crans
/
nixos
mirror of https://gitlab.crans.org/nounous/nixos
19
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Finalisation onlyoffice

cephiroth
pigeonmoelleux 2024-06-21 18:44:26 +02:00
parent 9bf9ab6560
commit 58c435f98b
No known key found for this signature in database
GPG Key ID: B3BE02E379E6E8E2
3 changed files with 106 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/crans/default.nix
View File

@ -17,6 +17,8 @@
enable = true;
};
nixpkgs.config.allowUnfree = true;
# Enable some utility programs.
programs.git.enable = true;
programs.neovim.enable = true;

68
modules/services/onlyoffice.nix
View File

@ -1,12 +1,76 @@
{ ... }:
{ config, pkgs, ... }:
let
format = pkgs.formats.json { };
jwtSecretFileTemplate = format.generate "local.json" {
services = {
CoAuthoring = {
token = {
enable = {
request = {
inbox = true;
outbox = true;
};
browser = true;
};
};
secret = {
inbox = {
string = "$ONLYOFFICE_PASS";
};
outbox = {
string = "$ONLYOFFICE_PASS";
};
session = {
string = "$ONLYOFFICE_PASS";
};
};
};
};
};
jwtSecretFile = "/var/lib/onlyoffice/local.json";
in
{
sops.secrets = {
onlyoffice-pass = {
sopsFile = ../../secrets/chene.yaml;
owner = "onlyoffice";
};
};
services.onlyoffice = {
enable = true;
port = 8000;
hostname = "onlyoffice.crans.org";
postgresHost = "tealc.adm.crans.org";
postgresName = "onlyoffice";
postgresUser = "onlyoffice";
postgresPasswordFile = sops.secrets.onlyoffice-sliding-sync-pass-file.path;
postgresPasswordFile = config.sops.secrets.onlyoffice-pass.path;
jwtSecretFile = jwtSecretFile;
};
systemd.services.onlyoffice-docservice-secret = {
description = "Écriture du JWT Secret File pour OnlyOffice";
wantedBy = [ "onlyoffice-docservice.service" ];
before = [ "onlyoffice-docservice.service" ];
path = [ pkgs.envsubst ];
script = ''
ONLYOFFICE_PASS="$(<${config.sops.secrets.onlyoffice-pass.path})";
"envsubst -i ${jwtSecretFileTemplate} -o ${jwtSecretFile}"
'';
serviceConfig = {
User = "onlyoffice";
Group = "onlyoffice";
Type = "simple";
StateDirectory = "onlyoffice";
};
};
}

96
secrets/chene.yaml
View File

@ -1,4 +1,4 @@
