summaryrefslogtreecommitdiff
path: root/hosts/flora/services/hedgedoc.nix
diff options
context:
space:
mode:
authorstuebinm2021-03-03 00:51:39 +0100
committerstuebinm2021-03-03 00:51:39 +0100
commitd96fbd63510048bf56d3d600a65f7983096c1bb1 (patch)
tree192afecb97bcdb829e1461bebc283cc86fb99586 /hosts/flora/services/hedgedoc.nix
migrating config
This deploy logic is primarily based on hxchn's deploy lib [1], with some slight modifications to make it work with my setup. Everything seems to work fine for now. However, I am unsure about the usage of niv — the config doesn't seem to gain much from it, apart from (some) additional complexity. [1] https://gitlab.com/hexchen/nixfiles
Diffstat (limited to 'hosts/flora/services/hedgedoc.nix')
-rw-r--r--hosts/flora/services/hedgedoc.nix66
1 files changed, 66 insertions, 0 deletions
diff --git a/hosts/flora/services/hedgedoc.nix b/hosts/flora/services/hedgedoc.nix
new file mode 100644
index 0000000..4ce2256
--- /dev/null
+++ b/hosts/flora/services/hedgedoc.nix
@@ -0,0 +1,66 @@
+{ config, lib, pkgs, ... }:
+
+{
+ # Container containing CodiMD and its database
+ # has its own internal network; needs a reverse-proxy to be reachable from the outside
+ # TODO: persistent memory for pads
+ containers.codimd = {
+ autoStart = true;
+ privateNetwork = true;
+ hostAddress6 = "fd00::42:10";
+ localAddress6 = "fd00::42:11";
+
+ config = {config, pkgs, ... }: {
+ # open CodiMD port
+ networking.firewall.allowedTCPPorts = [ config.services.codimd.configuration.port ];
+
+ # database (postgres 11), with default database reachable for CodiMD; no imperative config needed!
+ services.postgresql = {
+ enable = true;
+ package = pkgs.postgresql_11;
+ ensureDatabases = [ "codimd" ];
+ ensureUsers = [ {
+ name = "codimd";
+ ensurePermissions = { "DATABASE codimd" = "ALL PRIVILEGES";};
+ } ];
+ # ugly workaround to allow CodiMD to login without password — this service has lots of options,
+ # but apparently not for authentification, which even needs to be forced …
+ authentication = pkgs.lib.mkForce ''
+ # Generated file; do not edit!
+ local all all trust
+ host codimd codimd ::1/128 trust
+ '';
+ };
+ # CodiMD itself
+ services.hedgedoc = {
+ enable = true;
+ workDir = "/var/codimd/";
+ configuration = {
+ dbURL = "postgres:///codimd";
+ port = 3000;
+ domain = "nix.stuebinm.eu";
+ urlAddPort = false;
+ protocolUseSSL = true;
+ allowPDFExport = true;
+ host = "::";
+ allowEmailRegister = false;
+ allowFreeURL = true;
+ uploadsPath = "/var/codimd/uploads";
+ #email = false;
+ };
+ };
+ };
+ };
+
+
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+ services.nginx.virtualHosts."nix.stuebinm.eu" = {
+ locations."/" = {
+ proxyPass = "http://[" + config.containers.codimd.localAddress6 + "]:3000";
+ proxyWebsockets = true;
+ };
+ forceSSL = true;
+ enableACME = true;
+ };
+}