]>
Commit | Line | Data |
---|---|---|
ab8f306d | 1 | { lib, pkgs, config, ... }: |
bf3b7671 | 2 | let |
ab8f306d | 3 | env = config.myEnv.tools.etherpad-lite; |
4288c2f2 | 4 | cfg = config.myServices.websites.tools.etherpad-lite; |
bf3b7671 IB |
5 | # Make sure we’re not rebuilding whole libreoffice just because of a |
6 | # dependency | |
7 | libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh; | |
5af8d43b | 8 | ecfg = config.services.etherpad-lite; |
bf3b7671 | 9 | in { |
4288c2f2 | 10 | options.myServices.websites.tools.etherpad-lite = { |
bf3b7671 IB |
11 | enable = lib.mkEnableOption "enable etherpad's website"; |
12 | }; | |
13 | ||
14 | config = lib.mkIf cfg.enable { | |
d2e703c5 | 15 | services.duplyBackup.profiles.etherpad-lite = { |
6a8252b1 IB |
16 | rootDir = "/var/lib/private/etherpad-lite"; |
17 | }; | |
1a718805 | 18 | secrets.keys = [ |
bf3b7671 IB |
19 | { |
20 | dest = "webapps/tools-etherpad-apikey"; | |
21 | permissions = "0400"; | |
22 | text = env.api_key; | |
23 | } | |
24 | { | |
25 | dest = "webapps/tools-etherpad-sessionkey"; | |
26 | permissions = "0400"; | |
27 | text = env.session_key; | |
28 | } | |
29 | { | |
30 | dest = "webapps/tools-etherpad"; | |
31 | permissions = "0400"; | |
32 | text = '' | |
33 | { | |
34 | "title": "Etherpad", | |
35 | "favicon": "favicon.ico", | |
36 | ||
5af8d43b IB |
37 | "ip": "", |
38 | "port" : "${ecfg.sockets.node}", | |
bf3b7671 IB |
39 | "showSettingsInAdminPage" : false, |
40 | "dbType" : "postgres", | |
41 | "dbSettings" : { | |
42 | "user" : "${env.postgresql.user}", | |
43 | "host" : "${env.postgresql.socket}", | |
44 | "password": "${env.postgresql.password}", | |
45 | "database": "${env.postgresql.database}", | |
46 | "charset" : "utf8mb4" | |
47 | }, | |
48 | ||
49 | "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n", | |
50 | "padOptions": { | |
51 | "noColors": false, | |
52 | "showControls": true, | |
53 | "showChat": true, | |
54 | "showLineNumbers": true, | |
55 | "useMonospaceFont": false, | |
56 | "userName": false, | |
57 | "userColor": false, | |
58 | "rtl": false, | |
59 | "alwaysShowChat": false, | |
60 | "chatAndUsers": false, | |
61 | "lang": "en-gb" | |
62 | }, | |
63 | ||
64 | "suppressErrorsInPadText" : false, | |
65 | "requireSession" : false, | |
66 | "editOnly" : false, | |
67 | "sessionNoPassword" : false, | |
68 | "minify" : true, | |
69 | "maxAge" : 21600, | |
70 | "abiword" : null, | |
71 | "soffice" : "${libreoffice}/bin/soffice", | |
72 | "tidyHtml" : "${pkgs.html-tidy}/bin/tidy", | |
73 | "allowUnknownFileEnds" : true, | |
74 | "requireAuthentication" : false, | |
75 | "requireAuthorization" : false, | |
76 | "trustProxy" : false, | |
77 | "disableIPlogging" : false, | |
78 | "automaticReconnectionTimeout" : 0, | |
79 | "scrollWhenFocusLineIsOutOfViewport": { | |
80 | "percentage": { | |
81 | "editionAboveViewport": 0, | |
82 | "editionBelowViewport": 0 | |
83 | }, | |
84 | "duration": 0, | |
85 | "scrollWhenCaretIsInTheLastLineOfViewport": false, | |
86 | "percentageToScrollWhenUserPressesArrowUp": 0 | |
87 | }, | |
88 | "users": { | |
89 | "ldapauth": { | |
90 | "url": "ldaps://${env.ldap.host}", | |
91 | "accountBase": "${env.ldap.base}", | |
ab8f306d | 92 | "accountPattern": "${env.ldap.filter}", |
bf3b7671 | 93 | "displayNameAttribute": "cn", |
ab8f306d | 94 | "searchDN": "${env.ldap.dn}", |
bf3b7671 IB |
95 | "searchPWD": "${env.ldap.password}", |