onlyoffice-sliding-sync-pass-file: ENC[AES256_GCM,data:3m/OrDKvFDVeJjBag3jAIn4plGf5zrD9XQ==,iv:2cupGLGuNYN7WgYiQz8hADPrdyUgOeO3Vnw1bXh+22U=,tag:bacRGACFnbmHpWJQsYPBIw==,type:str]
onlyoffice-pass: ENC[AES256_GCM,data:+BoxNQR+dunewcQJFpJCNPcOfcjaz5JS+A==,iv:/NYnwZrPWkzNSFAlMw1tAKSHcdzRCYuNjNqKcoieyYs=,tag:g90i7FneDpN/lM27hXFnjg==,type:str]
sops:
kms: []
gcp_kms: []
@ -8,74 +8,54 @@ sops:
- recipient: age1p9h7wl3j2fl40gacknt4y95rqkaat8gntrqesx05xcg6yav8tuuqxrqv7h
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzVlFralVZZVBVejc4NzhB
Szc1SDJWZmQrdGYzbktpRzh4bG82RWh3Y0ZVClhaWHdlcEtiWkV4RmJBNXd3cDBz
YlArU1VOS2ppV3NVbFBDOTdTWjVxQmMKLS0tIDdOdU43NXJRZGs4U3NxbFF4a0RE
MXFoQXhZN3NkSHJNZUluRnVLZmFFRkEK019fLNm4xuH1Y1XLsfpvjC7uS7mE6ZEc
EJ/0Ml2xaQ/pRg9tN9AbGUZi0dx6jQmKqCTlglZM/ZDcg87oDAFzJA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQOVNlMzJVWGk2TDNzQ0RB
SnRRanVuc29YWS9ub2JBTGFXaE9pYWJXU0ZJCko3WCtwRVQ1V2JYTmM1RC9vQWl4
TXBwM1ZoK1lyTUlmTkd5WjhVVE5uYUkKLS0tIENhRmR3NTZNT1NZT3EvaHhpcDds
R0t6N3Rud2tkUWdTS0drMHdNOWNXWVkKq7wZ+ipcmbgQbriC7tvk6zADOreIMtMN
eWZWmxRL5aI7zeWe0/AbryatgurmYSoat4sTRembZkUOELmNPcwUlw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-03T21:34:58Z"
mac: ENC[AES256_GCM,data:wqm8TcapmQKin4tzAuUzxM0cmS7AxH41tFZrBDNO5ArEhhlcYRD8wVPDeO0HeH8g5cA0Tx2flAPQ10eH1WF9wtZ0X6z+wzDkzcCUVvtw+eCxKIOo4/hkBBM9hr81GGTdsqdem++qUuOCUG0ztnPKsyONMUFBmQkfNTtw1+JY7Qo=,iv:mjuU02qFTgSbiJgWdPE3khpYxF/k2EBJZfmhz+HDY0U=,tag:GakVe+hHzOdXVGDamhQ6qg==,type:str]
lastmodified: "2024-06-21T18:07:38Z"
mac: ENC[AES256_GCM,data:7LBKELXBVj4iyTjp5lpRjLew80TurDMcu5Dv6gpnKedDxijqTtO/WEwXii1ySllRVwoErfDedpN2hervGEGii7a3+rQazHYxc9lQNdGouHEBI60bJpkeozLsdF1ePkQYrCxCZCIQnXj6rb3ib4Uxh9rkaojw3dIENmfKgFaGUFI=,iv:m0Hktx/XOJXh8vqt+M1XsRCUNtqFN7F+r/RusNg1wbs=,tag:nu+W4JzbYDCaAeBfSyGtQQ==,type:str]
pgp:
- created_at: "2024-06-03T21:32:58Z"
- created_at: "2024-06-21T18:07:20Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwEdD9k5IbiyARAAqGXoRluDnOZXgkA/TWWvxHI84NAKgnXd45qk26/GtouV
ihODq+ggXJbI4hj//0GwFq2oVt1cFB+7Rzbnah/F37jzLgApbDbtHBX2J3wkyTwW
1lKjXGv6CjzzddOEXAUznM+WoHkczBZ+2EN60B5jTd09vzj7pih3E7lZmr4/nuiW
c86F34bdkLBv0XVDoAfmjHJpg565hCY7mesD8JcMO7nhy0LojgsgbRNvuCLGi/qX
cNxgS9/lp2bSfFK0SoRzoYpJwAzPpx/hSqX9IfBihxmChoHLozyOy4bkxNM5DF02
