Commit cd8540da authored by Bob Bobber's avatar Bob Bobber
Browse files

nixos/onlyoffice: add allowLocalConnections option 

Allow the document server to download files from private and
link-local IP addresses by setting `allowPrivateIPAddress` and
`allowMetaIPAddress` to true in the request-filtering-agent
configuration.

Resolves https://github.com/NixOS/nixpkgs/issues/317225
parent 10254dfa

nixos/modules/services/web-apps/onlyoffice.nix

+10 −0
Original line number Diff line number Diff line
@@ -58,6 +58,12 @@ in 
      description = "Port the OnlyOffice document server should listen on.";

    };



    allowLocalConnections = lib.mkOption {

      type = lib.types.bool;

      default = false;

      description = "Whether to allow the document server to download files from private IP addresses.";

    };



    examplePort = lib.mkOption {

      type = lib.types.port;

      default = null;
@@ -308,6 +314,10 @@ in 
            # https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/run-document-server.sh

            FS_SECRET_STRING=$(cut -d '"' -f 2 < ${cfg.securityNonceFile})

            jq '

            ${lib.optionalString cfg.allowLocalConnections ''

              .services.CoAuthoring."request-filtering-agent".allowPrivateIPAddress = true |

              .services.CoAuthoring."request-filtering-agent".allowMetaIPAddress = true |

            ''}

              .storage.fs.secretString = "'$FS_SECRET_STRING'" |

              .services.CoAuthoring.server.port = ${toString cfg.port} |

              .services.CoAuthoring.sql.dbHost = "${cfg.postgresHost}" |