NixOS · EricTheMagician · Jan 6, 2024 · Jan 7, 2024 · Jan 7, 2024 · Jan 7, 2024
diff --git a/nixos/modules/services/web-apps/collabora.nix b/nixos/modules/services/web-apps/collabora.nix
@@ -0,0 +1,137 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  cfg = config.services.collabora;
+  config_file = "/etc/collabora/coolwsd.xml";
+  url = "http://${cfg.host}:${builtins.toString cfg.port}";
+  inherit (lib) mkOption mkEnableOption mkIf types;
+in {
+  options.services.collabora = {
+    enable = mkEnableOption "collabora document server";
+    hostName = mkOption {
+      type = types.str;
+      description = "FQDN for the collabora instance";
+      example = "office.example.com";
+    };
+    host = mkOption {
+      type = types.str;
+      description = "Hostname for the collabora instance";
+      example = "192.168.0.2";
+      default = "127.0.0.1";
+    };
+    port = mkOption {
+      type = types.port;
+      description = "Collabora Listening Port";
+      default = 9980;
+    };
+    package = mkOption {
+      type = types.package;
+      default = pkgs.collabora;
+      description = "Which package to use for the colabora instance";
+    };
+    nginx = {
+      enable = mkEnableOption "nginx proxy server";
+    };
+    dataDir = mkOption {
+      type = types.str;
+      description = "Data directory for the collabora instance";
+      default = "/var/lib/collabora";
+    };
+    extraCLIArgs = mkOption {
+      type = types.listOf types.str;
+      description = "Extra CLI arguments when starting the collabora instance";
+      default = [];
+      example = lib.literalExpression ''
+        [ "-o:ssl.enable=false" "--o:ssl.termination=true"]
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.nginx.virtualHosts = mkIf cfg.nginx.enable {
+      "${cfg.hostName}" = {
+        locations = {
+          # WOPI discovery URL
+          "^~ /hosting/discovery" = {
+            proxyPass = url;
+            recommendedProxySettings = true;
+          };
+
+          # Capabilities
+          "^~ /hosting/capabilities" = {
+            proxyPass = url;
+            recommendedProxySettings = true;
+          };
+
+          # main websocket
+          "~ ^/cool/(.*)/ws$" = {
+            proxyPass = url;
+            proxyWebsockets = true;
+            recommendedProxySettings = true;
+            extraConfig = ''
+              proxy_read_timeout 36000s;
+            '';
+          };
+
+          # download, presentation and image upload
+          # we accept 'lool' to be backward compatible
+          "~ ^/(c|l)ool" = {
+            proxyPass = url;
+            recommendedProxySettings = true;
+          };
+
+          # Admin Console websocket
+          "^~ /cool/adminws" = {
+            proxyPass = url;
+            proxyWebsockets = true;
+            recommendedProxySettings = true;
+            extraConfig = ''
+              proxy_read_timeout 36000s;
+            '';
+          };
+        };
+      };
+    };
+
+    systemd.services.collabora = {
+      description = "Collabora Document Server";
+      wantedBy = ["multi-user.target"];
+      path = [pkgs.cpio pkgs.coreutils pkgs.libreoffice-collabora-unwrapped];
+      script = ''
+        mkdir -p ${cfg.dataDir}/jail
+        #if ! test -f "${cfg.dataDir}/template/.${cfg.package.version}"; then
+        #  if test -d "${cfg.dataDir}/template"; then
+        #    rm -rf ${cfg.dataDir}/template
+        #  fi
+        #  ${cfg.package}/bin/coolwsd-systemplate-setup "${cfg.dataDir}/template" "${pkgs.libreoffice-collabora-unwrapped}"
+        #  touch ${cfg.dataDir}/template/.${cfg.package.version}
+        #fi
+        if ! test -f ${config_file}; then
+          cp ${cfg.package}/etc/coolwsd/coolwsd.xml ${config_file}
+        fi
+
+        ${cfg.package}/bin/coolwsd --unattended \
+          ${lib.concatStringsSep " " cfg.extraCLIArgs} \
+          --port=${builtins.toString cfg.port} \
+          "--config-file=${config_file}" \
+          "--o:file_server_root_path=${cfg.package}/share/coolwsd" \
+          --disable-cool-user-checking \
+          "--o:child_root_path=${cfg.dataDir}/jail"
+
+          #"--o:sys_template_path=${cfg.dataDir}/template" \
+
+      '';
+      environment = {HOME = "/var/lib/collabora";};
+      serviceConfig = {
+        DynamicUser = true;
+        ConfigurationDirectory = "collabora";
+        StateDirectory = "collabora";
+        WorkingDirectory = "/var/lib/collabora";
+        CapabilityBoundingSet = ["CAP_FOWNER" "CAP_MKNOD" "CAP_SYS_CHROOT"];
+      };
+    };
+  };
+}
diff --git a/pkgs/applications/office/collabora/default.nix b/pkgs/applications/office/collabora/default.nix
@@ -0,0 +1,104 @@
+{ lib
+, stdenv
+, fetchFromGitHub
+, buildNpmPackage
+, coreutils
+, poco
+, libpng
+, libcap
+, libtool
+, automake
+, autoconf
+, pkg-config
+, python3
+, zstd
+, cppunit
+, pam
+, libreoffice-collabora-unwrapped
+, #libreoffice-collabora,
+  openssl
+, nodePackages
+, pixman
+, cairo
+, pango
+, rsync # the install script uses it to copy files... this should be patched out
+, ...
