summaryrefslogtreecommitdiff
path: root/hosts/flora/services/hedgedoc.nix
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/flora/services/hedgedoc.nix')
-rw-r--r--hosts/flora/services/hedgedoc.nix77
1 files changed, 0 insertions, 77 deletions
diff --git a/hosts/flora/services/hedgedoc.nix b/hosts/flora/services/hedgedoc.nix
deleted file mode 100644
index 038f99f..0000000
--- a/hosts/flora/services/hedgedoc.nix
+++ /dev/null
@@ -1,77 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
- hedgedoc-patched = pkgs.hedgedoc.overrideAttrs (old: {
- src = pkgs.fetchgit {
- url = "https://stuebinm.eu/git/hedgedoc";
- rev = "b0f98a43381486995b99ed79e0eabb3af149dbf3";
- sha256 = "1199k5q8wampkw2ri4wgwzqgh1ff0l4kdxx9h8ywqy2f7faf922c";
- };
- });
-in
-{
- # Container containing CodiMD and its database
- # has its own internal network; needs a reverse-proxy to be reachable from the outside
- # TODO: persistent memory for pads
- containers.codimd = {
- autoStart = true;
- privateNetwork = true;
- hostAddress6 = "fd00::42:10";
- localAddress6 = "fd00::42:11";
-
- config = {config, pkgs, ... }: {
- # open CodiMD port
- networking.firewall.allowedTCPPorts = [ config.services.hedgedoc.configuration.port ];
-
- # database (postgres 11), with default database reachable for CodiMD; no imperative config needed!
- services.postgresql = {
- enable = true;
- package = pkgs.postgresql_11;
- ensureDatabases = [ "codimd" ];
- ensureUsers = [ {
- name = "hedgedoc";
- ensurePermissions = { "DATABASE codimd" = "ALL PRIVILEGES";};
- } ];
- # ugly workaround to allow CodiMD to login without password — this service has lots of options,
- # but apparently not for authentification, which even needs to be forced …
- authentication = pkgs.lib.mkForce ''
- # Generated file; do not edit!
- local all all trust
- host codimd hedgedoc ::1/18 trust
- host codimd codimd ::1/128 trust
- '';
- };
- # CodiMD itself
- services.hedgedoc = {
- enable = true;
- workDir = "/var/codimd/";
- configuration = {
- dbURL = "postgres:///codimd";
- port = 3000;
- domain = "nix.stuebinm.eu";
- urlAddPort = false;
- protocolUseSSL = true;
- allowPDFExport = true;
- host = "::";
- allowEmailRegister = false;
- allowFreeURL = true;
- uploadsPath = "/var/codimd/uploads";
- #email = false;
- };
- };
-
- systemd.services.hedgedoc.serviceConfig.ExecStart = pkgs.lib.mkForce "${hedgedoc-patched}/bin/hedgedoc";
- };
- };
-
-
- networking.firewall.allowedTCPPorts = [ 80 443 ];
-
- services.nginx.virtualHosts."nix.stuebinm.eu" = {
- locations."/" = {
- proxyPass = "http://[" + config.containers.codimd.localAddress6 + "]:3000";
- proxyWebsockets = true;
- };
- forceSSL = true;
- enableACME = true;
- };
-}