NixOS · 7c6f434c · Sep 27, 2024 · Jun 13, 2024 · Jun 13, 2024
diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md
@@ -50,6 +50,8 @@
 
 - [zeronsd](https://github.com/zerotier/zeronsd), a DNS server for ZeroTier users. Available with [services.zeronsd.servedNetworks](#opt-services.zeronsd.servedNetworks).
 
+- [Collabora Online](https://www.collaboraonline.com/), a collaborative online office suite based on LibreOffice technology. Available as [services.collabora-online](options.html#opt-services.collabora-online.enable).
+
 - [wg-access-server](https://github.com/freifunkMUC/wg-access-server/), an all-in-one WireGuard VPN solution with a web ui for connecting devices. Available at [services.wg-access-server](#opt-services.wg-access-server.enable).
 
 - [Envision](https://gitlab.com/gabmus/envision), a UI for building, configuring and running Monado, the open source OpenXR runtime. Available as [programs.envision](#opt-programs.envision.enable).

diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
@@ -1381,6 +1381,7 @@
   ./services/web-apps/chatgpt-retrieval-plugin.nix
   ./services/web-apps/cloudlog.nix
   ./services/web-apps/code-server.nix
+  ./services/web-apps/collabora-online.nix
   ./services/web-apps/commafeed.nix
   ./services/web-apps/convos.nix
   ./services/web-apps/crabfit.nix

