From 259a07de8e34b9b9f3811ebf6b39b3423ed35427 Mon Sep 17 00:00:00 2001 From: oqyude Date: Sat, 20 Sep 2025 16:09:28 +0300 Subject: [PATCH] 213kdsanmfkld --- nixosModules/server/nextcloud.nix | 113 +++++++++++++++--------------- nixosModules/server/nginx.nix | 28 ++++---- nixosModules/vds/nginx.nix | 40 +++++------ 3 files changed, 91 insertions(+), 90 deletions(-) diff --git a/nixosModules/server/nextcloud.nix b/nixosModules/server/nextcloud.nix index ff52e54..9053ffc 100755 --- a/nixosModules/server/nextcloud.nix +++ b/nixosModules/server/nextcloud.nix @@ -83,75 +83,78 @@ ; }; }; - collabora-online = { - enable = true; - port = 9980; - settings = { - # Rely on reverse proxy for SSL - server_name = "collabora.zeroq.ru"; - ssl = { - enable = false; - termination = true; - ssl_verification = false; - }; - net = { - listen = "loopback"; - post_allow.host = [ - "localhost" - "100.64.0.0" - ]; # "::1" - }; - storage.wopi = { - "@allow" = true; - host = [ "nextcloud.zeroq.ru" ]; - }; - }; - }; - # onlyoffice = { + # collabora-online = { # enable = false; - # hostname = "localhost"; + # port = 9980; + # settings = { + # # Rely on reverse proxy for SSL + # server_name = "collabora.zeroq.ru"; + # ssl = { + # enable = false; + # termination = true; + # ssl_verification = false; + # }; + # net = { + # listen = "loopback"; + # post_allow.host = [ + # "localhost" + # "100.64.0.0" + # ]; # "::1" + # }; + # storage.wopi = { + # "@allow" = true; + # host = [ "nextcloud.zeroq.ru" ]; + # }; + # }; # }; - # rabbitmq.enable = false; + onlyoffice = { + enable = true; + hostname = "127.0.0.1"; + }; + #rabbitmq.enable = false; }; networking.hosts = { "127.0.0.1" = [ "nextcloud.zeroq.ru" - "collabora.zeroq.com" + "office.zeroq.com" + "collabora.zeroq.ru" ]; "::1" = [ "nextcloud.zeroq.ru" "collabora.zeroq.ru" + "collabora.zeroq.ru" ]; }; - systemd.services.nextcloud-config-collabora = - let - inherit (config.services.nextcloud) occ; - wopi_url = "http://[::1]:${toString config.services.collabora-online.port}"; - public_wopi_url = "https://collabora.zeroq.ru"; - wopi_allowlist = lib.concatStringsSep "," [ - "127.0.0.1" - "::1" - ]; - in - { - wantedBy = [ "multi-user.target" ]; - after = [ - "nextcloud-setup.service" - "coolwsd.service" - ]; - requires = [ "coolwsd.service" ]; - script = '' - ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url} - ${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url} - ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist} - ${occ}/bin/nextcloud-occ richdocuments:setup - ''; - serviceConfig = { - Type = "oneshot"; - }; - }; + # systemd.services.nextcloud-config-collabora = + # let + # inherit (config.services.nextcloud) occ; + # wopi_url = "http://[::1]:${toString config.services.collabora-online.port}"; + # public_wopi_url = "https://collabora.zeroq.ru"; + # wopi_allowlist = lib.concatStringsSep "," [ + # "127.0.0.1" + # "::1" + # ]; + # in + # { + # wantedBy = [ "multi-user.target" ]; + # after = [ + # "nextcloud-setup.service" + # "coolwsd.service" + # ]; + # requires = [ "coolwsd.service" ]; + # script = '' + # ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url} + # ${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url} + # ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist} + # ${occ}/bin/nextcloud-occ richdocuments:setup + # ''; + # serviceConfig = { + # Type = "oneshot"; + # }; + # }; + fileSystems."/mnt/nextcloud" = { device = "${xlib.dirs.nextcloud-folder}"; diff --git a/nixosModules/server/nginx.nix b/nixosModules/server/nginx.nix index 088d6d9..7afdf52 100755 --- a/nixosModules/server/nginx.nix +++ b/nixosModules/server/nginx.nix @@ -27,20 +27,20 @@ } ]; }; - # "localhost" = { - # forceSSL = false; - # enableACME = false; - # listen = [ - # { - # addr = "100.64.0.0"; - # port = 80; - # } - # { - # addr = "192.168.1.20"; - # port = 80; - # } - # ]; - # }; + "127.0.0.1" = { + forceSSL = false; + enableACME = false; + listen = [ + { + addr = "100.64.0.0"; + port = 8000; + } + { + addr = "192.168.1.20"; + port = 8000; + } + ]; + }; "localhost:9980" = { forceSSL = false; enableACME = false; diff --git a/nixosModules/vds/nginx.nix b/nixosModules/vds/nginx.nix index 18f01f4..3793fa2 100755 --- a/nixosModules/vds/nginx.nix +++ b/nixosModules/vds/nginx.nix @@ -16,6 +16,22 @@ in recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts = { + "office.zeroq.ru" = { + enableACME = true; + forceSSL = true; + kTLS = true; + # locations."/" = { + # proxyPass = "http://${server}:8000"; + # proxyWebsockets = true; # onlyoffice uses websockets + # }; + extraConfig = '' + reverse_proxy http://${server}:8000 { + # Required to circumvent bug of Onlyoffice loading mixed non-https content + header_up X-Forwarded-Proto https + client_max_body_size 5G; + } + ''; + }; "collabora.zeroq.ru" = { enableACME = true; forceSSL = true; @@ -106,27 +122,9 @@ in # }; }; }; - # blocky = { - # enable = true; - # settings = { - # ports.dns = 53; # Port for incoming DNS Queries. - # upstreams.groups.default = [ - # "https://dns.quad9.net/dns-query" # Using Cloudflare's DNS over HTTPS server for resolving queries. - # ]; - # # For initially solving DoH/DoT Requests when no system Resolver is available. - # bootstrapDns = { - # upstream = "https://dns.quad9.net/dns-query"; - # ips = [ "9.9.9.9" ]; - # }; - # # Custom DNS entries - # customDNS = { - # mapping = { - # "immich.zeroq.ru" = "100.90.0.0"; - # }; - # }; - # }; - # }; - }; + caddy = { + enable = true + }; security.acme = { acceptTerms = true; defaults = {