COLLABORA WORKS!!!

2023-12-20 21:38:49 -06:00 · 2023-12-20 21:38:49 -06:00 · d0afa9fa27
commit d0afa9fa27
parent 67a5e79952
3 changed files with 99 additions and 127 deletions
--- a/server/docker.nix
+++ b/server/docker.nix
@ -9,39 +9,38 @@
      storageDriver = "btrfs";
    };

-    oci-containers = {
-      backend = "docker";
-      containers.collabora = {
-        image = "collabora/code";
-        imageFile = pkgs.dockerTools.pullImage {
-          imageName = "collabora/code";
-          imageDigest =
-            "sha256:aab41379baf5652832e9237fcc06a768096a5a7fccc66cf8bd4fdb06d2cbba7f";
-          sha256 = "sha256-M66lynhzaOEFnE15Sy1N6lBbGDxwNw6ap+IUJAvoCLs=";
-        };
-        ports = [ "9980:9980" ];
-        environment = {
-          domain = "cloud.servidos.lat";
-          dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru";
-          extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
-        };
-        extraOptions = [ "--cap-add" "MKNOD" ];
-      };
-    };
-    # arion = {
+    # oci-containers = {
    #   backend = "docker";
-    #   "collabora".settings.services."collabora".service = {
-    #     image = "collabora/code";
-    #     ports = [ "9980:9980/tcp" ];
-    #     environment = {
-    #       server_name = "collabora.servidos.lat";
-    #       aliasgroup1 = "https://cloud.servidos.lat:443";
-    #       dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru";
-    #       username = "jawz";
-    #       password = "password";
-    #       extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
+    #   containers = {
+    #     flaresolverr = {
+    #       image = "ghcr.io/flaresolverr/flaresolverr:latest";
+    #       # imageFile = pkgs.dockerTools.pullImage {
+    #       #   imageName = "ghcr.io/flaresolverr/flaresolverr:latest";
+    #       # };
+    #       ports = [ "8191:8191" ];
+    #       environment = {
+    #         TZ = "America/Mexico_City";
+    #         LOG_LEVEL = "\${LOG_LEVEL:-info}";
+    #         LOG_HTML = "\${LOG_HTML:-false}";
+    #         CAPTCHA_SOLVER = "\${CAPTCHA_SOLVER:-none}";
+    #       };
    #     };
-    #     extraOptions = [ "--pull=newer" ];
+    #     #     # collabora = {
+    #     #     #   image = "collabora/code";
+    #     #     #   imageFile = pkgs.dockerTools.pullImage {
+    #     #     #     imageName = "collabora/code";
+    #     #     #     imageDigest =
+    #     #     #       "sha256:aab41379baf5652832e9237fcc06a768096a5a7fccc66cf8bd4fdb06d2cbba7f";
+    #     #     #     sha256 = "sha256-M66lynhzaOEFnE15Sy1N6lBbGDxwNw6ap+IUJAvoCLs=";
+    #     #     #   };
+    #     #     #   ports = [ "9980:9980" ];
+    #     #     #   environment = {
+    #     #     #     domain = "cloud.servidos.lat";
+    #     #     #     dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru";
+    #     #     #     extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
+    #     #     #   };
+    #     #     #   extraOptions = [ "--cap-add" "MKNOD" ];
+    #     #     # };
    #   };
    # };
  };
--- a/server/nginx.nix
+++ b/server/nginx.nix
@ -6,7 +6,6 @@
 let
  localhost = "127.0.0.1";
  workstation = "192.168.1.64";
-  collabora = "http://127.0.0.1:9980";
  jellyfinPort = "8096";
  nextcloudPort = 80;
  flamePort = 5005;
@ -32,57 +31,58 @@ in {
    sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
    appendHttpConfig = ''
      ### GLOBAL
-      # client_max_body_size 25G;
-      # Add HSTS header with preloading to HTTPS requests.
-      # Adding this header to HTTP requests is discouraged
-      map $scheme $hsts_header {
-          https   "max-age=31536000; includeSubdomains; preload";
-      }
-      add_header Strict-Transport-Security $hsts_header;
+            # client_max_body_size 25G;
+            # Add HSTS header with preloading to HTTPS requests.
+            # Adding this header to HTTP requests is discouraged
+            map $scheme $hsts_header {
+                https   "max-age=31536000; includeSubdomains; preload";
+            }
+            add_header Strict-Transport-Security $hsts_header;

-      # Enable CSP for your services.
-      #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
+            # Enable CSP for your services.
+            #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;

-      # Minimize information leaked to other domains
-      add_header 'Referrer-Policy' 'origin-when-cross-origin';
+            # Minimize information leaked to other domains
+            add_header 'Referrer-Policy' 'origin-when-cross-origin';

-      # Disable embedding as a frame
-      # add_header X-Frame-Options DENY;
+            # Disable embedding as a frame
+            # add_header X-Frame-Options DENY;

-      # Prevent injection of code in other mime types (XSS Attacks)
-      add_header X-Content-Type-Options nosniff;
+            # Prevent injection of code in other mime types (XSS Attacks)
+            add_header X-Content-Type-Options nosniff;

-      # Enable XSS protection of the browser.
-      # May be unnecessary when CSP is configured properly (see above)
-      add_header X-XSS-Protection "1; mode=block";
+            # Enable XSS protection of the browser.
+            # May be unnecessary when CSP is configured properly (see above)
+            add_header X-XSS-Protection "1; mode=block";

-      # This might create errors
-      proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
-      # NEXTCLOUD
-      # upstream php-handler {
-      #   server ${localhost}:9000;
-      #   #server unix:/var/run/php/php7.4-fpm.sock;
-      # }
+            # This might create errors
+            proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
+            # NEXTCLOUD
+            # upstream php-handler {
+            #   server ${localhost}:9000;
+            #   #server unix:/var/run/php/php7.4-fpm.sock;
+            # }

