1
0
Fork 0

move onlyoffice to new apps section

This commit is contained in:
ibizaman 2024-01-05 13:47:54 -08:00 committed by Pierre Penninckx
parent 4a1291c075
commit 99f0f51406

View file

@ -54,31 +54,6 @@ in
''; '';
}; };
onlyoffice = lib.mkOption {
description = "If non null, set up an Only Office service.";
default = null;
type = lib.types.nullOr (lib.types.submodule {
options = {
subdomain = lib.mkOption {
type = lib.types.str;
description = "Subdomain under which Only Office will be served.";
default = "oo";
};
localNetworkIPRange = lib.mkOption {
type = lib.types.str;
description = "Local network range, to restrict access to Open Office to only those IPs.";
example = "192.168.1.1/24";
};
jwtSecretFile = lib.mkOption {
type = lib.types.path;
description = "File containing the JWT secret.";
};
};
});
};
postgresSettings = lib.mkOption { postgresSettings = lib.mkOption {
type = lib.types.nullOr (lib.types.attrsOf lib.types.str); type = lib.types.nullOr (lib.types.attrsOf lib.types.str);
default = null; default = null;
@ -134,6 +109,41 @@ in
''; '';
}; };
apps = lib.mkOption {
description = ''
Applications to enable in Nextcloud. Enabling an application here will also configure
various services needed for this application.
'';
type = lib.types.submodule {
options = {
onlyoffice = lib.mkOption {
description = "If non null, set up an Only Office service.";
default = null;
type = lib.types.nullOr (lib.types.submodule {
options = {
subdomain = lib.mkOption {
type = lib.types.str;
description = "Subdomain under which Only Office will be served.";
default = "oo";
};
localNetworkIPRange = lib.mkOption {
type = lib.types.str;
description = "Local network range, to restrict access to Open Office to only those IPs.";
example = "192.168.1.1/24";
};
jwtSecretFile = lib.mkOption {
type = lib.types.path;
description = "File containing the JWT secret.";
};
};
});
};
};
};
};
extraApps = lib.mkOption { extraApps = lib.mkOption {
type = lib.types.raw; type = lib.types.raw;
description = '' description = ''
@ -170,7 +180,8 @@ in
}; };
}; };
config = lib.mkMerge [(lib.mkIf cfg.enable { config = lib.mkMerge [
(lib.mkIf cfg.enable {
users.users = { users.users = {
nextcloud = { nextcloud = {
name = "nextcloud"; name = "nextcloud";
@ -331,26 +342,29 @@ in
]; ];
excludePatterns = [".rnd"]; excludePatterns = [".rnd"];
}; };
}) (lib.mkIf (!(isNull cfg.onlyoffice)) { })
(lib.mkIf (!(isNull cfg.apps.onlyoffice)) {
services.onlyoffice = { services.onlyoffice = {
enable = true; enable = true;
hostname = "${cfg.onlyoffice.subdomain}.${cfg.domain}"; hostname = "${cfg.apps.onlyoffice.subdomain}.${cfg.domain}";
port = 13444; port = 13444;
postgresHost = "/run/postgresql"; postgresHost = "/run/postgresql";
jwtSecretFile = cfg.onlyoffice.jwtSecretFile; jwtSecretFile = cfg.apps.onlyoffice.jwtSecretFile;
}; };
services.nginx.virtualHosts."${cfg.onlyoffice.subdomain}.${cfg.domain}" = { services.nginx.virtualHosts."${cfg.apps.onlyoffice.subdomain}.${cfg.domain}" = {
sslCertificate = lib.mkIf config.shb.ssl.enable "/var/lib/acme/${cfg.domain}/cert.pem"; sslCertificate = lib.mkIf config.shb.ssl.enable "/var/lib/acme/${cfg.domain}/cert.pem";
sslCertificateKey = lib.mkIf config.shb.ssl.enable "/var/lib/acme/${cfg.domain}/key.pem"; sslCertificateKey = lib.mkIf config.shb.ssl.enable "/var/lib/acme/${cfg.domain}/key.pem";
forceSSL = lib.mkIf config.shb.ssl.enable true; forceSSL = lib.mkIf config.shb.ssl.enable true;
locations."/" = { locations."/" = {
extraConfig = '' extraConfig = ''
allow ${cfg.onlyoffice.localNetworkIPRange}; allow ${cfg.apps.onlyoffice.localNetworkIPRange};
''; '';
}; };
}; };
})]; })
];
} }