diff --git a/nixosModules/server/nextcloud.nix b/nixosModules/server/nextcloud.nix index af14b6c..02fa7b6 100755 --- a/nixosModules/server/nextcloud.nix +++ b/nixosModules/server/nextcloud.nix @@ -26,7 +26,7 @@ redis = true; memcached = true; }; - maxUploadSize = "2G"; + maxUploadSize = "5G"; config = { dbtype = "pgsql"; dbuser = "nextcloud"; @@ -92,6 +92,7 @@ ssl = { enable = false; termination = true; + ssl_verification = false; }; net = { listen = "loopback"; @@ -110,45 +111,44 @@ # rabbitmq.enable = false; }; - # networking.hosts = { - # "127.0.0.1" = [ - # "nextcloud.zeroq.ru" - # "collabora.zeroq.com" - # ]; - # "::1" = [ - # "nextcloud.zeroq.ru" - # "collabora.zeroq.ru" - # ]; - # }; + networking.hosts = { + "127.0.0.1" = [ + "nextcloud.zeroq.ru" + "collabora.zeroq.com" + ]; + "::1" = [ + "nextcloud.zeroq.ru" + "collabora.zeroq.ru" + ]; + }; - # systemd.services.nextcloud-config-collabora = - # let - # inherit (config.services.nextcloud) occ; - - # wopi_url = "http://[::1]:${toString config.services.collabora-online.port}"; - # public_wopi_url = "https://collabora.zeroq.ru"; - # wopi_allowlist = lib.concatStringsSep "," [ - # "127.0.0.1" - # "::1" - # ]; - # in - # { - # wantedBy = [ "multi-user.target" ]; - # after = [ - # "nextcloud-setup.service" - # "coolwsd.service" - # ]; - # requires = [ "coolwsd.service" ]; - # script = '' - # ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url} - # ${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url} - # ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist} - # ${occ}/bin/nextcloud-occ richdocuments:setup - # ''; - # serviceConfig = { - # Type = "oneshot"; - # }; - # }; + systemd.services.nextcloud-config-collabora = + let + inherit (config.services.nextcloud) occ; + wopi_url = "http://[::1]:${toString config.services.collabora-online.port}"; + public_wopi_url = "https://collabora.zeroq.ru"; + wopi_allowlist = lib.concatStringsSep "," [ + "127.0.0.1" + "::1" + ]; + in + { + wantedBy = [ "multi-user.target" ]; + after = [ + "nextcloud-setup.service" + "coolwsd.service" + ]; + requires = [ "coolwsd.service" ]; + script = '' + ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url} + ${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url} + ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist} + ${occ}/bin/nextcloud-occ richdocuments:setup + ''; + serviceConfig = { + Type = "oneshot"; + }; + }; fileSystems."/mnt/nextcloud" = { device = "${xlib.dirs.nextcloud-folder}"; diff --git a/nixosModules/server/nginx.nix b/nixosModules/server/nginx.nix index f2c14b1..088d6d9 100755 --- a/nixosModules/server/nginx.nix +++ b/nixosModules/server/nginx.nix @@ -33,28 +33,28 @@ # listen = [ # { # addr = "100.64.0.0"; - # port = 8080; + # port = 80; # } # { # addr = "192.168.1.20"; - # port = 8080; - # } - # ]; - # }; - # "localhost:9980" = { - # forceSSL = false; - # enableACME = false; - # listen = [ - # { - # addr = "100.64.0.0"; - # port = 9980; - # } - # { - # addr = "192.168.1.20"; - # port = 9980; + # port = 80; # } # ]; # }; + "localhost:9980" = { + forceSSL = false; + enableACME = false; + listen = [ + { + addr = "100.64.0.0"; + port = 9980; + } + { + addr = "192.168.1.20"; + port = 9980; + } + ]; + }; }; }; }; diff --git a/nixosModules/vds/nginx.nix b/nixosModules/vds/nginx.nix index 312bd7c..7ed0a95 100755 --- a/nixosModules/vds/nginx.nix +++ b/nixosModules/vds/nginx.nix @@ -16,23 +16,33 @@ in recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts = { - # "collabora.zeroq.ru" = { - # enableACME = true; - # forceSSL = true; - # locations."/" = { - # proxyPass = "http://${server}:8080"; - # proxyWebsockets = true; # collabora uses websockets - # }; - # }; + "collabora.zeroq.ru" = { + enableACME = true; + forceSSL = true; + kTLS = true; + locations."/" = { + proxyPass = "http://${server}:9980"; + proxyWebsockets = true; # collabora uses websockets + }; + listen = [ + { + addr = "0.0.0.0"; + port = 443; + ssl = true; + } + }; + extraConfig = '' + client_max_body_size 5G; + ''; + }; "immich.zeroq.ru" = { # 31.57.105.253 forceSSL = true; enableACME = true; - locations = { - "/" = { - proxyPass = "http://${server}:2283"; # Порт Immich - proxyWebsockets = true; # Если Immich использует WebSockets - }; + kTLS = true; + locations."/" = { + proxyPass = "http://${server}:2283"; # Порт Immich + proxyWebsockets = true; # Если Immich использует WebSockets }; extraConfig = '' client_max_body_size 5G; @@ -41,6 +51,7 @@ in "nextcloud.zeroq.ru" = { forceSSL = true; enableACME = true; + kTLS = true; locations."/" = { proxyPass = "http://${server}:10000"; # Порт Nextcloud proxyWebsockets = true; @@ -52,6 +63,7 @@ in "flux.zeroq.ru" = { forceSSL = true; enableACME = true; + kTLS = true; locations."/" = { proxyPass = "http://${server}:6061"; # Порт Nextcloud proxyWebsockets = true; @@ -63,6 +75,7 @@ in "calibre.zeroq.ru" = { forceSSL = true; enableACME = true; + kTLS = true; locations."/" = { proxyPass = "http://${server}:8083"; # Порт Nextcloud proxyWebsockets = true; @@ -74,6 +87,7 @@ in "pdf.zeroq.ru" = { forceSSL = true; enableACME = true; + kTLS = true; locations."/" = { proxyPass = "http://${server}:6060"; # Порт Nextcloud proxyWebsockets = true;