diff options
Diffstat (limited to 'flora/services/hedgedoc.nix')
| -rw-r--r-- | flora/services/hedgedoc.nix | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/flora/services/hedgedoc.nix b/flora/services/hedgedoc.nix new file mode 100644 index 0000000..038f99f --- /dev/null +++ b/flora/services/hedgedoc.nix @@ -0,0 +1,77 @@ +{ config, lib, pkgs, ... }: +let + hedgedoc-patched = pkgs.hedgedoc.overrideAttrs (old: { + src = pkgs.fetchgit { + url = "https://stuebinm.eu/git/hedgedoc"; + rev = "b0f98a43381486995b99ed79e0eabb3af149dbf3"; + sha256 = "1199k5q8wampkw2ri4wgwzqgh1ff0l4kdxx9h8ywqy2f7faf922c"; + }; + }); +in +{ + # Container containing CodiMD and its database + # has its own internal network; needs a reverse-proxy to be reachable from the outside + # TODO: persistent memory for pads + containers.codimd = { + autoStart = true; + privateNetwork = true; + hostAddress6 = "fd00::42:10"; + localAddress6 = "fd00::42:11"; + + config = {config, pkgs, ... }: { + # open CodiMD port + networking.firewall.allowedTCPPorts = [ config.services.hedgedoc.configuration.port ]; + + # database (postgres 11), with default database reachable for CodiMD; no imperative config needed! + services.postgresql = { + enable = true; + package = pkgs.postgresql_11; + ensureDatabases = [ "codimd" ]; + ensureUsers = [ { + name = "hedgedoc"; + ensurePermissions = { "DATABASE codimd" = "ALL PRIVILEGES";}; + } ]; + # ugly workaround to allow CodiMD to login without password — this service has lots of options, + # but apparently not for authentification, which even needs to be forced … + authentication = pkgs.lib.mkForce '' + # Generated file; do not edit! + local all all trust + host codimd hedgedoc ::1/18 trust + host codimd codimd ::1/128 trust + ''; + }; + # CodiMD itself + services.hedgedoc = { + enable = true; + workDir = "/var/codimd/"; + configuration = { + dbURL = "postgres:///codimd"; + port = 3000; + domain = "nix.stuebinm.eu"; + urlAddPort = false; + protocolUseSSL = true; + allowPDFExport = true; + host = "::"; + allowEmailRegister = false; + allowFreeURL = true; + uploadsPath = "/var/codimd/uploads"; + #email = false; + }; + }; + + systemd.services.hedgedoc.serviceConfig.ExecStart = pkgs.lib.mkForce "${hedgedoc-patched}/bin/hedgedoc"; + }; + }; + + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + services.nginx.virtualHosts."nix.stuebinm.eu" = { + locations."/" = { + proxyPass = "http://[" + config.containers.codimd.localAddress6 + "]:3000"; + proxyWebsockets = true; + }; + forceSSL = true; + enableACME = true; + }; +} |