# NOTE: Imperative part: # 1. You need to change PSQL tables owner from root to onlyoffice, too. They don't do that automatically for some reason. # 2. TODO: Generate JWT secret at /var/lib/onlyoffice/jwt, i.e. 9wLfMGha1YrfvWpb5hyYjZf8pvJQ3swS # See https://git.voronind.com/voronind/nixos/issues/74 { container, pkgs, util, lib, config, ... }: with lib; let cfg = config.container.module.office; in { options = { container.module.office = { enable = mkEnableOption "Office web suite."; address = mkOption { default = "10.1.0.21"; type = types.str; }; port = mkOption { default = 8000; type = types.int; }; domain = mkOption { default = "office.${config.container.domain}"; type = types.str; }; storage = mkOption { default = "${config.container.storage}/office"; type = types.str; }; }; }; config = mkIf cfg.enable { systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ]; containers.office = container.mkContainer cfg { bindMounts = { "/var/lib/onlyoffice" = { hostPath = "${cfg.storage}/data"; isReadOnly = false; }; }; # HACK: Temporarely run in docker due to https://github.com/ONLYOFFICE/onlyoffice-nextcloud/issues/931 config = { pkgs, ... }: container.mkContainerConfig cfg { virtualisation.oci-containers.backend = "docker"; virtualisation.oci-containers.containers.office = { autoStart = true; image = "dockerhub.timeweb.cloud/onlyoffice/documentserver:latest"; # ports = [ "${toString cfg.port}:8000" ]; extraOptions = [ "--network=host" "--privileged" ]; environment = { JWT_ENABLED = "true"; JWT_SECRET = "8wLfKGha8YRfvwpB5hYYjZf8vtUQs3wS"; AMQP_URI = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}"; DB_HOST = config.container.module.postgres.address; DB_PORT = toString config.container.module.postgres.port; DB_NAME = "onlyoffice"; DB_USER = "onlyoffice"; DB_PWD = "onlyoffice"; }; }; }; # config = { pkgs, ... }: container.mkContainerConfig cfg { # # HACK: For whatever reason it does not detect my global allowUnfree (I pass pkgs from host system in mkContainerConfig). # nixpkgs.overlays = [ (final: prev: { # corefonts = prev.corefonts.overrideAttrs (old: { # meta.license = mkForce licenses.mit; # }); # })]; # services.onlyoffice = let # dbName = "onlyoffice"; # in { # enable = true; # hostname = cfg.domain; # postgresName = dbName; # postgresHost = config.container.module.postgres.address; # postgresUser = dbName; # postgresPasswordFile = "${pkgs.writeText "OfficeDbPassword" dbName}"; # jwtSecretFile = "/var/lib/onlyoffice/jwt"; # rabbitmqUrl = "amqp://guest:guest@${config.container.module.rabbitmq.address}:${toString config.container.module.rabbitmq.port}"; # examplePort = cfg.port; # enableExampleServer = true; # }; # }; }; }; }