diff --git a/nixos/modules/services/web-apps/collabora-online.nix b/nixos/modules/services/web-apps/collabora-online.nix
@@ -0,0 +1,200 @@
+{
+  config,
+  lib,
+  pkgs,
+  utils,
+  ...
+}:
+
+let
+  cfg = config.services.collabora-online;
+
+  freeformType = lib.types.attrsOf ((pkgs.formats.json { }).type) // {
+    description = ''
+      `coolwsd.xml` configuration type, used to override values in the default configuration.
+
+      Attribute names correspond to XML tags unless prefixed with `@`. Nested attribute sets
+      correspond to nested XML tags. Attribute prefixed with `@` correspond to XML attributes. E.g.,
+      `{ storage.wopi."@allow" = true; }` in Nix corresponds to
+      `<storage><wopi allow="true"/></storage>` in `coolwsd.xml`, or `--o:storage.wopi[@allow]=true`
+      in the command line.
+
+      Arrays correspond to multiple elements with the same tag name. E.g.
+      `{ host = [ '''127\.0\.0\.1''' "::1" ]; }` in Nix corresponds to
+      ```xml
+      <net><post_allow>
+        <host>127\.0\.0\.1</host>
+        <host>::1</host>
+      </post_allow></net>
+      ```
+      in `coolwsd.xml`, or
+      `--o:net.post_allow.host[0]='127\.0\.0\.1 --o:net.post_allow.host[1]=::1` in the command line.
+
+      Null values could be used to remove an element from the default configuration.
+    '';
+  };
+
+  configFile =
+    pkgs.runCommandLocal "coolwsd.xml"
+      {
+        nativeBuildInputs = [
+          pkgs.jq
+          pkgs.yq-go
+        ];
+        userConfig = builtins.toJSON { config = cfg.settings; };
+        passAsFile = [ "userConfig" ];
+      }
+      # Merge the cfg.settings into the default coolwsd.xml.
+      # See https://github.com/CollaboraOnline/online/issues/10049.
+      ''
+        yq --input-format=xml \
+           --xml-attribute-prefix=@ \
+           --output-format=json \
+           ${cfg.package}/etc/coolwsd/coolwsd.xml \
+           > ./default_coolwsd.json
+
+        jq '.[0] * .[1] | del(..|nulls)' \
+           --slurp \
+           ./default_coolwsd.json \
+           $userConfigPath \
+           > ./merged.json
+
+        yq --output-format=xml \
+           --xml-attribute-prefix=@ \
+           ./merged.json \
+           > $out
+      '';
+in
+{
+  options.services.collabora-online = {
+    enable = lib.mkEnableOption "collabora-online";
+
+    package = lib.mkPackageOption pkgs "Collabora Online" { default = "collabora-online"; };
+
+    port = lib.mkOption {
+      type = lib.types.port;
+      default = 9980;
+      description = "Listening port";
+    };
+
+    settings = lib.mkOption {
+      type = freeformType;
+      default = { };
+      description = ''
+        Configuration for Collabora Online WebSocket Daemon, see
+        <https://sdk.collaboraonline.com/docs/installation/Configuration.html>, or
+        <https://github.com/CollaboraOnline/online/blob/master/coolwsd.xml.in> for the default
+        configuration.
+      '';
+    };
+
+    aliasGroups = lib.mkOption {
+      type = lib.types.listOf (
+        lib.types.submodule {
+          options = {
+            host = lib.mkOption {
+              type = lib.types.str;
+              example = "scheme://hostname:port";
+              description = "Hostname to allow or deny.";
+            };
+
+            aliases = lib.mkOption {
+              type = lib.types.listOf lib.types.str;
+              default = [ ];
+              example = [
+                "scheme://aliasname1:port"
+                "scheme://aliasname2:port"
+              ];
+              description = "A list of regex pattern of aliasname.";
+            };
+          };
+        }
+      );
+      default = [ ];
+      description = "Alias groups to use.";
+    };
+
+    extraArgs = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [ ];
+      description = "Extra arguments to pass to the service.";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.collabora-online.settings = {
+      child_root_path = lib.mkDefault "/var/lib/cool/child-roots";
+      sys_template_path = lib.mkDefault "/var/lib/cool/systemplate";
+
+      file_server_root_path = lib.mkDefault "${config.services.collabora-online.package}/share/coolwsd";
+
+      # Use mount namespaces instead of setcap'd coolmount/coolforkit.
+      mount_namespaces = lib.mkDefault true;
+
+      # By default, use dummy self-signed certificates provided for testing.
+      ssl.ca_file_path = lib.mkDefault "${config.services.collabora-online.package}/etc/coolwsd/ca-chain.cert.pem";
+      ssl.cert_file_path = lib.mkDefault "${config.services.collabora-online.package}/etc/coolwsd/cert.pem";
+      ssl.key_file_path = lib.mkDefault "${config.services.collabora-online.package}/etc/coolwsd/key.pem";
+    };
+
+    users.users.cool = {
+      isSystemUser = true;
+      group = "cool";
+    };
+    users.groups.cool = { };
+
+    systemd.services.coolwsd-systemplate-setup = {
+      description = "Collabora Online WebSocket Daemon Setup";
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        ExecStart = utils.escapeSystemdExecArgs [
+          "${cfg.package}/bin/coolwsd-systemplate-setup"
+          "/var/lib/cool/systemplate"
+          "${cfg.package.libreoffice}/lib/collaboraoffice"
+        ];
+        RemainAfterExit = true;
+        StateDirectory = "cool";
+        Type = "oneshot";
+        User = "cool";
+      };
+    };
+
+    systemd.services.coolwsd = {
+      description = "Collabora Online WebSocket Daemon";
+      wantedBy = [ "multi-user.target" ];
+      after = [
+        "network.target"
+        "coolwsd-systemplate-setup.service"
+      ];
+
+      environment = builtins.listToAttrs (
+        lib.imap1 (n: ag: {
+          name = "aliasgroup${toString n}";
+          value = lib.concatStringsSep "," ([ ag.host ] ++ ag.aliases);
+        }) cfg.aliasGroups
+      );
+
+      serviceConfig = {
+        ExecStart = utils.escapeSystemdExecArgs (
+          [
+            "${cfg.package}/bin/coolwsd"
+            "--config-file=${configFile}"
+            "--port=${toString cfg.port}"
+            "--use-env-vars"
+            "--version"
+          ]
+          ++ cfg.extraArgs
+        );
+        KillMode = "mixed";
+        KillSignal = "SIGINT";
+        LimitNOFILE = "infinity:infinity";
+        Restart = "always";
+        StateDirectory = "cool";
+        TimeoutStopSec = 120;
+        User = "cool";
+      };
+    };
+  };
+
+  meta.maintainers = [ lib.maintainers.xzfc ];
+}
diff --git a/pkgs/by-name/co/collabora-online/fix-file-server-regex.patch b/pkgs/by-name/co/collabora-online/fix-file-server-regex.patch
@@ -0,0 +1,15 @@
+In the nix build, COOLWSD_VERSION_HASH becomes the same as COOLWSD_VERSION, e.g.
+`24.04.3.5`.  The web server that serves files from
+`/browser/$COOLWSD_VERSION_HASH`, doesn't expect the hash to contain dots.
+
+--- a/wsd/FileServer.cpp
++++ b/wsd/FileServer.cpp
+@@ -933,7 +933,7 @@ std::string FileServerRequestHandler::getRequestPathname(const HTTPRequest& requ
+
+     std::string path(requestUri.getPath());
+
+-    Poco::RegularExpression gitHashRe("/([0-9a-f]+)/");
++    Poco::RegularExpression gitHashRe("/([0-9a-f.]+)/");
+     std::string gitHash;
+     if (gitHashRe.extract(path, gitHash))
+     {