From f856f61991d3d69466877660247ecd4833b9033b Mon Sep 17 00:00:00 2001
From: Dmitry Voronin <hi@voronind.com>
Date: Sat, 15 Jun 2024 18:38:17 +0300
Subject: [PATCH] Office : Fix.

---
 container/Office.nix    | 17 +++++++++++++++++
 container/default.nix   |  1 +
 host/home/Container.nix |  2 +-
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/container/Office.nix b/container/Office.nix
index aae4be6..76cb161 100644
--- a/container/Office.nix
+++ b/container/Office.nix
@@ -1,7 +1,22 @@
+# NOTE: Imperative part:
+# 1. You need to change PSQL tables owner from root to onlyoffice, too. They don't do that automatically for some reason.
+# 2. TODO: Generate JWT secret at /var/lib/onlyoffice/jwt, i.e. 9wLfMGha1YrfvWpb5hyYjZf8pvJQ3swS
+# See https://git.voronind.com/voronind/nixos/issues/74
 { container, pkgs, util, ... } @args: let
 	cfg = container.config.office;
 in {
+	systemd.tmpfiles.rules = container.mkContainerDir cfg [
+		"data"
+	];
+
 	containers.office = container.mkContainer cfg {
+		bindMounts = {
+			"/var/lib/onlyoffice" = {
+				hostPath   = "${cfg.storage}/data";
+				isReadOnly = false;
+			};
+		};
+
 		config = { ... }: container.mkContainerConfig cfg {
 			services.onlyoffice = let
 				dbName = "onlyoffice";
@@ -14,6 +29,8 @@ in {
 				postgresUser = dbName;
 				postgresPasswordFile = "${pkgs.writeText "OfficeDbPassword" dbName}";
 
+				jwtSecretFile = "/var/lib/onlyoffice/jwt";
+
 				examplePort = cfg.port;
 				enableExampleServer = true;
 			};
diff --git a/container/default.nix b/container/default.nix
index 51c73c9..d2e8bd8 100644
--- a/container/default.nix
+++ b/container/default.nix
@@ -114,6 +114,7 @@
 			address = "10.1.0.21";
 			domain  = "office.${domain}";
 			port    = 8000;
+			storage = "${storage}/office";
 		};
 		paper = {
 			inherit (media) paper;
diff --git a/host/home/Container.nix b/host/home/Container.nix
index 86369cf..5739b0d 100644
--- a/host/home/Container.nix
+++ b/host/home/Container.nix
@@ -46,7 +46,7 @@ in {
 		(import ../../container/Iot.nix args)
 		(import ../../container/Jobber.nix args)
 		(import ../../container/Mail.nix args)
-		# (import ../../container/Office.nix args)
+		(import ../../container/Office.nix args)
 		(import ../../container/Paper.nix args)
 		(import ../../container/Pass.nix args)
 		(import ../../container/Paste.nix args)