wurzel/fruitbasket
9
1
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity
fruitbasket/modules/hedgedoc.nix

91 lines
2.3 KiB
Nix
Raw Normal View History

add hedgedoc module
2022-09-06 15:09:30 +02:00
{ config, pkgs, lib, ... }:
secrets for mediawiki and formatting
2022-09-06 17:16:31 +02:00
let
adding option for domain
2022-12-17 19:12:41 +01:00
domain = "pad.${config.fsr.domain}";
secrets for mediawiki and formatting
2022-09-06 17:16:31 +02:00
in
{
add hedgedoc module
2022-09-06 15:09:30 +02:00
services = {
postgresql = {
enable = true;
ensureUsers = [
{
name = "hedgedoc";
ensurePermissions = {
"DATABASE hedgedoc" = "ALL PRIVILEGES";
};
}
];
ensureDatabases = [ "hedgedoc" ];
};
hedgedoc = {
enable = true;
fix hedgedoc
2023-02-15 15:53:15 +01:00
settings = {
add hedgedoc module
2022-09-06 15:09:30 +02:00
port = 3002;
domain = "${domain}";
protocolUseSSL = true;
remove postgresql passwords where they are unneeded
2023-07-19 17:44:49 +02:00
dbURL = "postgres://hedgedoc@%2Frun%2Fpostgresql/hedgedoc";
add hedgedoc module
2022-09-06 15:09:30 +02:00
sessionSecret = "\${SESSION_SECRET}";
csp = {
enable = true;
directives = {
scriptSrc = "${domain}";
};
upgradeInsecureRequest = "auto";
addDefaults = true;
};
configure ldap for hedgedoc (config adapted from kaki)
2023-02-24 17:57:55 +01:00
allowGravatar = false;
## authentication
# disable email
email = false;
allowEmailRegister = false;
# allow anonymous editing, but not creation of pads
allowAnonymous = false;
allowAnonymousEdits = true;
defaultPermission = "limited";
# ldap auth
ldap = rec {
url = "ldap://localhost";
searchBase = "ou=users,${config.services.portunus.ldap.suffix}";
searchFilter = "(uid={{username}})";
bindDn = "uid=${config.services.portunus.ldap.searchUserName},${searchBase}";
bindCredentials = "\${LDAP_CREDENTIALS}";
useridField = "uid";
providerName = "iFSR";
};
add hedgedoc module
2022-09-06 15:09:30 +02:00
};
};
nginx = {
recommendedProxySettings = true;
virtualHosts = {
"${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
fix hedgedoc
2023-02-15 15:53:15 +01:00
proxyPass = "http://[::1]:${toString config.services.hedgedoc.settings.port}";
add hedgedoc module
2022-09-06 15:09:30 +02:00
proxyWebsockets = true;
};
};
};
};
};
configure ldap for hedgedoc (config adapted from kaki)
2023-02-24 17:57:55 +01:00
sops.secrets =
let
user = config.systemd.services.hedgedoc.serviceConfig.User;
in
{
hedgedoc_session_secret.owner = user;
hedgedoc_ldap_search = {
Refactor ldap and enable dex Co-authored-by: revol-xut <revol-xut@protonmail.com>
2023-07-07 17:12:59 +02:00
key = "portunus/search-password";
configure ldap for hedgedoc (config adapted from kaki)
2023-02-24 17:57:55 +01:00
owner = user;
};
};
add hedgedoc module
2022-09-06 15:09:30 +02:00
systemd.services.hedgedoc.preStart = lib.mkBefore ''
export SESSION_SECRET="$(cat ${config.sops.secrets.hedgedoc_session_secret.path})"
configure ldap for hedgedoc (config adapted from kaki)
2023-02-24 17:57:55 +01:00
export LDAP_CREDENTIALS="$(cat ${config.sops.secrets.hedgedoc_ldap_search.path})"
add hedgedoc module
2022-09-06 15:09:30 +02:00
'';
}
Reference in a new issue Copy permalink