jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

COLLABORA WORKS!!!

Browse Source
This commit is contained in:
Danilo Reyes 2023-12-20 21:38:49 -06:00
parent 67a5e79952
commit d0afa9fa27
3 changed files with 99 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
server/docker.nix
View File

@ -9,39 +9,38 @@
storageDriver = "btrfs"; storageDriver = "btrfs";
}; };
oci-containers = { # oci-containers = {
backend = "docker";
containers.collabora = {
image = "collabora/code";
imageFile = pkgs.dockerTools.pullImage {
imageName = "collabora/code";
imageDigest =
"sha256:aab41379baf5652832e9237fcc06a768096a5a7fccc66cf8bd4fdb06d2cbba7f";
sha256 = "sha256-M66lynhzaOEFnE15Sy1N6lBbGDxwNw6ap+IUJAvoCLs=";
};
ports = [ "9980:9980" ];
environment = {
domain = "cloud.servidos.lat";
dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru";
extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
};
extraOptions = [ "--cap-add" "MKNOD" ];
};
};
# arion = {
# backend = "docker"; # backend = "docker";
# "collabora".settings.services."collabora".service = { # containers = {
# image = "collabora/code"; # flaresolverr = {
# ports = [ "9980:9980/tcp" ]; # image = "ghcr.io/flaresolverr/flaresolverr:latest";
# environment = { # # imageFile = pkgs.dockerTools.pullImage {
# server_name = "collabora.servidos.lat"; # # imageName = "ghcr.io/flaresolverr/flaresolverr:latest";
# aliasgroup1 = "https://cloud.servidos.lat:443"; # # };
# dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru"; # ports = [ "8191:8191" ];
# username = "jawz"; # environment = {
# password = "password"; # TZ = "America/Mexico_City";
# extra_params = "--o:ssl.enable=false --o:ssl.termination=true"; # LOG_LEVEL = "\${LOG_LEVEL:-info}";
# LOG_HTML = "\${LOG_HTML:-false}";
# CAPTCHA_SOLVER = "\${CAPTCHA_SOLVER:-none}";
# };
# }; # };
# extraOptions = [ "--pull=newer" ]; # # # collabora = {
# # # image = "collabora/code";
# # # imageFile = pkgs.dockerTools.pullImage {
# # # imageName = "collabora/code";
# # # imageDigest =
# # # "sha256:aab41379baf5652832e9237fcc06a768096a5a7fccc66cf8bd4fdb06d2cbba7f";
# # # sha256 = "sha256-M66lynhzaOEFnE15Sy1N6lBbGDxwNw6ap+IUJAvoCLs=";
# # # };
# # # ports = [ "9980:9980" ];
# # # environment = {
# # # domain = "cloud.servidos.lat";
# # # dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru";
# # # extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
# # # };
# # # extraOptions = [ "--cap-add" "MKNOD" ];
# # # };
# }; # };
# }; # };
}; };

