From 002a9676c52dd489e0f07be9325e97a63d6eaf45 Mon Sep 17 00:00:00 2001
From: Lillian-Violet <git@lillianviolet.dev>
Date: Thu, 23 Nov 2023 19:24:27 +0100
Subject: [PATCH] Try this onlyoffice config

---
 nixos/queen/configuration.nix |  4 +++-
 nixos/queen/nextcloud.nix     | 17 ++++++++++++++++-
 secrets/queen-Lillian.yaml    | 20 ++++++++++++++++++--
 3 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/nixos/queen/configuration.nix b/nixos/queen/configuration.nix
index aaf163a..f7dd9f2 100644
--- a/nixos/queen/configuration.nix
+++ b/nixos/queen/configuration.nix
@@ -56,6 +56,8 @@
   sops.secrets."nextcloudadmin".owner = config.users.users.nextcloud.name;
   sops.secrets."nextclouddb".mode = "0440";
   sops.secrets."nextclouddb".owner = config.users.users.nextcloud.name;
+  sops.secrets."local.json".mode = "0440";
+  sops.secrets."local.json".owner = config.users.users.onlyoffice.name;
 
   nix = {
     gc = {
@@ -146,7 +148,7 @@
       extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf"];
       shell = pkgs.zsh;
     };
-    nextcloud.extraGroups = [config.users.groups.keys.name "aria2"];
+    nextcloud.extraGroups = [config.users.groups.keys.name "aria2" "onlyoffice"];
   };
 
   # Enable completion of system packages by zsh
diff --git a/nixos/queen/nextcloud.nix b/nixos/queen/nextcloud.nix
index 18c0265..5347f0a 100644
--- a/nixos/queen/nextcloud.nix
+++ b/nixos/queen/nextcloud.nix
@@ -24,6 +24,10 @@
         ## LetsEncrypt
         enableACME = true;
       };
+      "onlyoffice.example.com" = {
+        forceSSL = true;
+        enableACME = true;
+      };
     };
   };
 
@@ -41,11 +45,16 @@
     autoUpdateApps.enable = true;
     # Set what time makes sense for you
     autoUpdateApps.startAt = "05:00:00";
+    configureRedis = true;
+    maxUploadSize = "16G";
+    enableBrokenCiphersForSSE = false;
 
     config = {
       # Further forces Nextcloud to use HTTPS
       overwriteProtocol = "https";
 
+      defaultPhoneRegion = "NL";
+
       # Nextcloud PostegreSQL database configuration, recommended over using SQLite
       dbtype = "pgsql";
       dbuser = "nextcloud";
@@ -58,6 +67,12 @@
     };
   };
 
+  onlyoffice = {
+    enable = true;
+    hostname = "onlyoffice.example.com";
+    jwtSecretFile = config.sops.secrets."local.json".path;
+  };
+
   # Enable PostgreSQL
   services.postgresql = {
     enable = true;
@@ -78,7 +93,7 @@
   };
 
   systemd.services."sops-nix.service" = {
-    before = ["nextcloud-setup.service" "postgresql.service"];
+    before = ["nextcloud-setup.service" "postgresql.service" "onlyoffice.service"];
   };
 
   # Ensure that postgres is running before running the setup
diff --git a/secrets/queen-Lillian.yaml b/secrets/queen-Lillian.yaml
index 450ca04..e8af10a 100644
--- a/secrets/queen-Lillian.yaml
+++ b/secrets/queen-Lillian.yaml
@@ -1,5 +1,21 @@
 nextcloudadmin: ENC[AES256_GCM,data:LqgutUXs1msmFUNa+4JI1BEq0R8=,iv:sLP52reqsJfUNQnA9MbtbcZjGeluHDaO3dlHpWCLU4M=,tag:ChG/hZIMcmc0wt2AWOBNCA==,type:str]
 nextclouddb: ENC[AES256_GCM,data:EFwVtVD4KnEiZ5SM+1XW0U0mR/I2IXcRYXhQTgwv788=,iv:blHbNqI/Gq4tUQuqKWgrX9tYj6XKLRrWl1LFN+cn71M=,tag:H/7vobp5OwPbqsapvw7mUw==,type:str]
+local.json:
+    services:
+        CoAuthoring:
+            token:
+                enable:
+                    request:
+                        inbox: ENC[AES256_GCM,data:lEB5UA==,iv:mvTrV1LIenxW/HUkEmpuSmU55oI4a4OxAyvnRzFoW5Y=,tag:pyT/QvpCf6Al9J7UHAHjFw==,type:bool]
+                        outbox: ENC[AES256_GCM,data:LTKWdA==,iv:gNqHxkkYCWAxyUHixpN9dKhD96DykctuFsBtBcqqQLM=,tag:whh2tJ6VgQuT8aOiHoz8+w==,type:bool]
+                    browser: ENC[AES256_GCM,data:FHnX8w==,iv:7mtRZiPQwtfIVbgsbGb/6wLX9VhAXXeAgQvIXgK7ldo=,tag:+74AKU2cjgXS16Iy+Z5T2Q==,type:bool]
+            secret:
+                inbox:
+                    string: ENC[AES256_GCM,data:jvd3/hiLjwQPwdKSqGqoB7jYXxMlx+94gudsvCWPKdw=,iv:MPork/F2AMzRnmBVdN3S3YobAyxOJWdwZHYll/3rJ68=,tag:AwGMsFKCVZsdoLBHIYVBzg==,type:str]
+                outbox:
+                    string: ENC[AES256_GCM,data:Rktq5FYhgrAcWKvlmmKBGf1ZW7r93o7nA9cGfwbZnoY=,iv:NsRodeTTkMFsLshdK5FrReCCXvtH4xuPFP0Cnsm4ito=,tag:AMSktqB+Ho6naOwWzIalIA==,type:str]
+                session:
+                    string: ENC[AES256_GCM,data:fDVVoivTZswECVStgBKWKkOeXrW449fBUMNpESAbXks=,iv:UBiYgap28ZwvZJH/ETZZY1CvZfHzJ175FVPHwMhLlrw=,tag:Gtv9XjsGL6Svx5JHEIj9EA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -15,8 +31,8 @@ sops:
             KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
             NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-11-20T16:04:50Z"
-    mac: ENC[AES256_GCM,data:eXTRcUy7s6NGN7ziA4CFz1Z3bhF0nNWtVI5o/WwMg7UFmW8AhJ2Hjzp0AJSkQxZOav2Fu/t9ENsu3OTdx3khxk9a1M8BV5VqJQ/DmXXfuZjjJ5cqYDBdQqDI+E6Ai6BJHHN0A4r5xkQ7fpdXsolshJKXi9sNiAjYY3zoJi3id9Y=,iv:d214ZHFIm/KmgzYBZrRm58yFZol/dfw6twZthFOAgvY=,tag:2Z4P0iCYNSNiIc2PwW733Q==,type:str]
+    lastmodified: "2023-11-23T18:20:20Z"
+    mac: ENC[AES256_GCM,data:c6CaVuNPHq1Qaiklxzszqnb1UoFU7uyHYXr1FGvLssMVA6qhmEgXwFBi7iHvkK9FG+zSIgPf3ZhY7rpd3ddp42Z2WL9dOEVBpJ6SZcbG+k8gg6oq/PX/9/F0NIEuBUXgSz8vnLtqaOTxF++3TZvHWK0drP4bqck546tpcTpXVtU=,iv:hwwYCaC2OZftJVFYxA39KPiH0lwFA8X4GrDm9vKNb0I=,tag:W9sCVNyOfNy7g33iTIc+gA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1