Try this onlyoffice config
This commit is contained in:
parent
38b071f0f5
commit
875d67d6f4
|
@ -56,6 +56,8 @@
|
||||||
sops.secrets."nextcloudadmin".owner = config.users.users.nextcloud.name;
|
sops.secrets."nextcloudadmin".owner = config.users.users.nextcloud.name;
|
||||||
sops.secrets."nextclouddb".mode = "0440";
|
sops.secrets."nextclouddb".mode = "0440";
|
||||||
sops.secrets."nextclouddb".owner = config.users.users.nextcloud.name;
|
sops.secrets."nextclouddb".owner = config.users.users.nextcloud.name;
|
||||||
|
sops.secrets."local.json".mode = "0440";
|
||||||
|
sops.secrets."local.json".owner = config.users.users.onlyoffice.name;
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
gc = {
|
gc = {
|
||||||
|
@ -146,7 +148,7 @@
|
||||||
extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf"];
|
extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf"];
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
};
|
};
|
||||||
nextcloud.extraGroups = [config.users.groups.keys.name "aria2"];
|
nextcloud.extraGroups = [config.users.groups.keys.name "aria2" "onlyoffice"];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Enable completion of system packages by zsh
|
# Enable completion of system packages by zsh
|
||||||
|
|
|
@ -24,6 +24,10 @@
|
||||||
## LetsEncrypt
|
## LetsEncrypt
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
};
|
};
|
||||||
|
"onlyoffice.example.com" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -41,11 +45,16 @@
|
||||||
autoUpdateApps.enable = true;
|
autoUpdateApps.enable = true;
|
||||||
# Set what time makes sense for you
|
# Set what time makes sense for you
|
||||||
autoUpdateApps.startAt = "05:00:00";
|
autoUpdateApps.startAt = "05:00:00";
|
||||||
|
configureRedis = true;
|
||||||
|
maxUploadSize = "16G";
|
||||||
|
enableBrokenCiphersForSSE = false;
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
# Further forces Nextcloud to use HTTPS
|
# Further forces Nextcloud to use HTTPS
|
||||||
overwriteProtocol = "https";
|
overwriteProtocol = "https";
|
||||||
|
|
||||||
|
defaultPhoneRegion = "NL";
|
||||||
|
|
||||||
# Nextcloud PostegreSQL database configuration, recommended over using SQLite
|
# Nextcloud PostegreSQL database configuration, recommended over using SQLite
|
||||||
dbtype = "pgsql";
|
dbtype = "pgsql";
|
||||||
dbuser = "nextcloud";
|
dbuser = "nextcloud";
|
||||||
|
@ -58,6 +67,12 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
onlyoffice = {
|
||||||
|
enable = true;
|
||||||
|
hostname = "onlyoffice.example.com";
|
||||||
|
jwtSecretFile = config.sops.secrets."local.json".path;
|
||||||
|
};
|
||||||
|
|
||||||
# Enable PostgreSQL
|
# Enable PostgreSQL
|
||||||
services.postgresql = {
|
services.postgresql = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -78,7 +93,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services."sops-nix.service" = {
|
systemd.services."sops-nix.service" = {
|
||||||
before = ["nextcloud-setup.service" "postgresql.service"];
|
