diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..cdc8c0f --- /dev/null +++ b/flake.lock @@ -0,0 +1,113 @@ +{ + "nodes": { + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1738453229, + "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-registry": { + "flake": false, + "locked": { + "lastModified": 1734450202, + "narHash": "sha256-/3gigrEBFORQs6a8LL5twoHs7biu08y/8Xc5aQmk3b0=", + "owner": "nixos", + "repo": "flake-registry", + "rev": "02fe640c9e117dd9d6a34efc7bcb8bd09c08111d", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "flake-registry", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1739845242, + "narHash": "sha256-rNMXpDubNWGLTs45MuoH9YHtXfXye/fn2u4YMSTPt9I=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "5cfbf5cc37a3bd1da07ae84eea1b828909c4456b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "lite-config": { + "locked": { + "lastModified": 1739957084, + "narHash": "sha256-3/qip13SUyFzcAhP/4zPUfbz1aFiFXI0W/noG4lj1VE=", + "owner": "ataraxiasjel", + "repo": "lite-config", + "rev": "cc71ba387937b80f7dade9e921d50a1e5816eb56", + "type": "github" + }, + "original": { + "owner": "ataraxiasjel", + "ref": "v0.6.0", + "repo": "lite-config", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1739736696, + "narHash": "sha256-zON2GNBkzsIyALlOCFiEBcIjI4w38GYOb+P+R4S8Jsw=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d74a2335ac9c133d6bbec9fc98d91a77f1604c1f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1738452942, + "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" + } + }, + "root": { + "inputs": { + "flake-parts": "flake-parts", + "flake-registry": "flake-registry", + "home-manager": "home-manager", + "lite-config": "lite-config", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..5823fb3 --- /dev/null +++ b/flake.nix @@ -0,0 +1,45 @@ +{ + description = "AtaraxiaSjel's NixOS configuration."; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + flake-parts.url = "github:hercules-ci/flake-parts"; + lite-config.url = "github:ataraxiasjel/lite-config/v0.6.0"; + flake-registry = { + url = "github:nixos/flake-registry"; + flake = false; + }; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = + inputs: + inputs.flake-parts.lib.mkFlake { inherit inputs; } ( + { self, ... }: + { + imports = [ inputs.lite-config.flakeModule ]; + + lite-config = { + nixpkgs = { + nixpkgs = inputs.nixpkgs; + config = { }; + overlays = [ ]; + patches = [ ./patches/onlyoffice.patch ]; + exportOverlayPackages = false; + setPerSystemPkgs = true; + }; + + systemModules = [ ./modules/nixos ]; + homeModules = [ ./modules/home ]; + hostModuleDir = ./hosts; + + hosts = {}; + }; + + perSystem = { ... }: { }; + } + ); +} diff --git a/modules/home/default.nix b/modules/home/default.nix new file mode 100644 index 0000000..facb35d --- /dev/null +++ b/modules/home/default.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix new file mode 100644 index 0000000..facb35d --- /dev/null +++ b/modules/nixos/default.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + +} diff --git a/patches/onlyoffice.patch b/patches/onlyoffice.patch new file mode 100644 index 0000000..03f48be --- /dev/null +++ b/patches/onlyoffice.patch @@ -0,0 +1,124 @@ +diff --git a/nixos/modules/services/web-apps/onlyoffice.nix b/nixos/modules/services/web-apps/onlyoffice.nix +index f56dfd341dcc..c3f8323a5ddf 100644 +--- a/nixos/modules/services/web-apps/onlyoffice.nix ++++ b/nixos/modules/services/web-apps/onlyoffice.nix +@@ -82,119 +82,6 @@ in + + config = lib.mkIf cfg.enable { + services = { +- nginx = { +- enable = lib.mkDefault true; +- # misses text/csv, font/ttf, application/x-font-ttf, application/rtf, application/wasm +- recommendedGzipSettings = lib.mkDefault true; +- recommendedProxySettings = lib.mkDefault true; +- +- upstreams = { +- # /etc/nginx/includes/http-common.conf +- onlyoffice-docservice = { +- servers = { +- "localhost:${toString cfg.port}" = { }; +- }; +- }; +- onlyoffice-example = lib.mkIf cfg.enableExampleServer { +- servers = { +- "localhost:${toString cfg.examplePort}" = { }; +- }; +- }; +- }; +- +- virtualHosts.