From efcb4232a59baf4a876dfcc07018306235274790 Mon Sep 17 00:00:00 2001
From: oqyude <oqyude@gmail.com>
Date: Mon, 30 Mar 2026 16:05:09 +0300
Subject: [PATCH] try to setup onlyoffice

---
 modules/server/nextcloud.nix           |  9 +++++---
 modules/server/nginx.nix               | 32 +++++++++++++-------------
 modules/server/secrets/onlyoffice.yaml |  6 ++---
 modules/vds/nginx.nix                  | 11 +++++++++
 4 files changed, 36 insertions(+), 22 deletions(-)

diff --git a/modules/server/nextcloud.nix b/modules/server/nextcloud.nix
index 7ab9576..4f6454a 100644
--- a/modules/server/nextcloud.nix
+++ b/modules/server/nextcloud.nix
@@ -45,6 +45,7 @@ in
         log_type = "file";
         trusted_domains = [
           "nextcloud.zeroq.ru"
+          "office.zeroq.ru"
           "100.64.0.0"
           "192.168.1.20"
           "localhost"
@@ -53,8 +54,9 @@ in
         ];
         trusted_proxies = [
           "100.64.1.0"
+          "109.248.161.5"
         ];
-        overwriteprotocol = "";
+        overwriteprotocol = "https"; # maybe no
       };
       extraAppsEnable = true;
       appstoreEnable = false;
@@ -62,14 +64,14 @@ in
         enable = false;
         bendDomainToLocalhost = true;
       };
-      phpPackage = pkgs.php85;
+      # phpPackage = pkgs.php85;
       extraApps = {
         inherit (config.services.nextcloud.package.packages.apps)
           # gpoddersync
           # integration_paperless
           # memories
           # nextpod
-          # onlyoffice
+          onlyoffice
           # phonetrack
           # repod
           # sociallogin
@@ -135,6 +137,7 @@ in
     onlyoffice = {
       enable = true;
       hostname = "0.0.0.0";
+      wopi = true;
       jwtSecretFile = config.sops.secrets.onlyoffice-jwt.path;
       securityNonceFile = config.sops.secrets.onlyoffice-nonce.path;
     };
diff --git a/modules/server/nginx.nix b/modules/server/nginx.nix
index 96496c5..08a43e8 100644
--- a/modules/server/nginx.nix
+++ b/modules/server/nginx.nix
@@ -91,22 +91,22 @@ in
             client_max_body_size 5G;
           '';
         };
-        "office.local" = {
-          enableACME = false;
-          forceSSL = false;
-          locations = {
-            "/" = {
-              proxyPass = "http://${server}:8000"; # 9980
-              proxyWebsockets = true;
-            };
-          };
-          extraConfig = ''
-            client_max_body_size 5G;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-          ''; # absolute_redirect off;
-        };
+        #         "office.local" = {
+        #           enableACME = false;
+        #           forceSSL = false;
+        #           locations = {
+        #             "/" = {
+        #               proxyPass = "http://${server}:8000"; # 9980
+        #               proxyWebsockets = true;
+        #             };
+        #           };
+        #           extraConfig = ''
+        #             client_max_body_size 5G;
+        #             proxy_set_header X-Forwarded-Proto $scheme;
+        #             proxy_set_header X-Real-IP $remote_addr;
+        #             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        #           ''; # absolute_redirect off;
+        #         };
         "calibre.local" = {
           forceSSL = false;
           enableACME = false;
diff --git a/modules/server/secrets/onlyoffice.yaml b/modules/server/secrets/onlyoffice.yaml
index c1ab72b..55767e7 100644
--- a/modules/server/secrets/onlyoffice.yaml
+++ b/modules/server/secrets/onlyoffice.yaml
@@ -1,5 +1,5 @@
 jwt: ENC[AES256_GCM,data:Mp+eAh0Nle0QDfo92isNLwvHn/E=,iv:0FLK/8QpmX5Mv7IXMy04AJAgUknp5DATpD0acyPqrUg=,tag:rP9x3G8WIDG6KWSjqPXulQ==,type:str]
-nonce: ENC[AES256_GCM,data:8/xWIu/9rl4LrPIGBRvcIaPEwCslsRbkMqJDV9P8sqfeE2Le2SnmVLKt,iv:DHxrKOzJSekKY2TlN+iBwd2HbWV0pCid+qM2xufhbrw=,tag:o0OvJUxYSyXFtyPkfh0XLA==,type:str]
+nonce: ENC[AES256_GCM,data:IGIo74eaE1vppWmLJt8C1cmpUm8eozumLXU5ecJJIolpKlC85H39l6oGmw==,iv:YwLbgbkOxpChwLTbknCii66LMVwD61sr7gXsbv3t/NI=,tag:YFfLkO5b55/AcJKTpSyslQ==,type:str]
 sops:
     age:
         - recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
@@ -11,7 +11,7 @@ sops:
             dm4xa25tSmN3VjlPaWpBWnhJdklqWEEK+sD+lvwQGjNkOic3ZCo2VGQ/+p2Nhmm+
             g846YrGljYOib6hNryEhZWe0KmaDhn24vnEK5NS4WtqqwV+IhCZbmg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-03-30T12:49:52Z"
-    mac: ENC[AES256_GCM,data:OwORTRiRUImde7dlmsHuUNkln491biD8Z61nr8BPM5ATJqPug7sQzkpzGVVASmrpjtCi3lbn7XU8Fz6jLwODj9TRDOfazrlS1Oo6sE0d1yNXNbmIgK7+riNT7RtsGtAzgiNcYm+c8F9aa+UJ8Ctx20ejLBz/ZG/NjqTDVcgWgSk=,iv:DSDWrHyl9QBeyeC5r812IkBZjFwZ+VQdpBGIk/fFqiA=,tag:EvMW3Ef17IIEsg8zc8SykQ==,type:str]
+    lastmodified: "2026-03-30T21:55:57Z"
+    mac: ENC[AES256_GCM,data:Ff8KB0O7sDE4GL8kccuA3s8DSallp5aOsy+T60FLCxsZN1m7m6Cql+3Hb3IS0M/nLRZMoZre8kztnzSbWs8ZK0e5wZoQjb6KMESZaXPOfjjbPWjMKiRCAQZUJNZy5P067qoxOIQ3t25kPNolmHkSyicpLoLRIB4Adn8+M79/RLk=,iv:LfVbDH8JVbgkVk5cFpr/lbvtSu8waLhn9XHwPW/8jBE=,tag:ll5JQbyr84vI8V154ZE/wQ==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.12.2
diff --git a/modules/vds/nginx.nix b/modules/vds/nginx.nix
index fec4e2b..a386dcb 100644
--- a/modules/vds/nginx.nix
+++ b/modules/vds/nginx.nix
@@ -130,9 +130,20 @@ in
           };
           extraConfig = ''
             client_max_body_size 5G;
+
+            proxy_http_version 1.1;
+            proxy_buffering off;
+
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-Host $host;
             proxy_set_header X-Forwarded-Proto $scheme;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+            proxy_set_header Authorization $http_authorization;
+
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
           ''; # absolute_redirect off;
         };
         "immich.zeroq.ru" = {