before = ["nextcloud-setup.service" "postgresql.service" "onlyoffice.service"];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Ensure that postgres is running before running the setup
|
# Ensure that postgres is running before running the setup
|
||||||
|
|
|
@ -1,5 +1,21 @@
|
||||||
nextcloudadmin: ENC[AES256_GCM,data:LqgutUXs1msmFUNa+4JI1BEq0R8=,iv:sLP52reqsJfUNQnA9MbtbcZjGeluHDaO3dlHpWCLU4M=,tag:ChG/hZIMcmc0wt2AWOBNCA==,type:str]
|
nextcloudadmin: ENC[AES256_GCM,data:LqgutUXs1msmFUNa+4JI1BEq0R8=,iv:sLP52reqsJfUNQnA9MbtbcZjGeluHDaO3dlHpWCLU4M=,tag:ChG/hZIMcmc0wt2AWOBNCA==,type:str]
|
||||||
nextclouddb: ENC[AES256_GCM,data:EFwVtVD4KnEiZ5SM+1XW0U0mR/I2IXcRYXhQTgwv788=,iv:blHbNqI/Gq4tUQuqKWgrX9tYj6XKLRrWl1LFN+cn71M=,tag:H/7vobp5OwPbqsapvw7mUw==,type:str]
|
nextclouddb: ENC[AES256_GCM,data:EFwVtVD4KnEiZ5SM+1XW0U0mR/I2IXcRYXhQTgwv788=,iv:blHbNqI/Gq4tUQuqKWgrX9tYj6XKLRrWl1LFN+cn71M=,tag:H/7vobp5OwPbqsapvw7mUw==,type:str]
|
||||||
|
local.json:
|
||||||
|
services:
|
||||||
|
CoAuthoring:
|
||||||
|
token:
|
||||||
|
enable:
|
||||||
|
request:
|
||||||
|
inbox: ENC[AES256_GCM,data:lEB5UA==,iv:mvTrV1LIenxW/HUkEmpuSmU55oI4a4OxAyvnRzFoW5Y=,tag:pyT/QvpCf6Al9J7UHAHjFw==,type:bool]
|
||||||
|
outbox: ENC[AES256_GCM,data:LTKWdA==,iv:gNqHxkkYCWAxyUHixpN9dKhD96DykctuFsBtBcqqQLM=,tag:whh2tJ6VgQuT8aOiHoz8+w==,type:bool]
|
||||||
|
browser: ENC[AES256_GCM,data:FHnX8w==,iv:7mtRZiPQwtfIVbgsbGb/6wLX9VhAXXeAgQvIXgK7ldo=,tag:+74AKU2cjgXS16Iy+Z5T2Q==,type:bool]
|
||||||
|
secret:
|
||||||
|
inbox:
|
||||||
|
string: ENC[AES256_GCM,data:jvd3/hiLjwQPwdKSqGqoB7jYXxMlx+94gudsvCWPKdw=,iv:MPork/F2AMzRnmBVdN3S3YobAyxOJWdwZHYll/3rJ68=,tag:AwGMsFKCVZsdoLBHIYVBzg==,type:str]
|
||||||
|
outbox:
|
||||||
|
string: ENC[AES256_GCM,data:Rktq5FYhgrAcWKvlmmKBGf1ZW7r93o7nA9cGfwbZnoY=,iv:NsRodeTTkMFsLshdK5FrReCCXvtH4xuPFP0Cnsm4ito=,tag:AMSktqB+Ho6naOwWzIalIA==,type:str]
|
||||||
|
session:
|
||||||
|
string: ENC[AES256_GCM,data:fDVVoivTZswECVStgBKWKkOeXrW449fBUMNpESAbXks=,iv:UBiYgap28ZwvZJH/ETZZY1CvZfHzJ175FVPHwMhLlrw=,tag:Gtv9XjsGL6Svx5JHEIj9EA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -15,8 +31,8 @@ sops:
|
||||||
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
|
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
|
||||||
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
|
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-11-20T16:04:50Z"
|
lastmodified: "2023-11-23T18:20:20Z"
|
||||||
mac: ENC[AES256_GCM,data:eXTRcUy7s6NGN7ziA4CFz1Z3bhF0nNWtVI5o/WwMg7UFmW8AhJ2Hjzp0AJSkQxZOav2Fu/t9ENsu3OTdx3khxk9a1M8BV5VqJQ/DmXXfuZjjJ5cqYDBdQqDI+E6Ai6BJHHN0A4r5xkQ7fpdXsolshJKXi9sNiAjYY3zoJi3id9Y=,iv:d214ZHFIm/KmgzYBZrRm58yFZol/dfw6twZthFOAgvY=,tag:2Z4P0iCYNSNiIc2PwW733Q==,type:str]
|
mac: ENC[AES256_GCM,data:c6CaVuNPHq1Qaiklxzszqnb1UoFU7uyHYXr1FGvLssMVA6qhmEgXwFBi7iHvkK9FG+zSIgPf3ZhY7rpd3ddp42Z2WL9dOEVBpJ6SZcbG+k8gg6oq/PX/9/F0NIEuBUXgSz8vnLtqaOTxF++3TZvHWK0drP4bqck546tpcTpXVtU=,iv:hwwYCaC2OZftJVFYxA39KPiH0lwFA8X4GrDm9vKNb0I=,tag:W9sCVNyOfNy7g33iTIc+gA==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
Loading…
Reference in a new issue