96 | "groupSearchBase": "${env.ldap.base}", | |
97 | "groupAttribute": "member", | |
98 | "groupAttributeIsDN": true, | |
99 | "searchScope": "sub", | |
ab8f306d | 100 | "groupSearch": "${env.ldap.group_filter}", |
bf3b7671 IB |
101 | "anonymousReadonly": false |
102 | } | |
103 | }, | |
104 | "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"], | |
105 | "loadTest": false, | |
106 | "indentationOnNewLine": false, | |
107 | "toolbar": { | |
108 | "left": [ | |
109 | ["bold", "italic", "underline", "strikethrough"], | |
110 | ["orderedlist", "unorderedlist", "indent", "outdent"], | |
111 | ["undo", "redo"], | |
112 | ["clearauthorship"] | |
113 | ], | |
114 | "right": [ | |
115 | ["importexport", "timeslider", "savedrevision"], | |
116 | ["settings", "embed"], | |
117 | ["showusers"] | |
118 | ], | |
119 | "timeslider": [ | |
120 | ["timeslider_export", "timeslider_returnToPad"] | |
121 | ] | |
122 | }, | |
123 | "loglevel": "INFO", | |
124 | "logconfig" : { "appenders": [ { "type": "console" } ] } | |
125 | } | |
126 | ''; | |
127 | } | |
128 | ]; | |
742c28ad IB |
129 | services.etherpad-lite = { |
130 | enable = true; | |
131 | modules = builtins.attrValues pkgs.webapps.etherpad-lite-modules; | |
132 | sessionKeyFile = "/var/secrets/webapps/tools-etherpad-sessionkey"; | |
133 | apiKeyFile = "/var/secrets/webapps/tools-etherpad-apikey"; | |
134 | configFile = "/var/secrets/webapps/tools-etherpad"; | |
bf3b7671 IB |
135 | }; |
136 | ||
742c28ad IB |
137 | systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys"; |
138 | ||
17f6eae9 IB |
139 | services.filesWatcher.etherpad-lite = { |
140 | restart = true; | |
141 | paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ]; | |
142 | }; | |
143 | ||
29f8cb85 | 144 | services.websites.env.tools.modules = [ |
bf3b7671 IB |
145 | "headers" "proxy" "proxy_http" "proxy_wstunnel" |
146 | ]; | |
29f8cb85 | 147 | services.websites.env.tools.vhostConfs.etherpad-lite = { |
bf3b7671 | 148 | certName = "eldiron"; |
7df420c2 | 149 | addToCerts = true; |
bf3b7671 IB |
150 | hosts = [ "ether.immae.eu" ]; |
151 | root = null; | |
152 | extraConfig = [ '' | |
153 | Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;" | |
154 | RequestHeader set X-Forwarded-Proto "https" | |
155 | ||
156 | RewriteEngine On | |
157 | ||
ab8f306d | 158 | RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" config.myEnv.tools.etherpad-lite.redirects}" |
bf3b7671 IB |
159 | RewriteCond %{QUERY_STRING} "!noredirect" |
160 | RewriteCond %{REQUEST_URI} "^(.*)$" | |
161 | RewriteCond ''${redirects:$1|Unknown} "!Unknown" | |
162 | RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD] | |
163 | ||
164 | RewriteCond %{REQUEST_URI} ^/socket.io [NC] | |
165 | RewriteCond %{QUERY_STRING} transport=websocket [NC] | |
5af8d43b | 166 | RewriteRule /(.*) unix://${ecfg.sockets.node}|ws://ether.immae.eu/$1 [P,NE,QSA,L] |
bf3b7671 IB |
167 | |
168 | <IfModule mod_proxy.c> | |
169 | ProxyVia On | |
170 | ProxyRequests Off | |
171 | ProxyPreserveHost On | |
5af8d43b IB |
172 | ProxyPass / unix://${ecfg.sockets.node}|http://ether.immae.eu/ |
173 | ProxyPassReverse / unix://${ecfg.sockets.node}|http://ether.immae.eu/ | |
bf3b7671 IB |
174 | <Proxy *> |
175 | Options FollowSymLinks MultiViews | |
176 | AllowOverride None | |
177 | Require all granted | |
178 | </Proxy> | |
179 | </IfModule> | |
180 | '' ]; | |
181 | }; | |
182 | }; | |
183 | } |