nixos-config/services/collabora-office.nix

{ config, ... }:

let
  inherit (config.users.users.collabora-office) uid;
  inherit (config.users.groups.collabora-office) gid;
in
{
  virtualisation.oci-containers.containers.collabora-office = {
    image = "docker.io/collabora/code";
    ports = [ "9980:9980" ];
    environment =
      let
        mkAlias = domain: "https://" + (builtins.replaceStrings [ "." ] [ "\\." ] domain) + ":443";
      in
      {
        server_name = "office.felschr.com";
        aliasgroup1 = mkAlias "office.felschr.com";
        aliasgroup2 = mkAlias "cloud.felschr.com";
        extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
      };
    extraOptions = [
      "--runtime=crun"
      "--uidmap=0:65534:1"
      "--gidmap=0:65534:1"
      "--uidmap=100:${toString uid}:1"
      "--gidmap=101:${toString gid}:1"
      "--network=host"
      "--cap-add=MKNOD"
      "--cap-add=CHOWN"
      "--cap-add=FOWNER"
      "--cap-add=SYS_CHROOT"
      "--label=io.containers.autoupdate=registry"
    ];
  };

  services.nginx.virtualHosts."office.felschr.com" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://127.0.0.1:9980";
      proxyWebsockets = true;
      extraConfig = ''
        proxy_read_timeout 36000s;
      '';
    };
  };

  users.users.collabora-office = {
    isSystemUser = true;
    group = "collabora-office";
    uid = 982;
  };

  users.groups.collabora-office = {
    gid = 982;
  };
}
feat: map oci-containers to specific users 2023-09-29 22:59:07 +02:00			`{ config, ... }:`
chore: move collabora-office to own file 2023-09-29 22:45:34 +02:00
feat: map oci-containers to specific users 2023-09-29 22:59:07 +02:00			`let`
			`inherit (config.users.users.collabora-office) uid;`
			`inherit (config.users.groups.collabora-office) gid;`
style: reformat with nixfmt-rfc-style 2024-05-26 16:45:38 +02:00			`in`
			`{`
chore: move collabora-office to own file 2023-09-29 22:45:34 +02:00			`virtualisation.oci-containers.containers.collabora-office = {`
			`image = "docker.io/collabora/code";`
			`ports = [ "9980:9980" ];`
style: reformat with nixfmt-rfc-style 2024-05-26 16:45:38 +02:00			`environment =`
			`let`
			`mkAlias = domain: "https://" + (builtins.replaceStrings [ "." ] [ "\\." ] domain) + ":443";`
			`in`
			`{`
			`server_name = "office.felschr.com";`
			`aliasgroup1 = mkAlias "office.felschr.com";`
			`aliasgroup2 = mkAlias "cloud.felschr.com";`
			`extra_params = "--o:ssl.enable=false --o:ssl.termination=true";`
			`};`
chore: move collabora-office to own file 2023-09-29 22:45:34 +02:00			`extraOptions = [`
feat: optimize container configuration 2024-03-07 21:24:13 +01:00			`"--runtime=crun"`
feat: map oci-containers to specific users 2023-09-29 22:59:07 +02:00			`"--uidmap=0:65534:1"`
			`"--gidmap=0:65534:1"`
			`"--uidmap=100:${toString uid}:1"`
			`"--gidmap=101:${toString gid}:1"`
chore: move collabora-office to own file 2023-09-29 22:45:34 +02:00			`"--network=host"`
			`"--cap-add=MKNOD"`
feat: optimize container configuration 2024-03-07 21:24:13 +01:00			`"--cap-add=CHOWN"`
			`"--cap-add=FOWNER"`
			`"--cap-add=SYS_CHROOT"`
chore: move collabora-office to own file 2023-09-29 22:45:34 +02:00			`"--label=io.containers.autoupdate=registry"`
			`];`
			`};`

			`services.nginx.virtualHosts."office.felschr.com" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations."/" = {`
			`proxyPass = "http://127.0.0.1:9980";`
			`proxyWebsockets = true;`
			`extraConfig = ''`
			`proxy_read_timeout 36000s;`
			`'';`
			`};`
			`};`
feat: map oci-containers to specific users 2023-09-29 22:59:07 +02:00
			`users.users.collabora-office = {`
			`isSystemUser = true;`
			`group = "collabora-office";`
			`uid = 982;`
			`};`

style: reformat with nixfmt-rfc-style 2024-05-26 16:45:38 +02:00			`users.groups.collabora-office = {`
			`gid = 982;`
			`};`
chore: move collabora-office to own file 2023-09-29 22:45:34 +02:00			`}`