diff --git a/machines/compute01/_configuration.nix b/machines/compute01/_configuration.nix index 95a5f34..c1c30aa 100644 --- a/machines/compute01/_configuration.nix +++ b/machines/compute01/_configuration.nix @@ -13,6 +13,7 @@ lib.extra.mkConfig { "kanidm" "mastodon" "nextcloud" + "onlyoffice" "outline" "rstudio-server" "satosa" diff --git a/machines/compute01/onlyoffice/default.nix b/machines/compute01/onlyoffice/default.nix new file mode 100644 index 0000000..b7e338c --- /dev/null +++ b/machines/compute01/onlyoffice/default.nix @@ -0,0 +1,24 @@ +{ config, pkgs, ... }: + +let hostname = "documentserver.dgnum.eu"; +in { + services.onlyoffice = { + inherit hostname; + + enable = true; + + jwtSecretFile = config.age.secrets."onlyoffice-jwt_secret_file".path; + + port = 8015; + + package = pkgs.onlyoffice-documentserver.overrideAttrs + (old: { patches = (old.patches or [ ]) ++ [ ./secrets.patch ]; }); + }; + + services.nginx.virtualHosts.${hostname} = { + enableACME = true; + forceSSL = true; + }; + + dgn-secrets.matches."^onlyoffice-.*$" = { owner = "onlyoffice"; }; +} diff --git a/machines/compute01/secrets/onlyoffice-jwt_secret_file b/machines/compute01/secrets/onlyoffice-jwt_secret_file new file mode 100644 index 0000000..4fdfb08 --- /dev/null +++ b/machines/compute01/secrets/onlyoffice-jwt_secret_file @@ -0,0 +1,25 @@ +age-encryption.org/v1 +-> ssh-ed25519 tDqJRg tdsqOGe0FIHUGGlbgtGpiswO1U6Kz9K+R7Qhu3gbcwI +rocqPa+5l0f7Rljn4cUtLkbHVPYMfgHLq39bQqc+Cg4 +-> ssh-ed25519 jIXfPA TFIVQCvQ9r0cPx3nJz7q+W4NSthpcseiacX2gAhS3ws +hSZIw4r7TZnIClSI0H63Pv3Wufz6y8/5mxxK8p/ZsJc +-> ssh-ed25519 QlRB9Q F3eSJWNDba+UvXAQzAEtcTwzXubr9C/zai2E/jVRiUg +dHkCfb8HnjVmfZKsWe4dpsTrn2gY3vpadN6ojKA9FSE +-> ssh-ed25519 r+nK/Q k9Zrw0c4jO/QGNeqYt4UgRyun6NV7OGPqOipjQrHmyg +ov5f2X+qDNp5geyDC0Mcwdd5NyuipntL6qnyvjvs4RE +-> ssh-rsa krWCLQ +DChq0DDGoPIlOU3ZCIzLwiuQycb5063ofu8XYC062U+/h4eLMB2mv5Z364VTKarc +coqtUKjyao3R6HoPSBTlnUfIHXAGxxc8+S+cC0va7uVdF2sZLQ1dsbfBl1cX60s/ +5gj4YQoCq0n0XIp/O/YkpfR4XKGAjArtX3ZgHbupe8s/9aoEFo3FUla8IOY+haGs +EVFSLVowJttThgcL0VvFAMKTmAJGDnl1hCfysarlZHMxKhXwhcwuAfgpGcdvfiko +MmnXWRb6FbCePJr8VwgrlrE6ZsUAYs3PUSX7xsiL6RZyqoq7jZXZrap/tsMH20py +S97T1GnxVfZ6rN50H0MQ3Q +-> ssh-ed25519 /vwQcQ 4w6YlacZHrwayjIgByLuVFlzTSxcRcxIs96K1vdleh4 +Pg2/1ifwDBbVrCTf6/ato/9zDXmwNPQNEGZCDAkNJVo +-> ssh-ed25519 0R97PA bxxfto+ClQr2kcXS+M+BuUdI3SxvRr2jnJiNGTimLBY +fdZa3TFPRgKsws2BtAYt8yxLo+Ev2kPJuGTQMA65N20 +-> jq-grease xa2s )y (6I +Gkd3UQxQTL/cg7Uigavkbir5R+yxBcAP3Np1auq9i3VIKJIAsPceOZu8oMTLVQU4 +L4pRM0NSgnxwxauA2kUL7BY8ADTMuFvx0if9xre8nII +--- z7a3/Wdhy94ZpQhnfaXSC1cV+t4QmXIrgJgRI1Vn5kc +\mm=X8!7zS _mQf>K&b/)`e \ No newline at end of file diff --git a/machines/compute01/secrets/secrets.nix b/machines/compute01/secrets/secrets.nix index f7394f3..d71021e 100644 --- a/machines/compute01/secrets/secrets.nix +++ b/machines/compute01/secrets/secrets.nix @@ -8,6 +8,7 @@ lib.setDefault { inherit publicKeys; } [ "mastodon-extra_env_file" "nextcloud-adminpass_file" "nextcloud-s3_secret_file" + "onlyoffice-jwt_secret_file" "outline-oidc_client_secret_file" "outline-smtp_password_file" "outline-storage_secret_key_file"