Updates.

2025-02-14 13:01:44 -06:00 · 2025-02-14 13:01:44 -06:00 · a5f06924da
commit a5f06924da
parent 838941b56b
11 changed files with 123 additions and 57 deletions
--- a/hosts/hub/apps/nextcloud.nix
+++ b/hosts/hub/apps/nextcloud.nix
@ -32,12 +32,18 @@
            configureRedis = true;
            maxUploadSize = "16G";
            # autoUpdateApps.enable = true;
-            notify_push.enable = true;
+            notify_push = {
+              enable = true;
+              bendDomainToLocalhost = true;
+            };
            webfinger = true;
            settings = {
              overwriteprotocol = "https";
-              trusted_proxies = [ "192.168.0.1" ];
+              trusted_proxies = [
+                "192.168.0.1"
+              ];
              default_phone_region = "US";
+              # loglevel = 0;
            };
            config = {
              dbtype = "pgsql";
@ -46,10 +52,6 @@
            };
            phpOptions."opcache.interned_strings_buffer" = "23";
          };
-          onlyoffice = {
-            enable = true;
-            hostname = "onlyoffice.thewordnerd.info";
-          };
          resolved.enable = true;
        };
        programs.nix-ld.enable = true;
@ -57,12 +59,19 @@
          firewall.allowedTCPPorts = [ 80 ];
          useHostResolvConf = lib.mkForce false;
        };
-        virtualisation.podman = {
-          enable = true;
-          dockerCompat = true;
-          dockerSocket.enable = true;
-        };
+        virtualisation.docker.enable = true;
+        users.users.nextcloud.extraGroups = [ "docker" ];
+        environment.systemPackages = [
+          (pkgs.writeScriptBin "occ" ''
+            #!${pkgs.bash}/bin/bash
+            exec nextcloud-occ "$@"
+          '')
+        ];
      };
+    # https://discourse.nixos.org/t/podman-docker-in-nixos-container-ideally-in-unprivileged-one/22909/12
+    additionalCapabilities = [
+      ''all" --system-call-filter="add_key keyctl bpf" --capability="all''
+    ];
    bindMounts = {
      "/run/postgresql" = {
        hostPath = "/run/postgresql";
@ -74,4 +83,8 @@
    reverse_proxy nextcloud
    header Strict-Transport-Security max-age=31536000;
  '';
+
+  services.caddy.virtualHosts."collabora.thewordnerd.info".extraConfig = ''
+    reverse_proxy nextcloud:9980
+  '';
 }