Try this onlyoffice config

2023-11-23 19:24:27 +01:00 · 2023-11-23 19:24:27 +01:00 · 002a9676c5
commit 002a9676c5
parent 61f87d59b9
3 changed files with 37 additions and 4 deletions
--- a/nixos/queen/configuration.nix
+++ b/nixos/queen/configuration.nix
@ -56,6 +56,8 @@
  sops.secrets."nextcloudadmin".owner = config.users.users.nextcloud.name;
  sops.secrets."nextclouddb".mode = "0440";
  sops.secrets."nextclouddb".owner = config.users.users.nextcloud.name;
+  sops.secrets."local.json".mode = "0440";
+  sops.secrets."local.json".owner = config.users.users.onlyoffice.name;

  nix = {
    gc = {
@ -146,7 +148,7 @@
      extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf"];
      shell = pkgs.zsh;
    };
-    nextcloud.extraGroups = [config.users.groups.keys.name "aria2"];
+    nextcloud.extraGroups = [config.users.groups.keys.name "aria2" "onlyoffice"];
  };

  # Enable completion of system packages by zsh
--- a/nixos/queen/nextcloud.nix
+++ b/nixos/queen/nextcloud.nix
@ -24,6 +24,10 @@
        ## LetsEncrypt
        enableACME = true;
      };
+      "onlyoffice.example.com" = {
+        forceSSL = true;
+        enableACME = true;
+      };
    };
  };

@ -41,11 +45,16 @@
    autoUpdateApps.enable = true;
    # Set what time makes sense for you
    autoUpdateApps.startAt = "05:00:00";
+    configureRedis = true;
+    maxUploadSize = "16G";
+    enableBrokenCiphersForSSE = false;

    config = {
      # Further forces Nextcloud to use HTTPS
      overwriteProtocol = "https";

+      defaultPhoneRegion = "NL";
+
      # Nextcloud PostegreSQL database configuration, recommended over using SQLite
      dbtype = "pgsql";
      dbuser = "nextcloud";
@ -58,6 +67,12 @@
    };
  };

+  onlyoffice = {
+    enable = true;
+    hostname = "onlyoffice.example.com";
+    jwtSecretFile = config.sops.secrets."local.json".path;
+  };
+
  # Enable PostgreSQL
  services.postgresql = {
    enable = true;
@ -78,7 +93,7 @@
  };

  systemd.services."sops-nix.service" = {
-    before = ["nextcloud-setup.service" "postgresql.service"];
+    before = ["nextcloud-setup.service" "postgresql.service" "onlyoffice.service"];
  };

  # Ensure that postgres is running before running the setup
--- a/secrets/queen-Lillian.yaml
+++ b/secrets/queen-Lillian.yaml
@ -1,5 +1,21 @@
 nextcloudadmin: ENC[AES256_GCM,data:LqgutUXs1msmFUNa+4JI1BEq0R8=,iv:sLP52reqsJfUNQnA9MbtbcZjGeluHDaO3dlHpWCLU4M=,tag:ChG/hZIMcmc0wt2AWOBNCA==,type:str]
 nextclouddb: ENC[AES256_GCM,data:EFwVtVD4KnEiZ5SM+1XW0U0mR/I2IXcRYXhQTgwv788=,iv:blHbNqI/Gq4tUQuqKWgrX9tYj6XKLRrWl1LFN+cn71M=,tag:H/7vobp5OwPbqsapvw7mUw==,type:str]
+local.json:
+    services:
+        CoAuthoring:
+            token:
+                enable:
+                    request:
+                        inbox: ENC[AES256_GCM,data:lEB5UA==,iv:mvTrV1LIenxW/HUkEmpuSmU55oI4a4OxAyvnRzFoW5Y=,tag:pyT/QvpCf6Al9J7UHAHjFw==,type:bool]
+                        outbox: ENC[AES256_GCM,data:LTKWdA==,iv:gNqHxkkYCWAxyUHixpN9dKhD96DykctuFsBtBcqqQLM=,tag:whh2tJ6VgQuT8aOiHoz8+w==,type:bool]
+                    browser: ENC[AES256_GCM,data:FHnX8w==,iv:7mtRZiPQwtfIVbgsbGb/6wLX9VhAXXeAgQvIXgK7ldo=,tag:+74AKU2cjgXS16Iy+Z5T2Q==,type:bool]
+            secret:
+                inbox:
+                    string: ENC[AES256_GCM,data:jvd3/hiLjwQPwdKSqGqoB7jYXxMlx+94gudsvCWPKdw=,iv:MPork/F2AMzRnmBVdN3S3YobAyxOJWdwZHYll/3rJ68=,tag:AwGMsFKCVZsdoLBHIYVBzg==,type:str]
+                outbox:
+                    string: ENC[AES256_GCM,data:Rktq5FYhgrAcWKvlmmKBGf1ZW7r93o7nA9cGfwbZnoY=,iv:NsRodeTTkMFsLshdK5FrReCCXvtH4xuPFP0Cnsm4ito=,tag:AMSktqB+Ho6naOwWzIalIA==,type:str]
+                session:
+                    string: ENC[AES256_GCM,data:fDVVoivTZswECVStgBKWKkOeXrW449fBUMNpESAbXks=,iv:UBiYgap28ZwvZJH/ETZZY1CvZfHzJ175FVPHwMhLlrw=,tag:Gtv9XjsGL6Svx5JHEIj9EA==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -15,8 +31,8 @@ sops:
            KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
            NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-11-20T16:04:50Z"
-    mac: ENC[AES256_GCM,data:eXTRcUy7s6NGN7ziA4CFz1Z3bhF0nNWtVI5o/WwMg7UFmW8AhJ2Hjzp0AJSkQxZOav2Fu/t9ENsu3OTdx3khxk9a1M8BV5VqJQ/DmXXfuZjjJ5cqYDBdQqDI+E6Ai6BJHHN0A4r5xkQ7fpdXsolshJKXi9sNiAjYY3zoJi3id9Y=,iv:d214ZHFIm/KmgzYBZrRm58yFZol/dfw6twZthFOAgvY=,tag:2Z4P0iCYNSNiIc2PwW733Q==,type:str]
+    lastmodified: "2023-11-23T18:20:20Z"
+    mac: ENC[AES256_GCM,data:c6CaVuNPHq1Qaiklxzszqnb1UoFU7uyHYXr1FGvLssMVA6qhmEgXwFBi7iHvkK9FG+zSIgPf3ZhY7rpd3ddp42Z2WL9dOEVBpJ6SZcbG+k8gg6oq/PX/9/F0NIEuBUXgSz8vnLtqaOTxF++3TZvHWK0drP4bqck546tpcTpXVtU=,iv:hwwYCaC2OZftJVFYxA39KPiH0lwFA8X4GrDm9vKNb0I=,tag:W9sCVNyOfNy7g33iTIc+gA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1