infra/modules/collabora/default.nix
Benjamin Yule Bädorf 68278ad983
refactor: use options for config parts
This works towards having reusable modules

* `config.pub-solar-os.networking.domain` is used for the main domain
* `config.pub-solar-os.privacyPolicUrl` links towards the privacy policy
* `config.pub-solar-os.imprintUrl` links towards the imprint
* `config.pub-solar-os.auth.enable` enables the keycloak installation.
  This is needed because `config.pub-solar-os.auth` has to be available
  everywhere, but we do not want to install keycloak everywhere.
* `config.pub-solar-os.auth.realm` sets the keycloak realm name
2024-05-08 19:47:47 +02:00

45 lines
1 KiB
Nix

{ config
, lib
, pkgs
, self
, ...
}: {
services.nginx.virtualHosts."collabora.${config.pub-solar-os.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyWebsockets = true;
extraConfig = ''
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $host;
'';
};
};
virtualisation = {
oci-containers = {
backend = "docker";
containers."collabora" = {
image = "collabora/code";
autoStart = true;
ports = [
"127.0.0.1:9980:9980"
];
extraOptions = [
"--cap-add=MKNOD"
"--pull=always"
];
environment = {
server_name = "collabora.${config.pub-solar-os.networking.domain}";
aliasgroup1 = "https://cloud.${config.pub-solar-os.networking.domain}:443";
DONT_GEN_SSL_CERT = "1";
extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
SLEEPFORDEBUGGER = "0";
};
};
};
};
}