diff options
Diffstat (limited to 'hosts/flora/services/hedgedoc.nix')
-rw-r--r-- | hosts/flora/services/hedgedoc.nix | 77 |
1 files changed, 0 insertions, 77 deletions
diff --git a/hosts/flora/services/hedgedoc.nix b/hosts/flora/services/hedgedoc.nix deleted file mode 100644 index 038f99f..0000000 --- a/hosts/flora/services/hedgedoc.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ config, lib, pkgs, ... }: -let - hedgedoc-patched = pkgs.hedgedoc.overrideAttrs (old: { - src = pkgs.fetchgit { - url = "https://stuebinm.eu/git/hedgedoc"; - rev = "b0f98a43381486995b99ed79e0eabb3af149dbf3"; - sha256 = "1199k5q8wampkw2ri4wgwzqgh1ff0l4kdxx9h8ywqy2f7faf922c"; - }; - }); -in -{ - # Container containing CodiMD and its database - # has its own internal network; needs a reverse-proxy to be reachable from the outside - # TODO: persistent memory for pads - containers.codimd = { - autoStart = true; - privateNetwork = true; - hostAddress6 = "fd00::42:10"; - localAddress6 = "fd00::42:11"; - - config = {config, pkgs, ... }: { - # open CodiMD port - networking.firewall.allowedTCPPorts = [ config.services.hedgedoc.configuration.port ]; - - # database (postgres 11), with default database reachable for CodiMD; no imperative config needed! - services.postgresql = { - enable = true; - package = pkgs.postgresql_11; - ensureDatabases = [ "codimd" ]; - ensureUsers = [ { - name = "hedgedoc"; - ensurePermissions = { "DATABASE codimd" = "ALL PRIVILEGES";}; - } ]; - # ugly workaround to allow CodiMD to login without password — this service has lots of options, - # but apparently not for authentification, which even needs to be forced … - authentication = pkgs.lib.mkForce '' - # Generated file; do not edit! - local all all trust - host codimd hedgedoc ::1/18 trust - host codimd codimd ::1/128 trust - ''; - }; - # CodiMD itself - services.hedgedoc = { - enable = true; - workDir = "/var/codimd/"; - configuration = { - dbURL = "postgres:///codimd"; - port = 3000; - domain = "nix.stuebinm.eu"; - urlAddPort = false; - protocolUseSSL = true; - allowPDFExport = true; - host = "::"; - allowEmailRegister = false; - allowFreeURL = true; - uploadsPath = "/var/codimd/uploads"; - #email = false; - }; - }; - - systemd.services.hedgedoc.serviceConfig.ExecStart = pkgs.lib.mkForce "${hedgedoc-patched}/bin/hedgedoc"; - }; - }; - - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - services.nginx.virtualHosts."nix.stuebinm.eu" = { - locations."/" = { - proxyPass = "http://[" + config.containers.codimd.localAddress6 + "]:3000"; - proxyWebsockets = true; - }; - forceSSL = true; - enableACME = true; - }; -} |