
};
|
||||||
|
|
||||||
|
localNetworkIPRange = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
description = "Local network range, to restrict access to Open Office to only those IPs.";
|
||||||
|
example = "192.168.1.1/24";
|
||||||
|
};
|
||||||
|
|
||||||
|
jwtSecretFile = lib.mkOption {
|
||||||
|
type = lib.types.path;
|
||||||
|
description = "File containing the JWT secret.";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
});
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
extraApps = lib.mkOption {
|
extraApps = lib.mkOption {
|
||||||
type = lib.types.raw;
|
type = lib.types.raw;
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -170,7 +180,8 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkMerge [(lib.mkIf cfg.enable {
|
config = lib.mkMerge [
|
||||||
|
(lib.mkIf cfg.enable {
|
||||||
users.users = {
|
users.users = {
|
||||||
nextcloud = {
|
nextcloud = {
|
||||||
name = "nextcloud";
|
name = "nextcloud";
|
||||||
|
@ -331,26 +342,29 @@ in
|
||||||
];
|
];
|
||||||
excludePatterns = [".rnd"];
|
excludePatterns = [".rnd"];
|
||||||
};
|
};
|
||||||
}) (lib.mkIf (!(isNull cfg.onlyoffice)) {
|
})
|
||||||
|
|
||||||
|
(lib.mkIf (!(isNull cfg.apps.onlyoffice)) {
|
||||||
services.onlyoffice = {
|
services.onlyoffice = {
|
||||||
enable = true;
|
enable = true;
|
||||||
hostname = "${cfg.onlyoffice.subdomain}.${cfg.domain}";
|
hostname = "${cfg.apps.onlyoffice.subdomain}.${cfg.domain}";
|
||||||
port = 13444;
|
port = 13444;
|
||||||
|
|
||||||
postgresHost = "/run/postgresql";
|
postgresHost = "/run/postgresql";
|
||||||
|
|
||||||
jwtSecretFile = cfg.onlyoffice.jwtSecretFile;
|
jwtSecretFile = cfg.apps.onlyoffice.jwtSecretFile;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts."${cfg.onlyoffice.subdomain}.${cfg.domain}" = {
|
services.nginx.virtualHosts."${cfg.apps.onlyoffice.subdomain}.${cfg.domain}" = {
|
||||||
sslCertificate = lib.mkIf config.shb.ssl.enable "/var/lib/acme/${cfg.domain}/cert.pem";
|
sslCertificate = lib.mkIf config.shb.ssl.enable "/var/lib/acme/${cfg.domain}/cert.pem";
|
||||||
sslCertificateKey = lib.mkIf config.shb.ssl.enable "/var/lib/acme/${cfg.domain}/key.pem";
|
sslCertificateKey = lib.mkIf config.shb.ssl.enable "/var/lib/acme/${cfg.domain}/key.pem";
|
||||||
forceSSL = lib.mkIf config.shb.ssl.enable true;
|
forceSSL = lib.mkIf config.shb.ssl.enable true;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
allow ${cfg.onlyoffice.localNetworkIPRange};
|
allow ${cfg.apps.onlyoffice.localNetworkIPRange};
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
})];
|
})
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue