AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: add flake

Browse Source 
use fork of lite-config to support patching nixpkgs for hosts
This commit is contained in:
Dmitriy Kholkin 2025-02-19 12:35:10 +03:00
parent 128b173704
commit 7d2ce8e7ec
Signed by: AtaraxiaDev
GPG Key ID: FD266B810DF48DF2
5 changed files with 290 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
flake.lock generated Normal file
View File

@ -0,0 +1,113 @@
{
"nodes": {
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1738453229,
"narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-registry": {
"flake": false,
"locked": {
"lastModified": 1734450202,
"narHash": "sha256-/3gigrEBFORQs6a8LL5twoHs7biu08y/8Xc5aQmk3b0=",
"owner": "nixos",
"repo": "flake-registry",
"rev": "02fe640c9e117dd9d6a34efc7bcb8bd09c08111d",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "flake-registry",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1739845242,
"narHash": "sha256-rNMXpDubNWGLTs45MuoH9YHtXfXye/fn2u4YMSTPt9I=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "5cfbf5cc37a3bd1da07ae84eea1b828909c4456b",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"lite-config": {
"locked": {
"lastModified": 1739957084,
"narHash": "sha256-3/qip13SUyFzcAhP/4zPUfbz1aFiFXI0W/noG4lj1VE=",
"owner": "ataraxiasjel",
"repo": "lite-config",
"rev": "cc71ba387937b80f7dade9e921d50a1e5816eb56",
"type": "github"
},
"original": {
"owner": "ataraxiasjel",
"ref": "v0.6.0",
"repo": "lite-config",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1739736696,
"narHash": "sha256-zON2GNBkzsIyALlOCFiEBcIjI4w38GYOb+P+R4S8Jsw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d74a2335ac9c133d6bbec9fc98d91a77f1604c1f",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1738452942,
"narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
}
},
"root": {
"inputs": {
"flake-parts": "flake-parts",
"flake-registry": "flake-registry",
"home-manager": "home-manager",
"lite-config": "lite-config",
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

45
flake.nix Normal file
View File

@ -0,0 +1,45 @@
{
description = "AtaraxiaSjel's NixOS configuration.";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
flake-parts.url = "github:hercules-ci/flake-parts";
lite-config.url = "github:ataraxiasjel/lite-config/v0.6.0";
flake-registry = {
url = "github:nixos/flake-registry";
flake = false;
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
inputs:
inputs.flake-parts.lib.mkFlake { inherit inputs; } (
{ self, ... }:
{
imports = [ inputs.lite-config.flakeModule ];
lite-config = {
nixpkgs = {
nixpkgs = inputs.nixpkgs;
config = { };
overlays = [ ];
patches = [ ./patches/onlyoffice.patch ];
exportOverlayPackages = false;
setPerSystemPkgs = true;
};
systemModules = [ ./modules/nixos ];
homeModules = [ ./modules/home ];
hostModuleDir = ./hosts;
hosts = {};
};
perSystem = { ... }: { };
}
);
}

