From ebe56b50703b62f9dacc35070dcb67b132dac3c0 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom@hubrecht.ovh>
Date: Mon, 11 Dec 2023 01:05:20 +0100
Subject: [PATCH] feat(nextcloud): Setup collabora on code.dgnum.eu

---
 machines/compute01/nextcloud.nix | 84 +++++++++++++++++++++++++++++---
 1 file changed, 78 insertions(+), 6 deletions(-)

diff --git a/machines/compute01/nextcloud.nix b/machines/compute01/nextcloud.nix
index 671f35c..b6b24dd 100644
--- a/machines/compute01/nextcloud.nix
+++ b/machines/compute01/nextcloud.nix
@@ -83,13 +83,85 @@ in {
     };
   };
 
-  services.nginx.virtualHosts.${host} = {
-    enableACME = true;
-    forceSSL = true;
+  virtualisation.oci-containers = {
+    # # Since 22.05, the default driver is podman but it doesn't work
+    # # with podman. It would however be nice to switch to podman.
+    # backend = "docker";
+    containers.collabora = {
+      image = "collabora/code";
+      imageFile = pkgs.dockerTools.pullImage {
+        imageName = "collabora/code";
+        imageDigest =
+          "sha256:a8cce07c949aa59cea0a7f1f220266a1a6d886c717c3b5005782baf6f384d645";
+        sha256 = "sha256-lN6skv62x+x7G7SNOUyZ8W6S/uScrkqE1nbBwwSEWXQ=";
+      };
+      ports = [ "9980:9980" ];
+      environment = {
+        domain = "cloud.dgnum.eu";
+        extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
+      };
+      extraOptions = [ "--cap-add" "MKNOD" "--cap-add" "SYS_ADMIN" ];
+    };
+  };
 
-    extraConfig = ''
-      proxy_max_temp_file_size 4096m;
-    '';
+  services.nginx.virtualHosts = {
+    ${host} = {
+      enableACME = true;
+      forceSSL = true;
+
+      extraConfig = ''
+        proxy_max_temp_file_size 4096m;
+      '';
+    };
+
+    "code.dgnum.eu" = {
+      forceSSL = true;
+      enableACME = true;
+
+      extraConfig = ''
+        # static files
+        location ^~ /browser {
+          proxy_pass http://127.0.0.1:9980;
+          proxy_set_header Host $host;
+        }
+
+        # WOPI discovery URL
+        location ^~ /hosting/discovery {
+          proxy_pass http://127.0.0.1:9980;
+          proxy_set_header Host $host;
+        }
+
+        # Capabilities
+        location ^~ /hosting/capabilities {
+          proxy_pass http://127.0.0.1:9980;
+          proxy_set_header Host $host;
+        }
+
+        # main websocket
+        location ~ ^/cool/(.*)/ws$ {
+          proxy_pass http://127.0.0.1:9980;
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header Connection "Upgrade";
+          proxy_set_header Host $host;
+          proxy_read_timeout 36000s;
+        }
+
+        # download, presentation and image upload
+        location ~ ^/(c|l)ool {
+          proxy_pass http://127.0.0.1:9980;
+          proxy_set_header Host $host;
+        }
+
+        # Admin Console websocket
+        location ^~ /cool/adminws {
+          proxy_pass http://127.0.0.1:9980;
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header Connection "Upgrade";
+          proxy_set_header Host $host;
+          proxy_read_timeout 36000s;
+        }
+      '';
+    };
   };
 
   systemd.services = {