${cfg.hostname} = { +- locations = { +- # /etc/nginx/includes/ds-docservice.conf +- "~ ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(web-apps\\/apps\\/api\\/documents\\/api\\.js)$".extraConfig = +- '' +- expires -1; +- alias ${cfg.package}/var/www/onlyoffice/documentserver/$2; +- ''; +- "~ ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(web-apps)(\\/.*\\.json)$".extraConfig = '' +- expires 365d; +- error_log /dev/null crit; +- alias ${cfg.package}/var/www/onlyoffice/documentserver/$2$3; +- ''; +- "~ ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(sdkjs-plugins)(\\/.*\\.json)$".extraConfig = '' +- expires 365d; +- error_log /dev/null crit; +- alias ${cfg.package}/var/www/onlyoffice/documentserver/$2$3; +- ''; +- "~ ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(web-apps|sdkjs|sdkjs-plugins|fonts)(\\/.*)$".extraConfig = +- '' +- expires 365d; +- alias ${cfg.package}/var/www/onlyoffice/documentserver/$2$3; +- ''; +- "~* ^(\\/cache\\/files.*)(\\/.*)".extraConfig = '' +- alias /var/lib/onlyoffice/documentserver/App_Data$1; +- add_header Content-Disposition "attachment; filename*=UTF-8''$arg_filename"; +- +- set $secret_string verysecretstring; +- secure_link $arg_md5,$arg_expires; +- secure_link_md5 "$secure_link_expires$uri$secret_string"; +- +- if ($secure_link = "") { +- return 403; +- } +- +- if ($secure_link = "0") { +- return 410; +- } +- ''; +- "~* ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(internal)(\\/.*)$".extraConfig = '' +- allow 127.0.0.1; +- deny all; +- proxy_pass http://onlyoffice-docservice/$2$3; +- ''; +- "~* ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(info)(\\/.*)$".extraConfig = '' +- allow 127.0.0.1; +- deny all; +- proxy_pass http://onlyoffice-docservice/$2$3; +- ''; +- "/".extraConfig = '' +- proxy_pass http://onlyoffice-docservice; +- ''; +- "~ ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?(\\/doc\\/.*)".extraConfig = '' +- proxy_pass http://onlyoffice-docservice$2; +- proxy_http_version 1.1; +- ''; +- "/${cfg.package.version}/".extraConfig = '' +- proxy_pass http://onlyoffice-docservice/; +- ''; +- "~ ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(dictionaries)(\\/.*)$".extraConfig = '' +- expires 365d; +- alias ${cfg.package}/var/www/onlyoffice/documentserver/$2$3; +- ''; +- # /etc/nginx/includes/ds-example.conf +- "~ ^(\\/welcome\\/.*)$".extraConfig = '' +- expires 365d; +- alias ${cfg.package}/var/www/onlyoffice/documentserver-example$1; +- index docker.html; +- ''; +- "/example/".extraConfig = lib.mkIf cfg.enableExampleServer '' +- proxy_pass http://onlyoffice-example/; +- proxy_set_header X-Forwarded-Path /example; +- ''; +- }; +- extraConfig = '' +- rewrite ^/$ /welcome/ redirect; +- rewrite ^\/OfficeWeb(\/apps\/.*)$ /${cfg.package.version}/web-apps$1 redirect; +- rewrite ^(\/web-apps\/apps\/(?!api\/).*)$ /${cfg.package.version}$1 redirect; +- +- # based on https://github.com/ONLYOFFICE/document-server-package/blob/master/common/documentserver/nginx/includes/http-common.conf.m4#L29-L34 +- # without variable indirection and correct variable names +- proxy_set_header Host $host; +- proxy_set_header X-Forwarded-Host $host; +- proxy_set_header X-Forwarded-Proto $scheme; +- # required for CSP to take effect +- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +- # required for websocket +- proxy_set_header Upgrade $http_upgrade; +- proxy_set_header Connection $connection_upgrade; +- ''; +- }; +- }; +- + rabbitmq.enable = lib.mkDefault true; + + postgresql = {