forked from pub-solar/infra
Benjamin Yule Bädorf
68278ad983
This works towards having reusable modules * `config.pub-solar-os.networking.domain` is used for the main domain * `config.pub-solar-os.privacyPolicUrl` links towards the privacy policy * `config.pub-solar-os.imprintUrl` links towards the imprint * `config.pub-solar-os.auth.enable` enables the keycloak installation. This is needed because `config.pub-solar-os.auth` has to be available everywhere, but we do not want to install keycloak everywhere. * `config.pub-solar-os.auth.realm` sets the keycloak realm name
45 lines
1 KiB
Nix
45 lines
1 KiB
Nix
{ config
|
|
, lib
|
|
, pkgs
|
|
, self
|
|
, ...
|
|
}: {
|
|
services.nginx.virtualHosts."collabora.${config.pub-solar-os.networking.domain}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
|
proxyWebsockets = true;
|
|
extraConfig = ''
|
|
proxy_pass http://127.0.0.1:9980;
|
|
proxy_set_header Host $host;
|
|
'';
|
|
};
|
|
};
|
|
|
|
virtualisation = {
|
|
oci-containers = {
|
|
backend = "docker";
|
|
|
|
containers."collabora" = {
|
|
image = "collabora/code";
|
|
autoStart = true;
|
|
ports = [
|
|
"127.0.0.1:9980:9980"
|
|
];
|
|
extraOptions = [
|
|
"--cap-add=MKNOD"
|
|
"--pull=always"
|
|
];
|
|
environment = {
|
|
server_name = "collabora.${config.pub-solar-os.networking.domain}";
|
|
aliasgroup1 = "https://cloud.${config.pub-solar-os.networking.domain}:443";
|
|
DONT_GEN_SSL_CERT = "1";
|
|
extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
|
|
SLEEPFORDEBUGGER = "0";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|