docker migration + giving up on collabora

2023-12-20 20:33:39 -06:00 · 2023-12-20 20:33:39 -06:00 · 67a5e79952
commit 67a5e79952
parent 239dd9710a
4 changed files with 79 additions and 31 deletions
--- a/server/configuration.org
+++ b/server/configuration.org
@ -62,6 +62,7 @@ passwords and other secrets.
 imports = [
  ./fstab.nix
  ./servers.nix
+  ./docker.nix
  # ./mail.nix
  # ./openldap.nix
  # <agenix/modules/age.nix>
--- a/server/docker.nix
+++ b/server/docker.nix
@ -0,0 +1,48 @@
+{ config, lib, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [ arion docker-compose ];
+  virtualisation = {
+    docker = {
+      enable = true;
+      enableNvidia = true;
+      storageDriver = "btrfs";
+    };
+
+    oci-containers = {
+      backend = "docker";
+      containers.collabora = {
+        image = "collabora/code";
+        imageFile = pkgs.dockerTools.pullImage {
+          imageName = "collabora/code";
+          imageDigest =
+            "sha256:aab41379baf5652832e9237fcc06a768096a5a7fccc66cf8bd4fdb06d2cbba7f";
+          sha256 = "sha256-M66lynhzaOEFnE15Sy1N6lBbGDxwNw6ap+IUJAvoCLs=";
+        };
+        ports = [ "9980:9980" ];
+        environment = {
+          domain = "cloud.servidos.lat";
+          dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru";
+          extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
+        };
+        extraOptions = [ "--cap-add" "MKNOD" ];
+      };
+    };
+    # arion = {
+    #   backend = "docker";
+    #   "collabora".settings.services."collabora".service = {
+    #     image = "collabora/code";
+    #     ports = [ "9980:9980/tcp" ];
+    #     environment = {
+    #       server_name = "collabora.servidos.lat";
+    #       aliasgroup1 = "https://cloud.servidos.lat:443";
+    #       dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru";
+    #       username = "jawz";
+    #       password = "password";
+    #       extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
+    #     };
+    #     extraOptions = [ "--pull=newer" ];
+    #   };
+    # };
+  };
+}
--- a/server/nginx.nix
+++ b/server/nginx.nix
@ -6,7 +6,7 @@
 let
  localhost = "127.0.0.1";
  workstation = "192.168.1.64";
-  collabora = "https://127.0.0.1:9980";
+  collabora = "http://127.0.0.1:9980";
  jellyfinPort = "8096";
  nextcloudPort = 80;
  flamePort = 5005;
@ -75,7 +75,6 @@ in {
      map $request_uri $h264Level { ~(h264-level=)(.+?)& $2; }
      map $request_uri $h264Profile { ~(h264-profile=)(.+?)& $2; }

-
      ## upload configs
      proxy_read_timeout 600;
      proxy_connect_timeout 600;
@ -251,6 +250,12 @@ in {
        enableACME = true;
        http2 = true;
        serverAliases = [ "cloud.rotehaare.art" ];
+        locations = {
+          "/".proxyWebsockets = true;
+          # uh, equals what?
+          "~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|oc[ms]-provider/.+|.+/richdocumentscode/proxy).php(?:$|/)" =
+            { };
+        };
      };
    };
  };
--- a/server/servers.nix
+++ b/server/servers.nix
@ -28,10 +28,10 @@ in {
        perl
        (perlPackages.buildPerlPackage rec {
          pname = "Image-ExifTool";
-          version = "12.60";
+          version = "12.70";
          src = fetchurl {
            url = "https://exiftool.org/Image-ExifTool-${version}.tar.gz";
-            hash = "sha256-c9vgbQBMMQgqVueNfyRvK7AAL7sYNUR7wyorB289Mq0=";
+            hash = "sha256-TLJSJEXMPj870TkExq6uraX8Wl4kmNerrSlX3LQsr/4=";
          };
        })
      ]);
@ -45,7 +45,7 @@ in {
  in {
    sonarr = base // { package = pkgs.sonarr; };
    radarr = base // { package = pkgs.radarr; };
-    bazarr = base // { };
+    # bazarr = base // { };
    jellyfin = base // { };
    prowlarr.enable = true;
    microbin = {
@ -196,34 +196,28 @@ in {
      '';
    };
  };
-  environment.systemPackages = with pkgs; [ docker-compose ];
-  virtualisation.docker = {
-    enable = true;
-    enableNvidia = true;
-    storageDriver = "btrfs";
-  };
  systemd = {
    services = {
-      docker-compose = {
-        enable = true;
-        restartIfChanged = true;
-        description = "Start docker-compose servers";
-        after = [ "docker.service" "docker.socket" ];
-        requires = [ "docker.service" "docker.socket" ];
-        wantedBy = [ "default.target" ];
-        environment = {
-          FILE = "/home/jawz/Development/Docker/docker-compose.yml";
-        };
-        path = [ pkgs.docker-compose ];
-        serviceConfig = {
-          Restart = "on-failure";
-          RestartSec = 30;
-          ExecStart =
-            "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} up --remove-orphans";
-          ExecStop =
-            "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} down";
-        };
-      };
+      # docker-compose = {
+      #   enable = true;
+      #   restartIfChanged = true;
+      #   description = "Start docker-compose servers";
+      #   after = [ "docker.service" "docker.socket" ];
+      #   requires = [ "docker.service" "docker.socket" ];
+      #   wantedBy = [ "default.target" ];
+      #   environment = {
+      #     FILE = "/home/jawz/Development/Docker/docker-compose.yml";
+      #   };
+      #   path = [ pkgs.docker-compose ];
+      #   serviceConfig = {
+      #     Restart = "on-failure";
+      #     RestartSec = 30;
+      #     ExecStart =
+      #       "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} up --remove-orphans";
+      #     ExecStop =
+      #       "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} down";
+      #   };
+      # };
      nextcloud-cronjob = let
        jawzNextcloudCronjob = pkgs.writeScriptBin "nextcloud-cronjob"
          (builtins.readFile ../scripts/nextcloud-cronjob.sh);