From 41307308527cdf7a352e87e2ff36d91546eb29a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Thu, 1 May 2025 14:58:21 +0200
Subject: [PATCH] refactor(collabora-office): switch to NixOS module

Switch from OCI container to NixOS module.
---
 flake.nix                     |  3 +--
 services/collabora-office.nix | 51 ++++++++++-------------------------
 2 files changed, 15 insertions(+), 39 deletions(-)

diff --git a/flake.nix b/flake.nix
index fd02c7a..bb05b10 100644
--- a/flake.nix
+++ b/flake.nix
@@ -57,7 +57,6 @@ rec {
     pre-commit-hooks = {
       url = "github:cachix/pre-commit-hooks.nix";
       inputs.nixpkgs.follows = "nixpkgs";
-      inputs.nixpkgs-stable.follows = "nixpkgs";
     };
 
     matrix-appservices = {
@@ -82,7 +81,7 @@ rec {
 
     csharp-language-server = {
       url = "github:SofusA/csharp-language-server";
-      inputs.nixpkgs.follows = "nixpkgs";
+      # inputs.nixpkgs.follows = "nixpkgs";
       inputs.flake-utils.follows = "flake-utils";
     };
   };
diff --git a/services/collabora-office.nix b/services/collabora-office.nix
index 354c2f4..14f6c2d 100644
--- a/services/collabora-office.nix
+++ b/services/collabora-office.nix
@@ -1,57 +1,34 @@
 { config, ... }:
 
 let
-  inherit (config.users.users.collabora-office) uid;
-  inherit (config.users.groups.collabora-office) gid;
+  cfg = config.services.collabora-online;
 in
 {
-  virtualisation.oci-containers.containers.collabora-office = {
-    image = "docker.io/collabora/code";
-    ports = [ "9980:9980" ];
-    environment =
-      let
-        mkAlias = domain: "https://" + (builtins.replaceStrings [ "." ] [ "\\." ] domain) + ":443";
-      in
+  services.collabora-online = {
+    enable = true;
+    aliasGroups = [
       {
-        server_name = "office.felschr.com";
-        aliasgroup1 = mkAlias "office.felschr.com";
-        aliasgroup2 = mkAlias "cloud.felschr.com";
-        extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
-      };
-    extraOptions = [
-      "--runtime=crun"
-      "--uidmap=0:65534:1"
-      "--gidmap=0:65534:1"
-      "--uidmap=100:${toString uid}:1"
-      "--gidmap=101:${toString gid}:1"
-      "--network=host"
-      "--cap-add=MKNOD"
-      "--cap-add=CHOWN"
-      "--cap-add=FOWNER"
-      "--cap-add=SYS_CHROOT"
-      "--label=io.containers.autoupdate=registry"
+        host = "https://office.felschr.com";
+        aliases = [ "https://cloud.felschr.com" ];
+      }
     ];
+    settings = {
+      ssl = {
+        enable = false;
+        termination = true;
+      };
+    };
   };
 
   services.nginx.virtualHosts."office.felschr.com" = {
     forceSSL = true;
     enableACME = true;
     locations."/" = {
-      proxyPass = "http://127.0.0.1:9980";
+      proxyPass = "http://127.0.0.1:${toString cfg.port}";
       proxyWebsockets = true;
       extraConfig = ''
         proxy_read_timeout 36000s;
       '';
     };
   };
-
-  users.users.collabora-office = {
-    isSystemUser = true;
-    group = "collabora-office";
-    uid = 982;
-  };
-
-  users.groups.collabora-office = {
-    gid = 982;
-  };
 }