From 4719cd64bc1538251be66d27b80306b0efdb92c3 Mon Sep 17 00:00:00 2001 From: death916 Date: Wed, 28 Jan 2026 05:42:38 -0800 Subject: [PATCH] nextcloud refactor and collabora --- modules/nextcloud-setup.nix | 116 ++++++++++++++++++++++++++++-------- 1 file changed, 92 insertions(+), 24 deletions(-) diff --git a/modules/nextcloud-setup.nix b/modules/nextcloud-setup.nix index 78ec031..085ade5 100644 --- a/modules/nextcloud-setup.nix +++ b/modules/nextcloud-setup.nix @@ -1,4 +1,3 @@ -# ~/nixconfig/modules/nextcloud-setup.nix { config, pkgs, @@ -7,47 +6,51 @@ }: let - nextcloudExternalDomain = "cloud.death916.xyz"; # Domain used by NPM + # --- Configuration Variables --- + nextcloudExternalDomain = "cloud.death916.xyz"; + collaboraExternalDomain = "office.death916.xyz"; # New: Domain for Collabora + adminPassFilePath = "/etc/nixos/secrets/nextcloud_admin_password"; dbPassFilePath = "/etc/nixos/secrets/nextcloud_db_password"; nextcloudDataPath = "/storage/nextcloud-data"; - nginxProxyManagerTailscaleIP = "100.117.212.36"; # IP of your NPM - internalNextcloudHttpPort = 80; - - # --- For Direct Tailscale Access to homelab's Nextcloud --- + # Network / Proxy + nginxProxyManagerTailscaleIP = "100.117.212.36"; homelabTailscaleIP = "100.65.36.116"; homelabMagicDNSName = "homelab"; + + internalNextcloudHttpPort = 80; + collaboraPort = 9980; in { - # --- PostgreSQL & Redis setup ... (as before) --- + # --- Database & Cache --- services.postgresql = { enable = true; package = pkgs.postgresql_14; ensureDatabases = [ "nextcloud" ]; ensureUsers = [ { name = "nextcloud"; } ]; }; + services.redis.servers.nextcloud = { enable = true; user = "nextcloud"; unixSocket = "/run/redis-nextcloud/redis.sock"; port = 0; }; - systemd.tmpfiles.rules = [ "d /run/redis-nextcloud 0750 nextcloud nextcloud - -" ]; - # --- Nextcloud Service Configuration --- + # --- Nextcloud --- services.nextcloud = { enable = true; package = pkgs.nextcloud32; - extraApps = { - # inherit (config.services.nextcloud.package.packages.apps) richdocuments; - }; hostName = nextcloudExternalDomain; - - https = false; # NPM handles HTTPS. Nextcloud serves HTTP internally. + https = false; # Handled by NPM datadir = nextcloudDataPath; maxUploadSize = "2G"; + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) richdocuments; + }; + config = { dbtype = "pgsql"; dbuser = "nextcloud"; @@ -57,45 +60,110 @@ in adminuser = "death916"; adminpassFile = adminPassFilePath; }; + extraOptions = { session_keepalive = true; - remember_login_cookie_lifetime = 7776000; # 90 days in seconds + remember_login_cookie_lifetime = 7776000; }; settings = { trusted_domains = [ - nextcloudExternalDomain # For access via NPM - homelabTailscaleIP # For direct access via Tailscale IP - homelabMagicDNSName # For direct access via Tailscale MagicDNS name - # "localhost" # If you run occ commands directly on homelab + nextcloudExternalDomain + homelabTailscaleIP + homelabMagicDNSName ]; - - # --- Trusted Proxies: For NPM path --- trusted_proxies = [ nginxProxyManagerTailscaleIP ]; overwriteprotocol = "https"; overwritehost = nextcloudExternalDomain; - "overwrite.cli.url" = "https://${nextcloudExternalDomain}"; # For occ commands - + "overwrite.cli.url" = "https://${nextcloudExternalDomain}"; overwritecondaddr = "^${nginxProxyManagerTailscaleIP}$"; + "memcache.local" = "\\OC\\Memcache\\APCu"; "memcache.distributed" = "\\OC\\Memcache\\Redis"; "memcache.locking" = "\\OC\\Memcache\\Redis"; filelocking.enabled = true; + redis = { host = "/run/redis-nextcloud/redis.sock"; port = 0; }; }; + caching.redis = true; phpOptions = lib.mkForce { "memory_limit" = "4G"; }; }; + # --- Collabora Online (Added) --- + services.collabora-online = { + enable = true; + port = collaboraPort; + settings = { + ssl = { + enable = false; + termination = true; + }; + server_name = collaboraExternalDomain; + + # Listening on any interface so your external NPM can reach it via Tailscale IP + net = { + listen = "any"; + post_allow.host = [ + "::1" + "127.0.0.1" + nginxProxyManagerTailscaleIP + ]; + }; + + storage.wopi = { + "@allow" = true; + host = [ nextcloudExternalDomain ]; + }; + }; + }; + + # --- Auto-configure Nextcloud to use Collabora --- + systemd.services.nextcloud-config-collabora = + let + inherit (config.services.nextcloud) occ; + wopi_url = "http://127.0.0.1:${toString collaboraPort}"; + public_wopi_url = "https://${collaboraExternalDomain}"; + wopi_allowlist = lib.concatStringsSep "," [ + "127.0.0.1" + "::1" + nginxProxyManagerTailscaleIP + ]; + in + { + wantedBy = [ "multi-user.target" ]; + after = [ + "nextcloud-setup.service" + "coolwsd.service" + ]; + requires = [ "coolwsd.service" ]; + script = '' + ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url} + ${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url} + ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist} + ${occ}/bin/nextcloud-occ richdocuments:setup + ''; + serviceConfig = { + Type = "oneshot"; + User = "nextcloud"; + }; + }; + + # --- System & Networking --- + systemd.tmpfiles.rules = [ "d /run/redis-nextcloud 0750 nextcloud nextcloud - -" ]; + users.users.nextcloud = { isSystemUser = true; group = "nextcloud"; }; users.groups.nextcloud = { }; - networking.firewall.allowedTCPPorts = [ internalNextcloudHttpPort ]; # Port 80 + networking.firewall.allowedTCPPorts = [ + internalNextcloudHttpPort + collaboraPort + ]; }