4
modules/home/default.nix Normal file
View File

@ -0,0 +1,4 @@
{ ... }:
{
}

4
modules/nixos/default.nix Normal file
View File

@ -0,0 +1,4 @@
{ ... }:
{
}

124
patches/onlyoffice.patch Normal file
View File

@ -0,0 +1,124 @@
diff --git a/nixos/modules/services/web-apps/onlyoffice.nix b/nixos/modules/services/web-apps/onlyoffice.nix
index f56dfd341dcc..c3f8323a5ddf 100644
--- a/nixos/modules/services/web-apps/onlyoffice.nix
+++ b/nixos/modules/services/web-apps/onlyoffice.nix
@@ -82,119 +82,6 @@ in
config = lib.mkIf cfg.enable {
services = {
- nginx = {
- enable = lib.mkDefault true;
- # misses text/csv, font/ttf, application/x-font-ttf, application/rtf, application/wasm
- recommendedGzipSettings = lib.mkDefault true;
- recommendedProxySettings = lib.mkDefault true;
-
- upstreams = {
- # /etc/nginx/includes/http-common.conf
- onlyoffice-docservice = {
- servers = {
- "localhost:${toString cfg.port}" = { };
- };
- };
- onlyoffice-example = lib.mkIf cfg.enableExampleServer {
- servers = {
- "localhost:${toString cfg.examplePort}" = { };
- };
- };
- };
-
- virtualHosts.${cfg.hostname} = {
- locations = {
- # /etc/nginx/includes/ds-docservice.conf
- "~ ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(web-apps\\/apps\\/api\\/documents\\/api\\.js)$".extraConfig =
- ''
- expires -1;
- alias ${cfg.package}/var/www/onlyoffice/documentserver/$2;
- '';
- "~ ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(web-apps)(\\/.*\\.json)$".extraConfig = ''
- expires 365d;
- error_log /dev/null crit;
- alias ${cfg.package}/var/www/onlyoffice/documentserver/$2$3;
- '';
- "~ ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(sdkjs-plugins)(\\/.*\\.json)$".extraConfig = ''
- expires 365d;
- error_log /dev/null crit;
- alias ${cfg.package}/var/www/onlyoffice/documentserver/$2$3;
- '';
- "~ ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(web-apps|sdkjs|sdkjs-plugins|fonts)(\\/.*)$".extraConfig =
- ''
- expires 365d;
- alias ${cfg.package}/var/www/onlyoffice/documentserver/$2$3;
- '';
- "~* ^(\\/cache\\/files.*)(\\/.*)".extraConfig = ''
- alias /var/lib/onlyoffice/documentserver/App_Data$1;
- add_header Content-Disposition "attachment; filename*=UTF-8''$arg_filename";
-
- set $secret_string verysecretstring;
- secure_link $arg_md5,$arg_expires;
- secure_link_md5 "$secure_link_expires$uri$secret_string";
-
- if ($secure_link = "") {
- return 403;
- }
-
- if ($secure_link = "0") {
- return 410;
- }
- '';
- "~* ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(internal)(\\/.*)$".extraConfig = ''
- allow 127.0.0.1;
- deny all;
- proxy_pass http://onlyoffice-docservice/$2$3;
- '';
- "~* ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(info)(\\/.*)$".extraConfig = ''
- allow 127.0.0.1;
- deny all;
- proxy_pass http://onlyoffice-docservice/$2$3;
- '';
- "/".extraConfig = ''
- proxy_pass http://onlyoffice-docservice;
- '';
- "~ ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?(\\/doc\\/.*)".extraConfig = ''
- proxy_pass http://onlyoffice-docservice$2;
- proxy_http_version 1.1;
- '';
- "/${cfg.package.version}/".extraConfig = ''
- proxy_pass http://onlyoffice-docservice/;
- '';
- "~ ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(dictionaries)(\\/.*)$".extraConfig = ''
- expires 365d;
- alias ${cfg.package}/var/www/onlyoffice/documentserver/$2$3;
- '';
- # /etc/nginx/includes/ds-example.conf
- "~ ^(\\/welcome\\/.*)$".extraConfig = ''
- expires 365d;
- alias ${cfg.package}/var/www/onlyoffice/documentserver-example$1;
- index docker.html;
- '';
- "/example/".extraConfig = lib.mkIf cfg.enableExampleServer ''
- proxy_pass http://onlyoffice-example/;
- proxy_set_header X-Forwarded-Path /example;
- '';
- };
- extraConfig = ''
- rewrite ^/$ /welcome/ redirect;
- rewrite ^\/OfficeWeb(\/apps\/.*)$ /${cfg.package.version}/web-apps$1 redirect;
- rewrite ^(\/web-apps\/apps\/(?!api\/).*)$ /${cfg.package.version}$1 redirect;
-
- # based on https://github.com/ONLYOFFICE/document-server-package/blob/master/common/documentserver/nginx/includes/http-common.conf.m4#L29-L34
- # without variable indirection and correct variable names
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header X-Forwarded-Proto $scheme;
- # required for CSP to take effect
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- # required for websocket
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $connection_upgrade;
- '';
- };
- };
-
rabbitmq.enable = lib.mkDefault true;
postgresql = {