1 changed files with 8 additions and 31 deletions
--- a/modules/servers/nextcloud.nix
+++ b/modules/servers/nextcloud.nix
@ -175,14 +175,6 @@ in
          ];
          #vps
          serverAliases = [ "cloud.rotehaare.art" ];
-          extraConfig = ''
-            add_header X-XSS-Protection "1; mode=block" always;
-            add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
-            add_header X-Content-Type-Options "nosniff" always;
-            add_header X-Frame-Options "SAMEORIGIN" always;
-            add_header Referrer-Policy "no-referrer-when-downgrade" always;
-            add_header X-Permitted-Cross-Domain-Policies "none" always;
-          '';
          locations = {
            "/".proxyWebsockets = true;
            "~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|oc[ms]-provider/.+|.+/richdocumentscode/proxy).php(?:$|/)" =
@ -195,11 +187,6 @@ in
          http2 = true;
          locations = {
            # static files
-            "^~ /browser" = {
-              proxyPass = cfgC.local;
-              extraConfig = commonProxyConfig;
-            };
-            # Legacy static files (for compatibility)
            "^~ /loleaflet" = {
              proxyPass = cfgC.local;
              extraConfig = commonProxyConfig;
@ -215,21 +202,11 @@ in
              extraConfig = commonProxyConfig;
            };
            # download, presentation, image upload and websocket
-            "~ ^/cool" = {
-              proxyPass = cfgC.local;
-              extraConfig = commonWebsocketConfig;
-            };
-            # Legacy websocket (for compatibility)
            "~ ^/lool" = {
              proxyPass = cfgC.local;
              extraConfig = commonWebsocketConfig;
            };
            # Admin Console websocket
-            "^~ /cool/adminws" = {
-              proxyPass = cfgC.local;
-              extraConfig = commonWebsocketConfig;
-            };
-            # Legacy Admin Console websocket (for compatibility)
            "^~ /lool/adminws" = {
              proxyPass = cfgC.local;
              extraConfig = commonWebsocketConfig;
@ -254,23 +231,23 @@ in
      };
      collabora = lib.mkIf cfgC.enable {
        autoStart = true;
-        image = "collabora/code:latest";
+        image = "collabora/code";
+        imageFile = pkgs.dockerTools.pullImage {
+          imageName = "collabora/code";
+          imageDigest = "sha256:aab41379baf5652832e9237fcc06a768096a5a7fccc66cf8bd4fdb06d2cbba7f";
+          sha256 = "sha256-M66lynhzaOEFnE15Sy1N6lBbGDxwNw6ap+IUJAvoCLs=";
+        };
        ports = [ "9980:9980" ];
        environment = {
          TZ = config.my.timeZone;
          domain = cfg.host;
-          aliasgroup1 = "${cfg.url}:443";
-          aliasgroup2 = "https://cloud.rotehaare.art:443";
-          server_name = cfgC.host;
+          aliasgroup1 = "${cfg.host}:443";
+          aliasgroup2 = "cloud.rotehaare.art:443";
          dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru";
          extra_params = ''
            --o:ssl.enable=false
            --o:ssl.termination=true
-            --o:remote_font_config.url=${cfg.url}/apps/richdocuments/settings/fonts.json
-            --o:logging.level=information
          '';
-          DONT_GEN_SSL_CERT = "1";
-          SLEEPFORDEBUGGER = "0";
        };
        extraOptions = [
          "--cap-add"