CYuysUjOYmsuXV5DBa4/VEhZ4izkeoXgrJxpdCGJbPSxDsdcroLlYLaP34M5GYqN
HKmciIlRA5M7Sz3TewmCwHN6oDoiEIIYfj8Hdkmx7sF6yGs95HnTNZ7X0VemrT+G
oQ49gQfketU1ufXcLzXukjlkC+TAm2G9Pu8oTrr6hA2p6JvEc9UUbbpwJtTf1msj
wkckOFdYJzFZwH1oUP8N3WIIX1b1iYGNGuJhYT4hYM6JoaxQOBOoXvI8qIuISWZv
3wSaRme5dMBQL38SkhzyJIOhLSCtit5z33EXuNDQsN3PTgGczmQuqTpuS3wLuqNg
gYDYTledqZAKBHaByGtsWLYdN6hJOc4QNqq7N205xyCCRCF1jfzczJytKu4IVHbS
XgG2pidGNW/g88VOFE+arlxeub1of5uPln7g2Q0cV91Xu1CW7Jp++qSfpEKZbxZR
vKQ7A6ko2URhcLmIGhyYW6Mw5Frmx4Fc9ipJsOejE/HoHsYiMvgUgsjzMUQc7l8=
=HBu2
hQIMAwEdD9k5IbiyAQ/9GIzyP4luwkNoZ5RXFCruzqmM15H+Lq5rpKsXB31j6aW0
xzA7SMyH3qTNBANJrFpmrAXxdAz5Vy7+VbaGPG74jDSe228xbzwGjY6olxuxAoR3
MtFaIpySNtW4jXXrL7XwJre1NtIndxaJncw4pObrYGORXMhyXYchEscPRumgX+Rf
pPiYOnyhExZQvhGPumzJlcBypiCVlfJnvMtg4ACmyMIZFSe62kPyrpYZCHJYE3T1
oSdkK94eV1LlqwcQiB0Fib2rWA8Mj7tU4LTfrTcYXTH87Gd68xo5M8Mnbj13+MLz
juFR5vjWwKVHA29hzI7JJQm4r/8othFJdFel4rn0z+aPI4ladlL+l5o+FQ2hoMWg
TsPXBE5S7nMNDQuDUCAWYcydJ3wuNcbh8yKusLN2KeDo/ShjuzHMrlzYtz7hxW4K
0NEVflqnginHtndjDPHj4C+K8074LP7uQ/W+ikSWLkIAX9h2JW3Q/0IOrEN2nggJ
NuLMCqf5o54dcO7AWBVXvDbik/ADcbXrsINUTsvpv2TAQ/ID4sYVvJTVbluXqnwx
9lRGO1mZvahvZN+DQ0keF3TV8G1ocHCVWUPRXQDXcWB9rMOh3xF1tKDMYhAZOJlg
ah812H1gPrHyF04Ohi5lc0cO2aUMBSey1rqhue2VjwwBdSIrFrpoYq3Vkt+UnkPS
XAGIWm+RXjwzI1QYYafFXN35FAScb1O9o9hOJT/tT3FEKuEWItTKt4boPrP6qfeY
ngbHQ1F76diVOGFHqsMdU+dioJpwELBuT6+/OxR3YAc1Wa5XMdJSQlhsjfRH
=2kF0
-----END PGP MESSAGE-----
fp: "0xDF6D6CE9E95E26E8"
- created_at: "2024-06-03T21:32:58Z"
- created_at: "2024-06-21T18:07:20Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA/HTIsSK0VBlARAAr+thV3Du1fuzYCupxnspHAS2njh8Fsseo9RneFaPN1me
suenAQDpyZQ9ESa2dk2E/Hz82YspaurZ1lzU/WhX/3vCb2GquH/51XFIsQ6e1KCi
JPArsTZQs+UdjIN3J8GzTywkvhk3/q/ib6m0gc5AHwxsgkpd/fqgLLBlVMbasa7Y
4QOyy5+nS9huat1l2K27+YgqOptw7snR58iDES9X+o4dN3A7LUud9dUhWckBDuRZ
KyI/eEDvyFSzS3LqiPcM45Xo+PnGYXI4Bbr+8AkUF+4KHJJsQncL7BkPOVS6l0U0
1ALpUvPJgUiCKX6eI+1vvSJ18YLPWWz4zZD1FMkOQpf9LMyO1XlTeaAxdLhEGs9S
Cd8+y6KRGvzTHGRJLJVCg0J4Mshf8unYAiQZBa+i0jc6iQVrCW+B34TSXp8JlYbg
LhnU1GXe9TVYIzVjPpxg6kSjU9kgZCvphyKmCtR+HfLL+5lYMbHumx5dnF6XC4B3
ceKN8ewj549cCPbkbY1mRu8Ulnz+1DfBxZDLcVW/omXjWSJ0OVFyxMsHYo7rZ7Qc
1z9lCDd5dq3zjchOTwTPf0GR4c8sSDlNJGQqQ2AZDzowcRwi1s31R/HlPSHsnFOE
