{ config, lib, pkgs, ... }: { # Container containing CodiMD and its database # has its own internal network; needs a reverse-proxy to be reachable from the outside # TODO: persistent memory for pads containers.codimd = { autoStart = true; privateNetwork = true; hostAddress6 = "fd00::42:10"; localAddress6 = "fd00::42:11"; config = {config, pkgs, ... }: { # open CodiMD port networking.firewall.allowedTCPPorts = [ config.services.codimd.configuration.port ]; # database (postgres 11), with default database reachable for CodiMD; no imperative config needed! services.postgresql = { enable = true; package = pkgs.postgresql_11; ensureDatabases = [ "codimd" ]; ensureUsers = [ { name = "codimd"; ensurePermissions = { "DATABASE codimd" = "ALL PRIVILEGES";}; } ]; # ugly workaround to allow CodiMD to login without password — this service has lots of options, # but apparently not for authentification, which even needs to be forced … authentication = pkgs.lib.mkForce '' # Generated file; do not edit! local all all trust host codimd codimd ::1/128 trust ''; }; # CodiMD itself services.hedgedoc = { enable = true; workDir = "/var/codimd/"; configuration = { dbURL = "postgres:///codimd"; port = 3000; domain = "nix.stuebinm.eu"; urlAddPort = false; protocolUseSSL = true; allowPDFExport = true; host = "::"; allowEmailRegister = false; allowFreeURL = true; uploadsPath = "/var/codimd/uploads"; #email = false; }; }; }; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; services.nginx.virtualHosts."nix.stuebinm.eu" = { locations."/" = { proxyPass = "http://[" + config.containers.codimd.localAddress6 + "]:3000"; proxyWebsockets = true; }; forceSSL = true; enableACME = true; }; }