{ config, pkgs, ... }: let hostname = "documentserver.dgnum.eu"; in { services.onlyoffice = { inherit hostname; enable = true; jwtSecretFile = config.age.secrets."onlyoffice-jwt_secret_file".path; port = 8015; package = pkgs.onlyoffice-documentserver.overrideAttrs (old: { patches = (old.patches or [ ]) ++ [ ./secrets.patch ]; }); }; services.nginx.virtualHosts.${hostname} = { enableACME = true; forceSSL = true; }; dgn-secrets.matches."^onlyoffice-.*$" = { owner = "onlyoffice"; }; }