-      # Set the `immutable` cache control options only for assets with a cache busting `v` argument
-      #   map $arg_v $asset_immutable {
-      #   "" "";
-      #   default "immutable";
-      # }
-      # JELLYFIN
-      proxy_cache_path /var/cache/nginx/jellyfin-videos levels=1:2 keys_zone=jellyfin-videos:100m inactive=90d max_size=35000m;
-      proxy_cache_path /var/cache/nginx/jellyfin levels=1:2 keys_zone=jellyfin:100m max_size=15g inactive=30d use_temp_path=off;
-      map $request_uri $h264Level { ~(h264-level=)(.+?)& $2; }
-      map $request_uri $h264Profile { ~(h264-profile=)(.+?)& $2; }
+            # Set the `immutable` cache control options only for assets with a cache busting `v` argument
+            #   map $arg_v $asset_immutable {
+            #   "" "";
+            #   default "immutable";
+            # }
+            # JELLYFIN
+            proxy_cache_path /var/cache/nginx/jellyfin-videos levels=1:2 keys_zone=jellyfin-videos:100m inactive=90d max_size=35000m;
+            proxy_cache_path /var/cache/nginx/jellyfin levels=1:2 keys_zone=jellyfin:100m max_size=15g inactive=30d use_temp_path=off;
+            map $request_uri $h264Level { ~(h264-level=)(.+?)& $2; }
+            map $request_uri $h264Profile { ~(h264-profile=)(.+?)& $2; }

-      ## upload configs
-      proxy_read_timeout 600;
-      proxy_connect_timeout 600;
-      proxy_send_timeout 600;
-      send_timeout 600;
-      fastcgi_read_timeout 600;
-      # client_max_body_size 0;
-      fastcgi_buffers 64 4k;
+
+            ## upload configs
+            proxy_read_timeout 600;
+            proxy_connect_timeout 600;
+            proxy_send_timeout 600;
+            send_timeout 600;
+            fastcgi_read_timeout 600;
+            # client_max_body_size 0;
+            fastcgi_buffers 64 4k;
    '';
    virtualHosts = let
      base = locations: {
@ -128,11 +128,11 @@ in {
          "/" = {
            proxyPass = "http://${localhost}:${toString (audiobookPort)}";
            extraConfig = ''
-              proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
-              proxy_set_header  X-Forwarded-Proto $scheme;
-              proxy_set_header  Host              $host;
-              proxy_set_header Upgrade            $http_upgrade;
-              proxy_set_header Connection         "upgrade";
+              proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+              proxy_set_header X-Forwarded-Proto $scheme;
+              proxy_set_header Host              $host;
+              proxy_set_header Upgrade           $http_upgrade;
+              proxy_set_header Connection        "upgrade";

              proxy_http_version                  1.1;

@ -141,33 +141,6 @@ in {
          };
        };
      };
-      "collabora.servidos.lat" = let
-        collaboraLocation = {
-          proxyPass = collabora;
-          extraConfig = ''
-            proxy_set_header Host $host;
-          '';
-        };
-        socketConfig = ''
-          proxy_set_header Upgrade $http_upgrade;
-          proxy_set_header Connection "Upgrade";
-          proxy_set_header Host $host;
-          proxy_read_timeout 36000s;
-        '';
-      in base {
-        "^~ /browser" = collaboraLocation;
-        "^~ /hosting/discovery" = collaboraLocation;
-        "^~ /hosting/capabilities" = collaboraLocation;
-        "~ ^/(c|l)ool" = collaboraLocation;
-        "~ ^/cool/(.*)/ws$" = {
-          proxyPass = collabora;
-          extraConfig = socketConfig;
-        };
-        "^~ /cool/adminws" = {
-          proxyPass = collabora;
-          extraConfig = socketConfig;
-        };
-      };
      "flix.servidos.lat" = {
        forceSSL = true;
        enableACME = true;
--- a/server/servers.nix
+++ b/server/servers.nix
@ -198,26 +198,26 @@ in {
  };
  systemd = {
    services = {
-      # docker-compose = {
-      #   enable = true;
-      #   restartIfChanged = true;
-      #   description = "Start docker-compose servers";
-      #   after = [ "docker.service" "docker.socket" ];
-      #   requires = [ "docker.service" "docker.socket" ];
-      #   wantedBy = [ "default.target" ];
-      #   environment = {
-      #     FILE = "/home/jawz/Development/Docker/docker-compose.yml";
-      #   };
-      #   path = [ pkgs.docker-compose ];
-      #   serviceConfig = {
-      #     Restart = "on-failure";
-      #     RestartSec = 30;
-      #     ExecStart =
-      #       "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} up --remove-orphans";
-      #     ExecStop =
-      #       "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} down";
-      #   };
-      # };
+      docker-compose = {
+        enable = true;
+        restartIfChanged = true;
+        description = "Start docker-compose servers";
+        after = [ "docker.service" "docker.socket" ];
+        requires = [ "docker.service" "docker.socket" ];
+        wantedBy = [ "default.target" ];
+        environment = {
+          FILE = "/home/jawz/Development/Docker/docker-compose.yml";
+        };
+        path = [ pkgs.docker-compose ];
+        serviceConfig = {
+          Restart = "on-failure";
+          RestartSec = 30;
+          ExecStart =
+            "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} up --remove-orphans";
+          ExecStop =
+            "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} down";
+        };
+      };
      nextcloud-cronjob = let
        jawzNextcloudCronjob = pkgs.writeScriptBin "nextcloud-cronjob"
          (builtins.readFile ../scripts/nextcloud-cronjob.sh);