diff --git a/container/Office.nix b/container/Office.nix index 83f0512..0f9f3a0 100644 --- a/container/Office.nix +++ b/container/Office.nix @@ -40,33 +40,55 @@ in { }; }; + + # HACK: Temporarely run in docker due to https://github.com/ONLYOFFICE/onlyoffice-nextcloud/issues/931 config = { pkgs, ... }: container.mkContainerConfig cfg { - # HACK: For whatever reason it does not detect my global allowUnfree (I pass pkgs from host system in mkContainerConfig). - nixpkgs.overlays = [ (final: prev: { - corefonts = prev.corefonts.overrideAttrs (old: { - meta.license = mkForce licenses.mit; - }); - })]; - - services.onlyoffice = let - dbName = "onlyoffice"; - in { - enable = true; - hostname = cfg.domain; - - postgresName = dbName; - postgresHost = config.container.module.postgres.address; - postgresUser = dbName; - postgresPasswordFile = "${pkgs.writeText "OfficeDbPassword" dbName}"; - - jwtSecretFile = "/var/lib/onlyoffice/jwt"; - - rabbitmqUrl = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}"; - - examplePort = cfg.port; - enableExampleServer = true; + virtualisation.oci-containers.backend = "docker"; + virtualisation.oci-containers.containers.office = { + autoStart = true; + image = "dockerhub.timeweb.cloud/onlyoffice/documentserver:latest"; + # ports = [ "${toString cfg.port}:8000" ]; + extraOptions = [ "--network=host" "--privileged" ]; + environment = { + JWT_ENABLED = "true"; + JWT_SECRET = "8wLfKGha8YRfvwpB5hYYjZf8vtUQs3wS"; + AMQP_URI = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}"; + DB_HOST = config.container.module.postgres.address; + DB_PORT = toString config.container.module.postgres.port; + DB_NAME = "onlyoffice"; + DB_USER = "onlyoffice"; + DB_PWD = "onlyoffice"; + }; }; }; + + # config = { pkgs, ... }: container.mkContainerConfig cfg { + # # HACK: For whatever reason it does not detect my global allowUnfree (I pass pkgs from host system in mkContainerConfig). + # nixpkgs.overlays = [ (final: prev: { + # corefonts = prev.corefonts.overrideAttrs (old: { + # meta.license = mkForce licenses.mit; + # }); + # })]; + + # services.onlyoffice = let + # dbName = "onlyoffice"; + # in { + # enable = true; + # hostname = cfg.domain; + + # postgresName = dbName; + # postgresHost = config.container.module.postgres.address; + # postgresUser = dbName; + # postgresPasswordFile = "${pkgs.writeText "OfficeDbPassword" dbName}"; + + # jwtSecretFile = "/var/lib/onlyoffice/jwt"; + + # rabbitmqUrl = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}"; + + # examplePort = cfg.port; + # enableExampleServer = true; + # }; + # }; }; }; } diff --git a/lib/Container.nix b/lib/Container.nix index b0cdc41..e54604a 100644 --- a/lib/Container.nix +++ b/lib/Container.nix @@ -1,5 +1,11 @@ { lib, pkgs, const, config, ... }: { mkContainer = cfg: extra: lib.recursiveUpdate { + # Allow nested containers. + additionalCapabilities = [ + ''all" --system-call-filter="add_key keyctl bpf" --capability="all'' + ]; + enableTun = true; + # Start containers with the system by default. autoStart = config.container.autoStart; @@ -15,6 +21,8 @@ # Common configuration for the system inside the container. mkContainerConfig = cfg: extra: lib.recursiveUpdate { + boot.isContainer = true; + # HACK: Do not evaluate nixpkgs inside the container. Use host's instead. nixpkgs.pkgs = lib.mkForce pkgs;