+}:
+let
+  inherit (lib) getDev getLib optional optionalString;
+  gcc_major_version = lib.versions.major stdenv.cc.cc.version;
+in
+stdenv.mkDerivation rec {
+  pname = "collabora-online-developer-edition";
+  version = "1.1.9";
+  src = fetchFromGitHub {
+    owner = "CollaboraOnline";
+    repo = "online";
+    rev = "helm-collabora-online-${version}";
+    hash = "sha256-0gjrNa8qrve8tWjBTf7uwHm8Sb080VdnmsjGSlbDgVw=";
+  };
+  nativeBuildInputs = [ automake autoconf pkg-config libtool libcap coreutils nodePackages.nodejs (python3.withPackages (ps: with ps; [ lxml polib ])) rsync ];
+
+  buildInputs = [ libpng zstd cppunit pam openssl pixman cairo pango ];
+  configureFlags = [
+    "--with-vendor=NixOS"
+    "--enable-silent-rules"
+    "--with-lokit-path=${getDev libreoffice-collabora-unwrapped}/include"
+    "--with-lo-path=${libreoffice-collabora-unwrapped}"
+    "--with-poco-includes=${getDev poco}/include"
+    "--with-poco-libs=${poco}/lib"
+    #"--disable-setcap"
+    "--disable-dependency-tracking" # speeds up one time builds
+  ];
+  preConfigure =
+    ''
+      sed -i -e "s@/usr/bin/env python3@python3@g" configure.ac
+      # setcap still needed
+      export SETCAP=${libcap}/bin/setcap
+    ''
+    + optionalString (lib.versionAtLeast gcc_major_version "8") ''
+      substituteInPlace configure.ac --replace '-lstdc++fs' "-l${getLib stdenv.cc.cc}/lib/libstdc++fs.la"
+      substituteInPlace browser/npm-shrinkwrap.json.in --replace '  "lockfileVersion": 1,' '  "lockfileVersion": 3,'
+    ''
+    + ''
+      patchShebangs .
+      ls autogen.sh
+      ./autogen.sh
+    '';
+  postConfigure = ''
+    cp -rl browser/archived-packages browser/node_shrinkwrap
+    #cp -rl browser/npm-shrinkwrap.json  browser/package-lock.json
+  '';
+  enableParallelBuilding = true;
+  npm_dependenicies_full = buildNpmPackage {
+    dontNpmBuild = true;
+    pname = "browser";
+    version = "1.0";
+    src = "${src}/browser";
+    npmDepsHash = "sha256-BpjBLSEcfn8e0xcLdwLbRM4xAOR9iBd0qOtVAvjLbhQ=";
+    patches = [ ./patches/0002.package-lock-update.diff ];
+    postPatch = ''
+      cp -rl npm-shrinkwrap.json.in package-lock.json
+      cp -rl archived-packages node_shrinkwrap
+      substituteInPlace package-lock.json --replace '"lockfileVersion": 1,' '"lockfileVersion": 3,'
+    '';
+    inherit buildInputs nativeBuildInputs;
+    doBuild = false;
+    dontNpmPrune = true;
+    buildPhase = " ";
+  };
+
+  preBuild = ''
+    ln -s ${npm_dependenicies_full}/lib/node_modules/cool/node_modules browser/node_modules
+  '';
+  makeFlags = [
+    "MINIFY=true" # To minify our bundle.js and admin-bundle.js passing a MINIFY=true flag to 'make' will minify it. This can be helpful in production
+    "DEBUG=true" # To build with debug-info, i.e with sourcemaps
+  ];
+  doCheck = false;
+
+  #postInstall = ''
+  #  ln -s $out/share/coolwsd/browser $out/bin/browser
+  #  ln -s $out/share/coolwsd/discovery.xml $out/bin/
+  #'';
+}