125
server/nginx.nix
View File

@ -6,7 +6,6 @@
let let
localhost = "127.0.0.1"; localhost = "127.0.0.1";
workstation = "192.168.1.64"; workstation = "192.168.1.64";
collabora = "http://127.0.0.1:9980";
jellyfinPort = "8096"; jellyfinPort = "8096";
nextcloudPort = 80; nextcloudPort = 80;
flamePort = 5005; flamePort = 5005;
@ -32,57 +31,58 @@ in {
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
appendHttpConfig = '' appendHttpConfig = ''
### GLOBAL ### GLOBAL
# client_max_body_size 25G; # client_max_body_size 25G;
# Add HSTS header with preloading to HTTPS requests. # Add HSTS header with preloading to HTTPS requests.
# Adding this header to HTTP requests is discouraged # Adding this header to HTTP requests is discouraged
map $scheme $hsts_header { map $scheme $hsts_header {
https "max-age=31536000; includeSubdomains; preload"; https "max-age=31536000; includeSubdomains; preload";
} }
add_header Strict-Transport-Security $hsts_header; add_header Strict-Transport-Security $hsts_header;
# Enable CSP for your services. # Enable CSP for your services.
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
# Minimize information leaked to other domains # Minimize information leaked to other domains
add_header 'Referrer-Policy' 'origin-when-cross-origin'; add_header 'Referrer-Policy' 'origin-when-cross-origin';
# Disable embedding as a frame # Disable embedding as a frame
# add_header X-Frame-Options DENY; # add_header X-Frame-Options DENY;
# Prevent injection of code in other mime types (XSS Attacks) # Prevent injection of code in other mime types (XSS Attacks)
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
# Enable XSS protection of the browser. # Enable XSS protection of the browser.
# May be unnecessary when CSP is configured properly (see above) # May be unnecessary when CSP is configured properly (see above)
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
# This might create errors # This might create errors
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
# NEXTCLOUD # NEXTCLOUD
# upstream php-handler { # upstream php-handler {
# server ${localhost}:9000; # server ${localhost}:9000;
# #server unix:/var/run/php/php7.4-fpm.sock; # #server unix:/var/run/php/php7.4-fpm.sock;
# } # }
# Set the `immutable` cache control options only for assets with a cache busting `v` argument # Set the `immutable` cache control options only for assets with a cache busting `v` argument
# map $arg_v $asset_immutable { # map $arg_v $asset_immutable {
# "" ""; # "" "";
# default "immutable"; # default "immutable";
# } # }
# JELLYFIN # JELLYFIN
proxy_cache_path /var/cache/nginx/jellyfin-videos levels=1:2 keys_zone=jellyfin-videos:100m inactive=90d max_size=35000m; proxy_cache_path /var/cache/nginx/jellyfin-videos levels=1:2 keys_zone=jellyfin-videos:100m inactive=90d max_size=35000m;
proxy_cache_path /var/cache/nginx/jellyfin levels=1:2 keys_zone=jellyfin:100m max_size=15g inactive=30d use_temp_path=off; proxy_cache_path /var/cache/nginx/jellyfin levels=1:2 keys_zone=jellyfin:100m max_size=15g inactive=30d use_temp_path=off;
map $request_uri $h264Level { ~(h264-level=)(.+?)& $2; } map $request_uri $h264Level { ~(h264-level=)(.+?)& $2; }
map $request_uri $h264Profile { ~(h264-profile=)(.+?)& $2; } map $request_uri $h264Profile { ~(h264-profile=)(.+?)& $2; }
## upload configs
proxy_read_timeout 600; ## upload configs
proxy_connect_timeout 600; proxy_read_timeout 600;
proxy_send_timeout 600; proxy_connect_timeout 600;
send_timeout 600; proxy_send_timeout 600;
fastcgi_read_timeout 600; send_timeout 600;
# client_max_body_size 0; fastcgi_read_timeout 600;
fastcgi_buffers 64 4k; # client_max_body_size 0;
fastcgi_buffers 64 4k;
''; '';
virtualHosts = let virtualHosts = let
base = locations: { base = locations: {
@ -128,11 +128,11 @@ in {
"/" = { "/" = {
proxyPass = "http://${localhost}:${toString (audiobookPort)}"; proxyPass = "http://${localhost}:${toString (audiobookPort)}";
extraConfig = '' extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
proxy_http_version 1.1; proxy_http_version 1.1;
@ -141,33 +141,6 @@ in {
}; };
}; };
}; };
"collabora.servidos.lat" = let
collaboraLocation = {
proxyPass = collabora;
extraConfig = ''
proxy_set_header Host $host;
'';
};
socketConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 36000s;
'';
in base {
"^~ /browser" = collaboraLocation;
"^~ /hosting/discovery" = collaboraLocation;
"^~ /hosting/capabilities" = collaboraLocation;
"~ ^/(c|l)ool" = collaboraLocation;
"~ ^/cool/(.*)/ws$" = {
proxyPass = collabora;
extraConfig = socketConfig;
};
"^~ /cool/adminws" = {
proxyPass = collabora;
extraConfig = socketConfig;
};
};
"flix.servidos.lat" = { "flix.servidos.lat" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;

40
server/servers.nix
View File

@ -198,26 +198,26 @@ in {
}; };
systemd = { systemd = {
services = { services = {
# docker-compose = { docker-compose = {
# enable = true; enable = true;
# restartIfChanged = true; restartIfChanged = true;
# description = "Start docker-compose servers"; description = "Start docker-compose servers";
# after = [ "docker.service" "docker.socket" ]; after = [ "docker.service" "docker.socket" ];
# requires = [ "docker.service" "docker.socket" ]; requires = [ "docker.service" "docker.socket" ];
# wantedBy = [ "default.target" ]; wantedBy = [ "default.target" ];
# environment = { environment = {
# FILE = "/home/jawz/Development/Docker/docker-compose.yml"; FILE = "/home/jawz/Development/Docker/docker-compose.yml";
# }; };
# path = [ pkgs.docker-compose ]; path = [ pkgs.docker-compose ];
# serviceConfig = { serviceConfig = {
# Restart = "on-failure"; Restart = "on-failure";
# RestartSec = 30; RestartSec = 30;
# ExecStart = ExecStart =
# "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} up --remove-orphans"; "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} up --remove-orphans";
# ExecStop = ExecStop =
# "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} down"; "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} down";
# }; };
# }; };
nextcloud-cronjob = let nextcloud-cronjob = let
jawzNextcloudCronjob = pkgs.writeScriptBin "nextcloud-cronjob" jawzNextcloudCronjob = pkgs.writeScriptBin "nextcloud-cronjob"
(builtins.readFile ../scripts/nextcloud-cronjob.sh); (builtins.readFile ../scripts/nextcloud-cronjob.sh);