voronind/nix
0
0
Fork 0
Code Issues 40 Pull requests Packages Projects Releases Wiki Activity

Office : Run in Docker for now.

Browse source
This commit is contained in:
Dmitry Voronin 2024-06-29 21:51:55 +03:00
parent 0b6713396d
commit bb082dc2e3
Signed by: voronind
SSH key fingerprint: SHA256:3kBb4iV2ahufEBNq+vFbUe4QYfHt98DHQjN7QaptY9k
2 changed files with 54 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

70
container/Office.nix
View file

@ -40,33 +40,55 @@ in {
}; };
}; };
# HACK: Temporarely run in docker due to https://github.com/ONLYOFFICE/onlyoffice-nextcloud/issues/931
config = { pkgs, ... }: container.mkContainerConfig cfg { config = { pkgs, ... }: container.mkContainerConfig cfg {
# HACK: For whatever reason it does not detect my global allowUnfree (I pass pkgs from host system in mkContainerConfig). virtualisation.oci-containers.backend = "docker";
nixpkgs.overlays = [ (final: prev: { virtualisation.oci-containers.containers.office = {
corefonts = prev.corefonts.overrideAttrs (old: { autoStart = true;
meta.license = mkForce licenses.mit; image = "dockerhub.timeweb.cloud/onlyoffice/documentserver:latest";
}); # ports = [ "${toString cfg.port}:8000" ];
})]; extraOptions = [ "--network=host" "--privileged" ];
environment = {
services.onlyoffice = let JWT_ENABLED = "true";
dbName = "onlyoffice"; JWT_SECRET = "8wLfKGha8YRfvwpB5hYYjZf8vtUQs3wS";
in { AMQP_URI = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}";
enable = true; DB_HOST = config.container.module.postgres.address;
hostname = cfg.domain; DB_PORT = toString config.container.module.postgres.port;
DB_NAME = "onlyoffice";
postgresName = dbName; DB_USER = "onlyoffice";
postgresHost = config.container.module.postgres.address; DB_PWD = "onlyoffice";
postgresUser = dbName;
postgresPasswordFile = "${pkgs.writeText "OfficeDbPassword" dbName}";
jwtSecretFile = "/var/lib/onlyoffice/jwt";
rabbitmqUrl = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}";
examplePort = cfg.port;
enableExampleServer = true;
}; };
}; };
}; };
# config = { pkgs, ... }: container.mkContainerConfig cfg {
# # HACK: For whatever reason it does not detect my global allowUnfree (I pass pkgs from host system in mkContainerConfig).
# nixpkgs.overlays = [ (final: prev: {
# corefonts = prev.corefonts.overrideAttrs (old: {
# meta.license = mkForce licenses.mit;
# });
# })];
# services.onlyoffice = let
# dbName = "onlyoffice";
# in {
# enable = true;
# hostname = cfg.domain;
# postgresName = dbName;
# postgresHost = config.container.module.postgres.address;
# postgresUser = dbName;
# postgresPasswordFile = "${pkgs.writeText "OfficeDbPassword" dbName}";
# jwtSecretFile = "/var/lib/onlyoffice/jwt";
# rabbitmqUrl = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}";
# examplePort = cfg.port;
# enableExampleServer = true;
# };
# };
};
}; };
} }

8
lib/Container.nix
View file

@ -1,5 +1,11 @@
{ lib, pkgs, const, config, ... }: { { lib, pkgs, const, config, ... }: {
mkContainer = cfg: extra: lib.recursiveUpdate { mkContainer = cfg: extra: lib.recursiveUpdate {
# Allow nested containers.
additionalCapabilities = [
''all" --system-call-filter="add_key keyctl bpf" --capability="all''
];
enableTun = true;
# Start containers with the system by default. # Start containers with the system by default.
autoStart = config.container.autoStart; autoStart = config.container.autoStart;
@ -15,6 +21,8 @@
# Common configuration for the system inside the container. # Common configuration for the system inside the container.
mkContainerConfig = cfg: extra: lib.recursiveUpdate { mkContainerConfig = cfg: extra: lib.recursiveUpdate {
boot.isContainer = true;
# HACK: Do not evaluate nixpkgs inside the container. Use host's instead. # HACK: Do not evaluate nixpkgs inside the container. Use host's instead.
nixpkgs.pkgs = lib.mkForce pkgs; nixpkgs.pkgs = lib.mkForce pkgs;