feat(nuage): add collabora

2025-03-25 21:30:52 +01:00 · 2024-10-13 12:36:39 +02:00 · 2024-10-13 12:36:39 +02:00 · 2517047734
commit 2517047734
parent 89d4209200
1 changed files with 86 additions and 0 deletions
--- a/machines/nuage/default.nix
+++ b/machines/nuage/default.nix
@ -57,6 +57,92 @@
    };
  };

+  virtualisation = {
+    podman = {
+      enable = true;
+
+      defaultNetwork.settings = {
+        dns_enable = true;
+        ipv6_enabled = true;
+      };
+    };
+  };
+
+  virtualisation.oci-containers = {
+    containers.collabora = {
+      image = "collabora/code";
+      imageFile = pkgs.dockerTools.pullImage {
+        imageName = "collabora/code";
+        imageDigest = "sha256:07da8a191b37058514dfdf921ea8c2270c6634fa659acee774cf8594f86950e4";
+        sha256 = "sha256-5oaz07NQScHUVN/HznzZGQ2bGrU/V1GhI+9btXHz0GM=";
+      };
+      ports = [ "9980:9980" ];
+      environment = {
+        domain = "nuage.malka.family";
+        extra_params = "--o:ssl.enable=false --o:ssl.termination=true --o:remote_font_config.url=https://cloud.dgnum.eu/apps/richdocuments/settings/fonts.json";
+      };
+      extraOptions = [
+        "--network=host"
+        "--cap-add"
+        "MKNOD"
+        "--cap-add"
+        "SYS_ADMIN"
+      ];
+    };
+  };
+
+  services.nginx.virtualHosts = {
+
+    "collabora.luj.fr" = {
+      forceSSL = true;
+      enableACME = true;
+
+      extraConfig = ''
+        # static files
+        location ^~ /browser {
+          proxy_pass http://127.0.0.1:9980;
+          proxy_set_header Host $host;
+        }
+
+        # WOPI discovery URL
+        location ^~ /hosting/discovery {
+          proxy_pass http://127.0.0.1:9980;
+          proxy_set_header Host $host;
+        }
+
+        # Capabilities
+        location ^~ /hosting/capabilities {
+          proxy_pass http://127.0.0.1:9980;
+          proxy_set_header Host $host;
+        }
+
+        # main websocket
+        location ~ ^/cool/(.*)/ws$ {
+          proxy_pass http://127.0.0.1:9980;
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header Connection "Upgrade";
+          proxy_set_header Host $host;
+          proxy_read_timeout 36000s;
+        }
+
+        # download, presentation and image upload
+        location ~ ^/(c|l)ool {
+          proxy_pass http://127.0.0.1:9980;
+          proxy_set_header Host $host;
+        }
+
+        # Admin Console websocket
+        location ^~ /cool/adminws {
+          proxy_pass http://127.0.0.1:9980;
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header Connection "Upgrade";
+          proxy_set_header Host $host;
+          proxy_read_timeout 36000s;
+        }
+      '';
+    };
+  };
+
  services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
    forceSSL = true;
    enableACME = true;