diff --git a/flake.nix b/flake.nix index 0bc7545e..48b6fa15 100644 --- a/flake.nix +++ b/flake.nix @@ -103,7 +103,13 @@ nixosModules = { # Common nixos/nix-darwin configuration shared between Linux and macOS. common = { pkgs, ... }: { - virtualisation.docker.enable = true; + virtualisation.docker = { + enable = true; + extraOptions = '' + --data-root /var/lib/docker + ''; + }; + services.openssh.enable = true; services.openssh.settings.PermitRootLogin = "prohibit-password"; services.openssh.settings.PasswordAuthentication = false; diff --git a/hosts/nachtigall/apps/collabora.nix b/hosts/nachtigall/apps/collabora.nix new file mode 100644 index 00000000..89c3e855 --- /dev/null +++ b/hosts/nachtigall/apps/collabora.nix @@ -0,0 +1,39 @@ +{ + config, + lib, + pkgs, + self, + ... +}: { + services.nginx.virtualHosts."collabora.pub.solar" = { + enableACME = true; + forceSSL = true; + + locations."/".proxyPass = "http://localhost:9980"; + }; + + virtualisation = { + oci-containers = { + backend = "docker"; + + containers."collabora" = { + image = "collabora/code"; + autoStart = true; + ports = [ + "9980:9980" + ]; + extraOptions = [ + "--cap-add=MKNOD" + "--pull=always" + ]; + environment = { + server_name = "collabora.pub.solar"; + aliasgroup1 = "https://cloud.pub.solar:443"; + DONT_GEN_SSL_CERT = "1"; + extra_params = "--o:ssl.enable=false --o:ssl.termination=true"; + SLEEPFORDEBUGGER = "0"; + }; + }; + }; + }; +} diff --git a/hosts/nachtigall/default.nix b/hosts/nachtigall/default.nix index 01c5f5af..f4c1ed82 100644 --- a/hosts/nachtigall/default.nix +++ b/hosts/nachtigall/default.nix @@ -10,6 +10,7 @@ ./nix.nix ./apps/nginx.nix + ./apps/collabora.nix ./apps/forgejo.nix ./apps/keycloak.nix ./apps/mailman.nix