diff --git a/flake.lock b/flake.lock index f077067..9de8365 100644 --- a/flake.lock +++ b/flake.lock @@ -9,11 +9,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1726755133, - "narHash": "sha256-03XIEjHeZEjHXctsXYUB+ZLQmM0WuhR6qWQjwekFk/M=", + "lastModified": 1741508717, + "narHash": "sha256-iQf1WdNxaApOFHIx4RLMRZ4f8g+8Xp0Z1/E/Mz2rLxY=", "owner": "yaxitech", "repo": "ragenix", - "rev": "687ee92114bce9c4724376cf6b21235abe880bfa", + "rev": "2a2bea99d74927e54adf53cbf113219def67d5c9", "type": "github" }, "original": { @@ -33,11 +33,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1723293904, - "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", + "lastModified": 1736955230, + "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", "owner": "ryantm", "repo": "agenix", - "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", + "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", "type": "github" }, "original": { @@ -48,11 +48,11 @@ }, "crane": { "locked": { - "lastModified": 1725409566, - "narHash": "sha256-PrtLmqhM6UtJP7v7IGyzjBFhbG4eOAHT6LPYOFmYfbk=", + "lastModified": 1741481578, + "narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=", "owner": "ipetkov", "repo": "crane", - "rev": "7e4586bad4e3f8f97a9271def747cf58c4b68f3c", + "rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5", "type": "github" }, "original": { @@ -89,11 +89,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -172,11 +172,11 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1739104176, - "narHash": "sha256-bNvtud2PUcbYM0i5Uq1v01Dcgq7RuhVKfjaSKkW2KRI=", + "lastModified": 1741275356, + "narHash": "sha256-VMeqnLv2O6Lg3/pka1tUzzbOjSmEb6RQOp9OuJRcx0A=", "owner": "astro", "repo": "microvm.nix", - "rev": "d3a9b7504d420a1ffd7c83c1bb8fe57deaf939d2", + "rev": "5e1b3dba5b52405dab79412392b9c799d49bd8c0", "type": "github" }, "original": { @@ -187,11 +187,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725634671, - "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", + "lastModified": 1741379970, + "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", + "rev": "36fd87baa9083f34f7f5027900b62ee6d09b1f2f", "type": "github" }, "original": { @@ -203,11 +203,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1740339700, - "narHash": "sha256-cbrw7EgQhcdFnu6iS3vane53bEagZQy/xyIkDWpCgVE=", + "lastModified": 1741600792, + "narHash": "sha256-yfDy6chHcM7pXpMF4wycuuV+ILSTG486Z/vLx/Bdi6Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "04ef94c4c1582fd485bbfdb8c4a8ba250e359195", + "rev": "ebe2788eafd539477f83775ef93c3c7e244421d3", "type": "github" }, "original": { @@ -233,11 +233,11 @@ ] }, "locked": { - "lastModified": 1725675754, - "narHash": "sha256-hXW3csqePOcF2e/PYnpXj72KEYyNj2HzTrVNmS/F7Ug=", + "lastModified": 1741400194, + "narHash": "sha256-tEpgT+q5KlGjHSm8MnINgTPErEl8YDzX3Eps8PVc09g=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "8cc45e678e914a16c8e224c3237fb07cf21e5e54", + "rev": "16b6045a232fea0e9e4c69e55a6e269607dd8e3f", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 82581f7..63a471c 100644 --- a/flake.nix +++ b/flake.nix @@ -105,6 +105,21 @@ } ]; }; + collabora = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + agenix.nixosModules.default + "${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix" + "${inputs.self}/systems/minimalLXCConfig.nix" + "${inputs.self}/services" + { + networking.hostName = "collabora"; + services.vm_collabora = { + enable = true; + }; + } + ]; + }; forgejo = nixpkgs.lib.nixosSystem { inherit system; modules = [ diff --git a/services/collabora/default.nix b/services/collabora/default.nix new file mode 100644 index 0000000..ee1bf74 --- /dev/null +++ b/services/collabora/default.nix @@ -0,0 +1,36 @@ +{ + config, + pkgs, + lib, + ... +}: let + cfg = config.services.vm_collabora; +in { + options.services.vm_collabora = { + enable = lib.mkEnableOption "Enable collabora service"; + }; + config = lib.mkIf cfg.enable { + services = { + collabora-online = { + enable = true; + settings = { + ssl.enable = false; + ssl.termination = true; + net = { + proto= "IPv4"; + listen = "0.0.0.0"; + post_allow.host = [ ''192\.168\.1\.[0-9]{1,3}'' ]; + lok_allow.host = [ ''192\.168\.1\.[0-9]{1,3}'' ]; + }; + storage.wopi = { + "@allow" = true; + host = [ "cloud.le43.eu" ]; + }; + remote_font_config.url = "https://cloud.le43.eu/apps/richdocuments/settings/fonts.json"; + server_name = "collabora.le43.eu"; + }; + }; + }; + networking.firewall.allowedTCPPorts = [80 443 9980]; + }; +} diff --git a/services/default.nix b/services/default.nix index dd8f211..832e1f5 100644 --- a/services/default.nix +++ b/services/default.nix @@ -9,5 +9,6 @@ ./authentik ./postgresql ./onlyoffice + ./collabora ]; } diff --git a/services/grafana/default.nix b/services/grafana/default.nix index 5ce3ef1..785c19c 100644 --- a/services/grafana/default.nix +++ b/services/grafana/default.nix @@ -107,14 +107,6 @@ in { } ]; } - { - job_name = "openmediavault_cadvisor"; - static_configs = [ - { - targets = ["192.168.1.125:8080"]; - } - ]; - } { job_name = "opportunity"; static_configs = [ @@ -167,7 +159,7 @@ in { job_name = "nextcloud"; static_configs = [ { - targets = ["192.168.1.44:9100"]; + targets = ["192.168.1.45:9100"]; } ]; } @@ -179,14 +171,6 @@ in { } ]; } - { - job_name = "netbox"; - static_configs = [ - { - targets = ["192.168.1.45:9100"]; - } - ]; - } { job_name = "jellyfin"; static_configs = [ @@ -195,22 +179,6 @@ in { } ]; } - { - job_name = "authentik-ldap"; - static_configs = [ - { - targets = ["192.168.1.41:9100"]; - } - ]; - } - { - job_name = "authentik"; - static_configs = [ - { - targets = ["192.168.1.25:9002"]; - } - ]; - } ]; }; services.loki = { diff --git a/services/nginx/default.nix b/services/nginx/default.nix index 001c476..53a8042 100644 --- a/services/nginx/default.nix +++ b/services/nginx/default.nix @@ -123,6 +123,15 @@ in { recommendedProxySettings = true; }; }; + "collabora.le43.eu" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://192.168.1.19:9980"; + proxyWebsockets = true; + recommendedProxySettings = true; + }; + }; "git.le43.eu" = { forceSSL = true; enableACME = true; @@ -152,15 +161,6 @@ in { proxyWebsockets = true; }; }; - "actual.le43.eu" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://192.168.1.125:5006"; - recommendedProxySettings = true; - proxyWebsockets = true; - }; - }; }; }; };