213kdsanmfkld

2026-06-11 04:30:41 +03:00 · 2025-09-20 16:09:28 +03:00
parent 4074b188e9
commit 259a07de8e
3 changed files with 91 additions and 90 deletions
@@ -83,75 +83,78 @@
          ;
      };
    };
-    collabora-online = {
-      enable = true;
-      port = 9980;
-      settings = {
-        # Rely on reverse proxy for SSL
-        server_name = "collabora.zeroq.ru";
-        ssl = {
-          enable = false;
-          termination = true;
-          ssl_verification = false;
-        };
-        net = {
-          listen = "loopback";
-          post_allow.host = [
-            "localhost"
-            "100.64.0.0"
-          ]; # "::1"
-        };
-        storage.wopi = {
-          "@allow" = true;
-          host = [ "nextcloud.zeroq.ru" ];
-        };
-      };
-    };
-    # onlyoffice = {
+    # collabora-online = {
    #   enable = false;
-    #   hostname = "localhost";
+    #   port = 9980;
+    #   settings = {
+    #     # Rely on reverse proxy for SSL
+    #     server_name = "collabora.zeroq.ru";
+    #     ssl = {
+    #       enable = false;
+    #       termination = true;
+    #       ssl_verification = false;
+    #     };
+    #     net = {
+    #       listen = "loopback";
+    #       post_allow.host = [
+    #         "localhost"
+    #         "100.64.0.0"
+    #       ]; # "::1"
+    #     };
+    #     storage.wopi = {
+    #       "@allow" = true;
+    #       host = [ "nextcloud.zeroq.ru" ];
+    #     };
+    #   };
    # };
-    # rabbitmq.enable = false;
+    onlyoffice = {
+      enable = true;
+      hostname = "127.0.0.1";
+    };
+    #rabbitmq.enable = false;
  };

  networking.hosts = {
    "127.0.0.1" = [
      "nextcloud.zeroq.ru"
-      "collabora.zeroq.com"
+      "office.zeroq.com"
+      "collabora.zeroq.ru"
    ];
    "::1" = [
      "nextcloud.zeroq.ru"
      "collabora.zeroq.ru"
+      "collabora.zeroq.ru"
    ];
  };

-  systemd.services.nextcloud-config-collabora =
-    let
-      inherit (config.services.nextcloud) occ;
-      wopi_url = "http://[::1]:${toString config.services.collabora-online.port}";
-      public_wopi_url = "https://collabora.zeroq.ru";
-      wopi_allowlist = lib.concatStringsSep "," [
-        "127.0.0.1"
-        "::1"
-      ];
-    in
-    {
-      wantedBy = [ "multi-user.target" ];
-      after = [
-        "nextcloud-setup.service"
-        "coolwsd.service"
-      ];
-      requires = [ "coolwsd.service" ];
-      script = ''
-        ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
-        ${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
-        ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
-        ${occ}/bin/nextcloud-occ richdocuments:setup
-      '';
-      serviceConfig = {
-        Type = "oneshot";
-      };
-    };
+  # systemd.services.nextcloud-config-collabora =
+  #   let
+  #     inherit (config.services.nextcloud) occ;
+  #     wopi_url = "http://[::1]:${toString config.services.collabora-online.port}";
+  #     public_wopi_url = "https://collabora.zeroq.ru";
+  #     wopi_allowlist = lib.concatStringsSep "," [
+  #       "127.0.0.1"
+  #       "::1"
+  #     ];
+  #   in
+  #   {
+  #     wantedBy = [ "multi-user.target" ];
+  #     after = [
+  #       "nextcloud-setup.service"
+  #       "coolwsd.service"
+  #     ];
+  #     requires = [ "coolwsd.service" ];
+  #     script = ''
+  #       ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
+  #       ${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
+  #       ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
+  #       ${occ}/bin/nextcloud-occ richdocuments:setup
+  #     '';
+  #     serviceConfig = {
+  #       Type = "oneshot";
+  #     };
+  #   };
+

  fileSystems."/mnt/nextcloud" = {
    device = "${xlib.dirs.nextcloud-folder}";
@@ -27,20 +27,20 @@
            }
          ];
        };
-        # "localhost" = {
-        #   forceSSL = false;
-        #   enableACME = false;
-        #   listen = [
-        #     {
-        #       addr = "100.64.0.0";
-        #       port = 80;
-        #     }
-        #     {
-        #       addr = "192.168.1.20";
-        #       port = 80;
-        #     }
-        #   ];
-        # };
+        "127.0.0.1" = {
+          forceSSL = false;
+          enableACME = false;
+          listen = [
+            {
+              addr = "100.64.0.0";
+              port = 8000;
+            }
+            {
+              addr = "192.168.1.20";
+              port = 8000;
+            }
+          ];
+        };
        "localhost:9980" = {
          forceSSL = false;
          enableACME = false;
@@ -16,6 +16,22 @@ in
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
      virtualHosts = {
+        "office.zeroq.ru" = {
+          enableACME = true;
+          forceSSL = true;
+          kTLS = true;
+          # locations."/" = {
+          #   proxyPass = "http://${server}:8000";
+          #   proxyWebsockets = true; # onlyoffice uses websockets
+          # };
+          extraConfig = ''
+            reverse_proxy http://${server}:8000 {
+              # Required to circumvent bug of Onlyoffice loading mixed non-https content
+              header_up X-Forwarded-Proto https
+              client_max_body_size 5G;
+            }
+          '';
+        };
        "collabora.zeroq.ru" = {
          enableACME = true;
          forceSSL = true;
@@ -106,27 +122,9 @@ in
        # };
      };
    };
-    # blocky = {
-    #   enable = true;
-    #   settings = {
-    #     ports.dns = 53; # Port for incoming DNS Queries.
-    #     upstreams.groups.default = [
-    #       "https://dns.quad9.net/dns-query" # Using Cloudflare's DNS over HTTPS server for resolving queries.
-    #     ];
-    #     # For initially solving DoH/DoT Requests when no system Resolver is available.
-    #     bootstrapDns = {
-    #       upstream = "https://dns.quad9.net/dns-query";
-    #       ips = [ "9.9.9.9" ];
-    #     };
-    #     # Custom DNS entries
-    #     customDNS = {
-    #       mapping = {
-    #         "immich.zeroq.ru" = "100.90.0.0";
-    #       };
-    #     };
-    #   };
-    # };
-  };
+    caddy = {
+      enable = true
+    };
  security.acme = {
    acceptTerms = true;
    defaults = {