From 251704773459c550a00b21d8045cf2e33a94b61c Mon Sep 17 00:00:00 2001
From: Julien Malka <julien@malka.sh>
Date: Sun, 13 Oct 2024 12:36:39 +0200
Subject: [PATCH] feat(nuage): add collabora

---
 machines/nuage/default.nix | 86 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 86 insertions(+)

diff --git a/machines/nuage/default.nix b/machines/nuage/default.nix
index 3e5f58f..c99fde3 100644
--- a/machines/nuage/default.nix
+++ b/machines/nuage/default.nix
@@ -57,6 +57,92 @@
     };
   };
 
+  virtualisation = {
+    podman = {
+      enable = true;
+
+      defaultNetwork.settings = {
+        dns_enable = true;
+        ipv6_enabled = true;
+      };
+    };
+  };
+
+  virtualisation.oci-containers = {
+    containers.collabora = {
+      image = "collabora/code";
+      imageFile = pkgs.dockerTools.pullImage {
+        imageName = "collabora/code";
+        imageDigest = "sha256:07da8a191b37058514dfdf921ea8c2270c6634fa659acee774cf8594f86950e4";
+        sha256 = "sha256-5oaz07NQScHUVN/HznzZGQ2bGrU/V1GhI+9btXHz0GM=";
+      };
+      ports = [ "9980:9980" ];
+      environment = {
+        domain = "nuage.malka.family";
+        extra_params = "--o:ssl.enable=false --o:ssl.termination=true --o:remote_font_config.url=https://cloud.dgnum.eu/apps/richdocuments/settings/fonts.json";
+      };
+      extraOptions = [
+        "--network=host"
+        "--cap-add"
+        "MKNOD"
+        "--cap-add"
+        "SYS_ADMIN"
+      ];
+    };
+  };
+
+  services.nginx.virtualHosts = {
+
+    "collabora.luj.fr" = {
+      forceSSL = true;
+      enableACME = true;
+
+      extraConfig = ''
+        # static files
+        location ^~ /browser {
+          proxy_pass http://127.0.0.1:9980;
+          proxy_set_header Host $host;
+        }
+
+        # WOPI discovery URL
+        location ^~ /hosting/discovery {
+          proxy_pass http://127.0.0.1:9980;
+          proxy_set_header Host $host;
+        }
+
+        # Capabilities
+        location ^~ /hosting/capabilities {
+          proxy_pass http://127.0.0.1:9980;
+          proxy_set_header Host $host;
+        }
+
+        # main websocket
+        location ~ ^/cool/(.*)/ws$ {
+          proxy_pass http://127.0.0.1:9980;
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header Connection "Upgrade";
+          proxy_set_header Host $host;
+          proxy_read_timeout 36000s;
+        }
+
+        # download, presentation and image upload
+        location ~ ^/(c|l)ool {
+          proxy_pass http://127.0.0.1:9980;
+          proxy_set_header Host $host;
+        }
+
+        # Admin Console websocket
+        location ^~ /cool/adminws {
+          proxy_pass http://127.0.0.1:9980;
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header Connection "Upgrade";
+          proxy_set_header Host $host;
+          proxy_read_timeout 36000s;
+        }
+      '';
+    };
+  };
+
   services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
     forceSSL = true;
     enableACME = true;