wurzel/fruitbasket
9
1
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity

[Draft] Fixes for the mail configuration #22

Merged
rouven0 merged 19 commits from mail into main 2023-04-03 23:19:32 +02:00
Conversation 3 Commits 19 Files changed 16 +34 -3
2 changed files with 34 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 979a587967 - Show all commits

1
flake.nix
View file

@ -83,6 +83,7 @@
./hosts/quitte/configuration.nix ./hosts/quitte/configuration.nix
./modules/options.nix ./modules/options.nix
./modules/base.nix ./modules/base.nix
./modules/ldap.nix
# ./modules/keycloak.nix replaced by portunus # ./modules/keycloak.nix replaced by portunus
./modules/nginx.nix ./modules/nginx.nix
./modules/hedgedoc.nix ./modules/hedgedoc.nix

36
modules/hedgedoc.nix
View file

@ -25,7 +25,6 @@ in
protocolUseSSL = true; protocolUseSSL = true;
dbURL = "postgres://hedgedoc:\${DB_PASSWORD}@localhost:5432/hedgedoc"; dbURL = "postgres://hedgedoc:\${DB_PASSWORD}@localhost:5432/hedgedoc";
sessionSecret = "\${SESSION_SECRET}"; sessionSecret = "\${SESSION_SECRET}";
allowAnonymousEdits = true;
csp = { csp = {
enable = true; enable = true;
directives = { directives = {
@ -34,6 +33,26 @@ in
upgradeInsecureRequest = "auto"; upgradeInsecureRequest = "auto";
addDefaults = true; addDefaults = true;
}; };
allowGravatar = false;
## authentication
# disable email
email = false;
allowEmailRegister = false;
# allow anonymous editing, but not creation of pads
allowAnonymous = false;
allowAnonymousEdits = true;
tanneberger commented 2023-03-31 15:07:40 +02:00 (Migrated from github.com)
Review
Copy link

do we want to quickly move that into a different pr ? because looks pretty unrelated

do we want to quickly move that into a different pr ? because looks pretty unrelated
rouven0 commented 2023-03-31 15:13:41 +02:00 (Migrated from github.com)
Review
Copy link

These extra changes are unintended as said above. Something went wrong while rebasing this branch. Most of the commits in this pr are already on main.

These extra changes are unintended as said above. Something went wrong while rebasing this branch. Most of the commits in this pr are already on main.
defaultPermission = "limited";
# ldap auth
ldap = rec {
url = "ldap://localhost";
searchBase = "ou=users,${config.services.portunus.ldap.suffix}";
searchFilter = "(uid={{username}})";
bindDn = "uid=${config.services.portunus.ldap.searchUserName},${searchBase}";
bindCredentials = "\${LDAP_CREDENTIALS}";
useridField = "uid";
providerName = "iFSR";
};
}; };
}; };
@ -52,12 +71,23 @@ in
}; };
}; };
sops.secrets.postgres_hedgedoc.owner = config.systemd.services.hedgedoc.serviceConfig.User; sops.secrets =
sops.secrets.hedgedoc_session_secret.owner = config.systemd.services.hedgedoc.serviceConfig.User; let
user = config.systemd.services.hedgedoc.serviceConfig.User;
in
{
postgres_hedgedoc.owner = user;
hedgedoc_session_secret.owner = user;
hedgedoc_ldap_search = {
key = "portunus_search";
owner = user;
};
};
systemd.services.hedgedoc.preStart = lib.mkBefore '' systemd.services.hedgedoc.preStart = lib.mkBefore ''
export DB_PASSWORD="$(cat ${config.sops.secrets.postgres_hedgedoc.path})" export DB_PASSWORD="$(cat ${config.sops.secrets.postgres_hedgedoc.path})"
export SESSION_SECRET="$(cat ${config.sops.secrets.hedgedoc_session_secret.path})" export SESSION_SECRET="$(cat ${config.sops.secrets.hedgedoc_session_secret.path})"
export LDAP_CREDENTIALS="$(cat ${config.sops.secrets.hedgedoc_ldap_search.path})"
''; '';
systemd.services.hedgedoc.after = [ "hedgedoc-pgsetup.service" ]; systemd.services.hedgedoc.after = [ "hedgedoc-pgsetup.service" ];