From a30586beed66f50282fc889338cb03d01c6a4def Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= Date: Thu, 6 Mar 2025 12:12:43 +0100 Subject: [PATCH 1/5] Test collabora-online --- flake.nix | 15 +++++++++++++++ services/default.nix | 1 + services/nginx/default.nix | 18 +++++++++--------- 3 files changed, 25 insertions(+), 9 deletions(-) diff --git a/flake.nix b/flake.nix index 82581f7..63a471c 100644 --- a/flake.nix +++ b/flake.nix @@ -105,6 +105,21 @@ } ]; }; + collabora = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + agenix.nixosModules.default + "${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix" + "${inputs.self}/systems/minimalLXCConfig.nix" + "${inputs.self}/services" + { + networking.hostName = "collabora"; + services.vm_collabora = { + enable = true; + }; + } + ]; + }; forgejo = nixpkgs.lib.nixosSystem { inherit system; modules = [ diff --git a/services/default.nix b/services/default.nix index dd8f211..832e1f5 100644 --- a/services/default.nix +++ b/services/default.nix @@ -9,5 +9,6 @@ ./authentik ./postgresql ./onlyoffice + ./collabora ]; } diff --git a/services/nginx/default.nix b/services/nginx/default.nix index 001c476..53a8042 100644 --- a/services/nginx/default.nix +++ b/services/nginx/default.nix @@ -123,6 +123,15 @@ in { recommendedProxySettings = true; }; }; + "collabora.le43.eu" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://192.168.1.19:9980"; + proxyWebsockets = true; + recommendedProxySettings = true; + }; + }; "git.le43.eu" = { forceSSL = true; enableACME = true; @@ -152,15 +161,6 @@ in { proxyWebsockets = true; }; }; - "actual.le43.eu" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://192.168.1.125:5006"; - recommendedProxySettings = true; - proxyWebsockets = true; - }; - }; }; }; }; From 5e5a040f52bc2afe76bfb2bd770c63370de07e3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= Date: Thu, 6 Mar 2025 12:12:52 +0100 Subject: [PATCH 2/5] Test collabora-online --- services/collabora/default.nix | 35 +++++++++++++++++++ services/collabora/secrets/office-dbpass.age | 11 ++++++ services/collabora/secrets/office-jwtpass.age | 12 +++++++ 3 files changed, 58 insertions(+) create mode 100644 services/collabora/default.nix create mode 100644 services/collabora/secrets/office-dbpass.age create mode 100644 services/collabora/secrets/office-jwtpass.age diff --git a/services/collabora/default.nix b/services/collabora/default.nix new file mode 100644 index 0000000..bd408b3 --- /dev/null +++ b/services/collabora/default.nix @@ -0,0 +1,35 @@ +{ + config, + pkgs, + lib, + ... +}: let + cfg = config.services.vm_collabora; +in { + options.services.vm_collabora = { + enable = lib.mkEnableOption "Enable collabora service"; + }; + config = lib.mkIf cfg.enable { + services = { + collabora-online = { + enable = true; + settings = { + ssl.enable = false; + ssl.termination = true; + net = { + listen = "0.0.0.0"; + post_allow = [ "192.168.1.0/24" ]; + lok_allow = [ "192.168.1.0/24" ]; + }; + storage.wopi = { + "@allow" = true; + host = [ "cloud.le43.eu" ]; + }; + remote_font_config.url = "https://cloud.le43.eu/apps/richdocuments/settings/fonts.json"; + server_name = "collabora.le43.eu"; + }; + }; + }; + networking.firewall.allowedTCPPorts = [80 443 9980]; + }; +} diff --git a/services/collabora/secrets/office-dbpass.age b/services/collabora/secrets/office-dbpass.age new file mode 100644 index 0000000..d173e0c --- /dev/null +++ b/services/collabora/secrets/office-dbpass.age @@ -0,0 +1,11 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyA0YWdJ +cnphWUxTeldXM25FZGg3NC9sVlppbHE4N2szS00vK2VQL1VPendJCmhTME1MUzhI +MTZRSG0rcVFvdjllZ05Ockkwam1kYVpObnJSdEYydGgyN3cKLT4gc3NoLWVkMjU1 +MTkgbm1LUytBIGM5NCtPVGZJWVhNR1ZvTGVGODF0M2N3aXdzeVVDYU10aGc5bkVO +ZmNPd2MKa2xiZy94cjEyOFRBU1NvSHpvckQweWh3OGRQejhQQVpqMnJLQjI1RVQx +QQotPiBcJC1ncmVhc2UgXDFcUyAqfV53PyArZSFFc0sgenxXek0KdTh0UFU2V25T +bWNoSWsrUmpkbzNabmdJZ2t5OHh1RTgzY0ExaGNLS09hZHl0eXM3MXB4RwotLS0g +UkxxWURhVzg5Q09EUGtObEhOeWN3MXk4U1ZxeXZWLzFXVURpQWNrYzBmWQqn7LYQ +6fgnb/DRZjA8yhMgTSIcIJSm4t/+y6fGTOMmWK9Sjsjx+bK1kazPnPZgp6A= +-----END AGE ENCRYPTED FILE----- diff --git a/services/collabora/secrets/office-jwtpass.age b/services/collabora/secrets/office-jwtpass.age new file mode 100644 index 0000000..12ebce5 --- /dev/null +++ b/services/collabora/secrets/office-jwtpass.age @@ -0,0 +1,12 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyA1QnNv +L1U2eUljam4wM01lOURXQ2luRkVGbk96OVFuVm9kS1NxaFJ0N0QwCmZxak82eW1w +SVBMeEZWUDh3a3lmRkJhSkcxcW5kSUg3R1RiVUxpMTlPZE0KLT4gc3NoLWVkMjU1 +MTkgbm1LUytBIENxbWI5ZG4rbVFEb3lvQVZLMW1tUFo5N2hzYzQyN1hSZnZUdHlv +Q2hDUlUKdDdmd2JyREdPYWdLSFBUN3orOUJkSk9WK1JYTElhV2JyaWR1cUJLM3BI +QQotPiBWYSo7KlItZ3JlYXNlIHBJXCYgNWZjb1RjIGVPOT87JF0yCkFkbVFkTWlN +bXk5b0VZdmNza09JanVXbFlCUkNVdkNZZ243TzRLMTB1bkkzTGJzS1pIdkdmQnNt +T2liSWdjdjQKbnBITzM5L0JlS283MndTenE1UTMveHRXL0UwCi0tLSA0eHZFQnhQ +ajd1SkNvanNuQTQ2VWpKYU0vbGRmVkZJWUZURG5xbnh0UDhJCtVjowaW++5XN5JY +pZSLB0peh5Zu7P/yeAmDvnjO2BhfgQ+9sZzNzAcVwM8We03Tr8M= +-----END AGE ENCRYPTED FILE----- From 7d4d164738e297521729ef1082170843811df3cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= Date: Thu, 6 Mar 2025 12:13:05 +0100 Subject: [PATCH 3/5] Test collabora-online --- services/collabora/secrets/office-dbpass.age | 11 ----------- services/collabora/secrets/office-jwtpass.age | 12 ------------ 2 files changed, 23 deletions(-) delete mode 100644 services/collabora/secrets/office-dbpass.age delete mode 100644 services/collabora/secrets/office-jwtpass.age diff --git a/services/collabora/secrets/office-dbpass.age b/services/collabora/secrets/office-dbpass.age deleted file mode 100644 index d173e0c..0000000 --- a/services/collabora/secrets/office-dbpass.age +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyA0YWdJ -cnphWUxTeldXM25FZGg3NC9sVlppbHE4N2szS00vK2VQL1VPendJCmhTME1MUzhI -MTZRSG0rcVFvdjllZ05Ockkwam1kYVpObnJSdEYydGgyN3cKLT4gc3NoLWVkMjU1 -MTkgbm1LUytBIGM5NCtPVGZJWVhNR1ZvTGVGODF0M2N3aXdzeVVDYU10aGc5bkVO -ZmNPd2MKa2xiZy94cjEyOFRBU1NvSHpvckQweWh3OGRQejhQQVpqMnJLQjI1RVQx -QQotPiBcJC1ncmVhc2UgXDFcUyAqfV53PyArZSFFc0sgenxXek0KdTh0UFU2V25T -bWNoSWsrUmpkbzNabmdJZ2t5OHh1RTgzY0ExaGNLS09hZHl0eXM3MXB4RwotLS0g -UkxxWURhVzg5Q09EUGtObEhOeWN3MXk4U1ZxeXZWLzFXVURpQWNrYzBmWQqn7LYQ -6fgnb/DRZjA8yhMgTSIcIJSm4t/+y6fGTOMmWK9Sjsjx+bK1kazPnPZgp6A= ------END AGE ENCRYPTED FILE----- diff --git a/services/collabora/secrets/office-jwtpass.age b/services/collabora/secrets/office-jwtpass.age deleted file mode 100644 index 12ebce5..0000000 --- a/services/collabora/secrets/office-jwtpass.age +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyA1QnNv -L1U2eUljam4wM01lOURXQ2luRkVGbk96OVFuVm9kS1NxaFJ0N0QwCmZxak82eW1w -SVBMeEZWUDh3a3lmRkJhSkcxcW5kSUg3R1RiVUxpMTlPZE0KLT4gc3NoLWVkMjU1 -MTkgbm1LUytBIENxbWI5ZG4rbVFEb3lvQVZLMW1tUFo5N2hzYzQyN1hSZnZUdHlv -Q2hDUlUKdDdmd2JyREdPYWdLSFBUN3orOUJkSk9WK1JYTElhV2JyaWR1cUJLM3BI -QQotPiBWYSo7KlItZ3JlYXNlIHBJXCYgNWZjb1RjIGVPOT87JF0yCkFkbVFkTWlN -bXk5b0VZdmNza09JanVXbFlCUkNVdkNZZ243TzRLMTB1bkkzTGJzS1pIdkdmQnNt -T2liSWdjdjQKbnBITzM5L0JlS283MndTenE1UTMveHRXL0UwCi0tLSA0eHZFQnhQ -ajd1SkNvanNuQTQ2VWpKYU0vbGRmVkZJWUZURG5xbnh0UDhJCtVjowaW++5XN5JY -pZSLB0peh5Zu7P/yeAmDvnjO2BhfgQ+9sZzNzAcVwM8We03Tr8M= ------END AGE ENCRYPTED FILE----- From 70217bea248f35429e8a0e3484884e3fc8685b93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= Date: Wed, 12 Mar 2025 13:13:39 +0100 Subject: [PATCH 4/5] Fix collabora startup --- services/collabora/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/services/collabora/default.nix b/services/collabora/default.nix index bd408b3..ee1bf74 100644 --- a/services/collabora/default.nix +++ b/services/collabora/default.nix @@ -17,13 +17,14 @@ in { ssl.enable = false; ssl.termination = true; net = { + proto= "IPv4"; listen = "0.0.0.0"; - post_allow = [ "192.168.1.0/24" ]; - lok_allow = [ "192.168.1.0/24" ]; + post_allow.host = [ ''192\.168\.1\.[0-9]{1,3}'' ]; + lok_allow.host = [ ''192\.168\.1\.[0-9]{1,3}'' ]; }; storage.wopi = { "@allow" = true; - host = [ "cloud.le43.eu" ]; + host = [ "cloud.le43.eu" ]; }; remote_font_config.url = "https://cloud.le43.eu/apps/richdocuments/settings/fonts.json"; server_name = "collabora.le43.eu"; From 92957cc63add81d97079e6cf39bcaff7db8e3e78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= Date: Wed, 12 Mar 2025 13:59:43 +0100 Subject: [PATCH 5/5] Update flakes and cleanup prometheus conf --- flake.lock | 48 ++++++++++++++++++------------------ services/grafana/default.nix | 34 +------------------------ 2 files changed, 25 insertions(+), 57 deletions(-) diff --git a/flake.lock b/flake.lock index f077067..9de8365 100644 --- a/flake.lock +++ b/flake.lock @@ -9,11 +9,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1726755133, - "narHash": "sha256-03XIEjHeZEjHXctsXYUB+ZLQmM0WuhR6qWQjwekFk/M=", + "lastModified": 1741508717, + "narHash": "sha256-iQf1WdNxaApOFHIx4RLMRZ4f8g+8Xp0Z1/E/Mz2rLxY=", "owner": "yaxitech", "repo": "ragenix", - "rev": "687ee92114bce9c4724376cf6b21235abe880bfa", + "rev": "2a2bea99d74927e54adf53cbf113219def67d5c9", "type": "github" }, "original": { @@ -33,11 +33,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1723293904, - "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", + "lastModified": 1736955230, + "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", "owner": "ryantm", "repo": "agenix", - "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", + "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", "type": "github" }, "original": { @@ -48,11 +48,11 @@ }, "crane": { "locked": { - "lastModified": 1725409566, - "narHash": "sha256-PrtLmqhM6UtJP7v7IGyzjBFhbG4eOAHT6LPYOFmYfbk=", + "lastModified": 1741481578, + "narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=", "owner": "ipetkov", "repo": "crane", - "rev": "7e4586bad4e3f8f97a9271def747cf58c4b68f3c", + "rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5", "type": "github" }, "original": { @@ -89,11 +89,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -172,11 +172,11 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1739104176, - "narHash": "sha256-bNvtud2PUcbYM0i5Uq1v01Dcgq7RuhVKfjaSKkW2KRI=", + "lastModified": 1741275356, + "narHash": "sha256-VMeqnLv2O6Lg3/pka1tUzzbOjSmEb6RQOp9OuJRcx0A=", "owner": "astro", "repo": "microvm.nix", - "rev": "d3a9b7504d420a1ffd7c83c1bb8fe57deaf939d2", + "rev": "5e1b3dba5b52405dab79412392b9c799d49bd8c0", "type": "github" }, "original": { @@ -187,11 +187,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725634671, - "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", + "lastModified": 1741379970, + "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", + "rev": "36fd87baa9083f34f7f5027900b62ee6d09b1f2f", "type": "github" }, "original": { @@ -203,11 +203,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1740339700, - "narHash": "sha256-cbrw7EgQhcdFnu6iS3vane53bEagZQy/xyIkDWpCgVE=", + "lastModified": 1741600792, + "narHash": "sha256-yfDy6chHcM7pXpMF4wycuuV+ILSTG486Z/vLx/Bdi6Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "04ef94c4c1582fd485bbfdb8c4a8ba250e359195", + "rev": "ebe2788eafd539477f83775ef93c3c7e244421d3", "type": "github" }, "original": { @@ -233,11 +233,11 @@ ] }, "locked": { - "lastModified": 1725675754, - "narHash": "sha256-hXW3csqePOcF2e/PYnpXj72KEYyNj2HzTrVNmS/F7Ug=", + "lastModified": 1741400194, + "narHash": "sha256-tEpgT+q5KlGjHSm8MnINgTPErEl8YDzX3Eps8PVc09g=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "8cc45e678e914a16c8e224c3237fb07cf21e5e54", + "rev": "16b6045a232fea0e9e4c69e55a6e269607dd8e3f", "type": "github" }, "original": { diff --git a/services/grafana/default.nix b/services/grafana/default.nix index 5ce3ef1..785c19c 100644 --- a/services/grafana/default.nix +++ b/services/grafana/default.nix @@ -107,14 +107,6 @@ in { } ]; } - { - job_name = "openmediavault_cadvisor"; - static_configs = [ - { - targets = ["192.168.1.125:8080"]; - } - ]; - } { job_name = "opportunity"; static_configs = [ @@ -167,7 +159,7 @@ in { job_name = "nextcloud"; static_configs = [ { - targets = ["192.168.1.44:9100"]; + targets = ["192.168.1.45:9100"]; } ]; } @@ -179,14 +171,6 @@ in { } ]; } - { - job_name = "netbox"; - static_configs = [ - { - targets = ["192.168.1.45:9100"]; - } - ]; - } { job_name = "jellyfin"; static_configs = [ @@ -195,22 +179,6 @@ in { } ]; } - { - job_name = "authentik-ldap"; - static_configs = [ - { - targets = ["192.168.1.41:9100"]; - } - ]; - } - { - job_name = "authentik"; - static_configs = [ - { - targets = ["192.168.1.25:9002"]; - } - ]; - } ]; }; services.loki = {