nixos-hypervisor/services/onlyoffice/default.nix

{ config, pkgs, lib, ... }:
let
  cfg = config.services.vm_onlyoffice;
in
{
  options.services.vm_onlyoffice = {
    enable = lib.mkEnableOption "Enable OnlyOffice service";
    pgsql_ip = lib.mkOption {
      type = lib.types.str;
      description = "The PostgreSQL host IP address";
    };
  };
  config = lib.mkIf cfg.enable {
    age.secrets = {
      office-dbpass = {
        file  = ./secrets/office-dbpass.age;
        owner = "onlyoffice";
      };
      office-jwtpass = {
        file  = ./secrets/office-jwtpass.age;
        owner = "onlyoffice";
      };
    };
    services = {
      onlyoffice = {
        enable = true;
        hostname = "office.le43.eu";
        port = 8000;
        postgresName = "onlyoffice";
        postgresHost = "${cfg.pgsql_ip}";
        postgresUser = "onlyoffice";
        postgresPasswordFile = config.age.secrets.office-dbpass.path;
        jwtSecretFile = config.age.secrets.office-jwtpass.path;
      };
    };
    networking.firewall.allowedTCPPorts = [ 80 4369 5432 5672 6379 8000 8080 ];
  };
}