refactor(collabora-office): switch to NixOS module

Switch from OCI container to NixOS module.
2025-05-01 14:58:21 +02:00 · 2025-05-01 14:58:21 +02:00 · 4130730852
commit 4130730852
parent 827217da51
2 changed files with 15 additions and 39 deletions
--- a/flake.nix
+++ b/flake.nix
@ -57,7 +57,6 @@ rec {
    pre-commit-hooks = {
      url = "github:cachix/pre-commit-hooks.nix";
      inputs.nixpkgs.follows = "nixpkgs";
-      inputs.nixpkgs-stable.follows = "nixpkgs";
    };

    matrix-appservices = {
@ -82,7 +81,7 @@ rec {

    csharp-language-server = {
      url = "github:SofusA/csharp-language-server";
-      inputs.nixpkgs.follows = "nixpkgs";
+      # inputs.nixpkgs.follows = "nixpkgs";
      inputs.flake-utils.follows = "flake-utils";
    };
  };
--- a/services/collabora-office.nix
+++ b/services/collabora-office.nix
@ -1,57 +1,34 @@
 { config, ... }:

 let
-  inherit (config.users.users.collabora-office) uid;
-  inherit (config.users.groups.collabora-office) gid;
+  cfg = config.services.collabora-online;
 in
 {
-  virtualisation.oci-containers.containers.collabora-office = {
-    image = "docker.io/collabora/code";
-    ports = [ "9980:9980" ];
-    environment =
-      let
-        mkAlias = domain: "https://" + (builtins.replaceStrings [ "." ] [ "\\." ] domain) + ":443";
-      in
+  services.collabora-online = {
+    enable = true;
+    aliasGroups = [
      {
-        server_name = "office.felschr.com";
-        aliasgroup1 = mkAlias "office.felschr.com";
-        aliasgroup2 = mkAlias "cloud.felschr.com";
-        extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
-      };
-    extraOptions = [
-      "--runtime=crun"
-      "--uidmap=0:65534:1"
-      "--gidmap=0:65534:1"
-      "--uidmap=100:${toString uid}:1"
-      "--gidmap=101:${toString gid}:1"
-      "--network=host"
-      "--cap-add=MKNOD"
-      "--cap-add=CHOWN"
-      "--cap-add=FOWNER"
-      "--cap-add=SYS_CHROOT"
-      "--label=io.containers.autoupdate=registry"
+        host = "https://office.felschr.com";
+        aliases = [ "https://cloud.felschr.com" ];
+      }
    ];
+    settings = {
+      ssl = {
+        enable = false;
+        termination = true;
+      };
+    };
  };

  services.nginx.virtualHosts."office.felschr.com" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
-      proxyPass = "http://127.0.0.1:9980";
+      proxyPass = "http://127.0.0.1:${toString cfg.port}";
      proxyWebsockets = true;
      extraConfig = ''
        proxy_read_timeout 36000s;
      '';
    };
  };
-
-  users.users.collabora-office = {
-    isSystemUser = true;
-    group = "collabora-office";
-    uid = 982;
-  };
-
-  users.groups.collabora-office = {
-    gid = 982;
-  };
 }