wdi8a7xlBOdhSdJ1pcfH2T3KG9st6SduvxnFrxitJYfWfk8xmKldT2yEOw98UgvS
XgEbBt0zMVEJxF/oy/5WAr0REJx33bapuRxscCFvZOW3EzdaB9w3ICx208zQggcj
aJnLx0b4dJKypzFhECSA6zHHR1rPZzQRcRTnrxR5QC4lmA6m5GbC4bRZk/Ry+CA=
=/gY3
hQIMA/HTIsSK0VBlARAAqMcFp7WL19VRmhZHXS6mmbABRuiPRLQ+Of+LpA7hRrlw
YI7qPcTqNHUgOl9uwuv3mSustX370mWBNaT7B8S/5URZCnvdtxqrVH/rGJUOk79x
sMkiyEHCJmkm/iykef1XF6tCZUoAMjuTNQbn1dn+bcj1AKdR9pVZcKvjmR90J2Ho
pfoSRxYcFI2zN8SN7EesMUJ59mOw3q8fLQAHlPi/QQI3fN09HG4PiV2q26QrlNTM
aru+y95kOBpsA/mFyjTG4axNG4cuKFMmq0mp1RJMeXpYB5MGBnKAhkP7jGAcDK9o
SUk5t+vRLD/KKj8ozDcjrM/YIGLZ+LNdfKO/eJL3yXSBZ7yZ2VWO4FlEXzEACusx
8H+EXVy3++0zFUQlcLgYrulwtJfEV0GhtB86pKsu5QQwvHz3EvK3sTLSQXNpkp8r
Z/0+Ja6ZMWT9wIfD34+HRvKScUSRm2SwcFnQx+Wp15pCA8lY/Vr39KkVolCNFB5O
gJ9pVQM02IH1Oc0x37/dOyDFQ0wvCx7lmxzyeuOrhq2i+Q8r4s9VU6MTbU/b/pZg
rbVwz0aiuOB54Q9IuXPyR0EGvkWjWvjrRseBOtHOkeqnH7Ri+swNBww07fYiqR76
EHvdLUuGWxz2TvDHgq/TnhDjA6VYv23x+Ip9Unlp3Et6ry0yLyia3Fb2HuRXJFvS
XAF2YtYgA2Hz7RjaL3Pm96LsTg6cDWdf5d1wtVG5nubrs44eKB+pJ2UlWWLKFrf3
48fkhzzWZ5DftwBI3hKiy1kZPvbOhydCCGS6t5ZqkEmWSHkyRX2TXOu+WqOh
=cmCK
-----END PGP MESSAGE-----
fp: "0xFA47BDA260489ADA"
- created_at: "2024-06-03T21:32:58Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA4Uty74yOFxLAQ/+Nf44U9p6/26oYB83v/fZTYSF49TYussSNXWCl85FUS5h
GW7FxqjsjiiBdabMg4tqNqg9c559hF3ICZjbCuEo5rYYaSHqCRVc3k7bi5LQ2uY2
dVJqVtboOGsYCFO6L/FnCeaCIHSiT5/1KVxh7T5LzQYxpuMxid8381uRJm2tSnBj
C+k9ocn5NEepwqT2QUIjS/0UwgiAZMuvZ6WDud92hawQw7ZSokLTRvkeJ0dRv2Ti
dCX43mIEFR+KgjfooHErL39HLKFIG7k52uhPXEN4Dlzi7/OvJwrmLp0NR6hbwp/3
iWv2/W9I0mrVZS9UP0QffmzgHHpNGia2/LHKw4AdFAY0n1OpvLNdXZ77aw8YlwA3
k7GG7+w8EvCt8ZzPDV1QfrB+RkD7Z3VibxBPxHbA0qPKyfSPMa+2YttEdjNDujob
USQktA4Ew62sLjUrRxPZjxrjkuKQv8wRgdkAggaveZWZLRMk9/gA6M38ibDMf9Rj
pRlNr9Jdi1avb6y+FOTSyNyrSctwwAyBgy5SLWuV/ZE71A67RMhRX/tAxXMB7BEW
trL01cbiraehg8biCHjcK5NQxtHgVSpY660m5r4OHFiyXD9G8JC1ryufdHdlqY6z
nHU8ZMGA3I549CITsVU4QlCDr/sVvrGZmQOPqxOaf8O/N0wOfRjbrsNiOkgMc0XS
XgE/z1dDPBOU4/Yppm58RLqx3l8XjvzakA/fPCBJmKoVkqF7sp55WlB5SoxwDzk/
oM6PIncAqT0ZcBESJ9AgolpmvIswJ0u3MgGAe8AZ7Un6oNLE2ukpkIyvnqXURYA=
=/xDA
-----END PGP MESSAGE-----
fp: 0xA534E46682DD8C35377352C88DD28608BE411065
unencrypted_suffix: _unencrypted
version: 3.8.1