modules/nextcloud: add options for whiteboard

2025-04-17 20:26:09 +02:00 · 2025-04-17 20:26:09 +02:00 · a44dd2296e
commit a44dd2296e
parent 9b4eda86dc
2 changed files with 56 additions and 0 deletions
--- a/modules/nextcloud/default.nix
+++ b/modules/nextcloud/default.nix
@ -11,6 +11,7 @@
    ./preview-generation.nix
    ./talk.nix
    ./federation.nix
+    ./whiteboard.nix
  ];

  options.momo-cloud.nextcloud =
@ -33,6 +34,20 @@
        description = "File that holds the OIDC secret";
        type = types.str;
      };
+
+      whiteboard = {
+        enable = mkEnableOption "enable whiteboard";
+        serverURL = mkOption {
+          description = "the url the whiteboard server can be reached over";
+          type = types.str;
+          default = "https://whiteboard.${config.momo-cloud.networking.domain}";
+        };
+        jwtSecretFile = mkOption {
+          description = "file that holds the jwt secret used to sign tokens for whiteboard server";
+          type = types.str;
+        };
+      };
+
      extraApps = mkOption {
        description = "Extra apps to be installed";
        type = types.attrsOf types.package;
--- a/modules/nextcloud/whiteboard.nix
+++ b/modules/nextcloud/whiteboard.nix
@ -0,0 +1,41 @@
+{ config, lib, ... }:
+
+let
+  cfg = config.momo-cloud.nextcloud;
+in
+{
+  config = lib.mkIf (cfg.enable && cfg.whiteboard.enable) {
+    momo-cloud.nextcloud.extraApps = {
+      inherit (config.services.nextcloud.package.packages.apps) whiteboard;
+    };
+
+    systemd.services."nextcloud-whiteboard-provisioning" =
+      let
+        occ = "/run/current-system/sw/bin/nextcloud-occ";
+      in
+      {
+        serviceConfig = {
+          Type = "oneshot";
+          LoadCredential = "jwt_secret:${cfg.whiteboard.jwtSecretFile}";
+        };
+
+        environment.JWT_SECRET_FILE = "%d/jwt_secret";
+
+        wantedBy = [ "multi-user.target" ];
+        after = [ "nextcloud-setup.service" ];
+
+        script = ''
+            COLLAB_URL=''$(${occ} config:app:get whiteboard collabBackendUrl || true)
+            if [ -z "''${COLLAB_URL}" -o "''${COLLAB_URL}" != "${cfg.whiteboard.serverURL}" ]; then
+              ${occ} config:app:set whiteboard collabBackendUrl --value="${cfg.whiteboard.serverURL}"
+            fi
+
+            JWT_SECRET=''$(cat ''$JWT_SECRET_FILE)
+            JWT_SECRET_NX=''$(${occ} config:app:get whiteboard jwt_secret_key || true)
+            if [ -z "''${JWT_SECRET_NX}" -o "''${JWT_SECRET}" != "''${JWT_SECRET_NX}" ]; then
+              ${occ} config:app:set whiteboard jwt_secret_key --value="''$JWT_SECRET" > /dev/null
+            fi
+          '';
+      };
+  };
+}