feat: add collabora-online with nextcloud integration; deploy on hera

diogotcorreia · Feb 22, 2025 · 2203ffd · 2203ffd
1 parent 96c1258
commit 2203ffd
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 11 deletions.
diff --git a/hosts/hera/nextcloud.nix b/hosts/hera/nextcloud.nix
@@ -7,6 +7,10 @@
   ...
 }: let
   domain = "cloud.diogotc.com";
+  collaboraDomain = "office.diogotc.com";
+
+  collaboraPort = lib.my.ports.collabora-online;
+  collaboraDataDir = "/var/lib/cool";
 
   dbUsername = "nextcloud";
   dbDatabaseName = "nextcloud";
@@ -66,6 +70,14 @@ in {
     # passwordsalt
     # secret
     secretFile = config.age.secrets.nextcloudSecrets.path;
+
+    appstoreEnable = true;
+    extraAppsEnable = true;
+    extraApps = with config.services.nextcloud.package.packages.apps; {
+      inherit
+        richdocuments # Collabora Online for Nextcloud - https://apps.nextcloud.com/apps/richdocuments
+        ;
+    };
   };
   # Use caddy instead of nginx
   services.phpfpm.pools.nextcloud.settings = {
@@ -74,22 +86,39 @@ in {
   };
   users.groups.nextcloud.members = [config.services.caddy.user];
 
+  services.collabora-online = {
+    enable = true;
+    port = collaboraPort;
+    settings = {
+      # Rely on reverse proxy for SSL
+      ssl = {
+        enable = false;
+        termination = true;
+      };
+
+      net = {
+        listen = "loopback";
+        post_allow.host = ["::1"];
+      };
+      storage.wopi = {
+        "@allow" = true;
+        host = [domain];
+      };
+    };
+  };
+
   services.caddy.virtualHosts = {
-    ${domain} = {
+    ${domain} = let
+      # The webroot created by the module contains links to the various app store locations
+      webroot = config.services.nginx.virtualHosts.${domain}.root;
+    in {
       enableACME = true;
       extraConfig = ''
         encode zstd gzip
-        root * ${config.services.nextcloud.package}
+        root * ${webroot}
         php_fastcgi unix/${config.services.phpfpm.pools.nextcloud.socket} {
-          import CLOUDFLARE_PROXY
           env front_controller_active true # remove index.php from urls
         }
-        handle /store-apps/* {
-          root * ${config.services.nextcloud.home}
-        }
-        handle /nix-apps/* {
-          root * ${config.services.nextcloud.home}
-        }
         redir /.well-known/caldav /remote.php/dav 301
         redir /.well-known/carddav /remote.php/dav 301
         redir /.well-known/* /index.php{uri} 301 # Nextcloud front-controller handles routes to /.well-known
@@ -156,12 +185,18 @@ in {
         }
       '';
     };
+    ${collaboraDomain} = {
+      enableACME = true;
+      extraConfig = ''
+        reverse_proxy [::1]:${toString collaboraPort}
+      '';
+    };
   };
 
   # Pin nextcloud user's UID and GID, otherwise files may change owner
   users.users.nextcloud.uid = 900;
   users.groups.nextcloud.gid = 900;
 
-  modules.impermanence.directories = [config.services.nextcloud.home];
-  modules.services.restic.paths = [config.services.nextcloud.home];
+  modules.impermanence.directories = [config.services.nextcloud.home collaboraDataDir];
+  modules.services.restic.paths = [config.services.nextcloud.home collaboraDataDir];
 }
diff --git a/lib/ports.nix b/lib/ports.nix
@@ -62,6 +62,7 @@
     authelia = 9091;
     transmission = 9091;
     jackett = 9117;
+    collabora-online = 9980;
     stalwartMailHttp = 9988;
 
     lldapHttp = 17170;