]>
Commit | Line | Data |
---|---|---|
ab8f306d | 1 | { lib, pkgs, config, ... }: |
bf3b7671 | 2 | let |
ab8f306d | 3 | env = config.myEnv.tools.etherpad-lite; |
4288c2f2 | 4 | cfg = config.myServices.websites.tools.etherpad-lite; |
bf3b7671 IB |
5 | # Make sure we’re not rebuilding whole libreoffice just because of a |
6 | # dependency | |
7 | libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh; | |
5af8d43b | 8 | ecfg = config.services.etherpad-lite; |
bf3b7671 | 9 | in { |
4288c2f2 | 10 | options.myServices.websites.tools.etherpad-lite = { |
bf3b7671 IB |
11 | enable = lib.mkEnableOption "enable etherpad's website"; |
12 | }; | |
13 | ||
14 | config = lib.mkIf cfg.enable { | |
d2e703c5 | 15 | services.duplyBackup.profiles.etherpad-lite = { |
6a8252b1 IB |
16 | rootDir = "/var/lib/private/etherpad-lite"; |
17 | }; | |
1a718805 | 18 | secrets.keys = [ |
bf3b7671 IB |
19 | { |
20 | dest = "webapps/tools-etherpad-apikey"; | |
21 | permissions = "0400"; | |
22 | text = env.api_key; | |
23 | } | |
24 | { | |
25 | dest = "webapps/tools-etherpad-sessionkey"; | |
26 | permissions = "0400"; | |
27 | text = env.session_key; | |
28 | } | |
29 | { | |
30 | dest = "webapps/tools-etherpad"; | |
31 | permissions = "0400"; | |
32 | text = '' | |
33 | { | |
34 | "title": "Etherpad", | |
35 | "favicon": "favicon.ico", | |
d3e4c366 IB |
36 | "skinName": "colibris", |
37 | "skinVariants": "dark-toolbar light-background super-light-editor full-width-editor", | |
bf3b7671 | 38 | |
5af8d43b IB |
39 | "ip": "", |
40 | "port" : "${ecfg.sockets.node}", | |
bf3b7671 IB |
41 | "showSettingsInAdminPage" : false, |
42 | "dbType" : "postgres", | |
43 | "dbSettings" : { | |
44 | "user" : "${env.postgresql.user}", | |
45 | "host" : "${env.postgresql.socket}", | |
46 | "password": "${env.postgresql.password}", | |
47 | "database": "${env.postgresql.database}", | |
48 | "charset" : "utf8mb4" | |
49 | }, | |
50 | ||
51 | "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n", | |
52 | "padOptions": { | |
53 | "noColors": false, | |
54 | "showControls": true, | |
55 | "showChat": true, | |
56 | "showLineNumbers": true, | |
57 | "useMonospaceFont": false, | |
58 | "userName": false, | |
59 | "userColor": false, | |
60 | "rtl": false, | |
61 | "alwaysShowChat": false, | |
62 | "chatAndUsers": false, | |
78228078 | 63 | "lang": "fr" |
bf3b7671 IB |
64 | }, |
65 | ||
66 | "suppressErrorsInPadText" : false, | |
67 | "requireSession" : false, | |
68 | "editOnly" : false, | |
69 | "sessionNoPassword" : false, | |
70 | "minify" : true, | |
71 | "maxAge" : 21600, | |
72 | "abiword" : null, | |
73 | "soffice" : "${libreoffice}/bin/soffice", | |
78228078 | 74 | "tidyHtml" : "", |
bf3b7671 IB |
75 | "allowUnknownFileEnds" : true, |
76 | "requireAuthentication" : false, | |
77 | "requireAuthorization" : false, | |
78 | "trustProxy" : false, | |
79 | "disableIPlogging" : false, | |
80 | "automaticReconnectionTimeout" : 0, | |
81 | "scrollWhenFocusLineIsOutOfViewport": { | |
82 | "percentage": { | |
83 | "editionAboveViewport": 0, | |
84 | "editionBelowViewport": 0 | |
85 | }, | |
86 | "duration": 0, | |
87 | "scrollWhenCaretIsInTheLastLineOfViewport": false, | |
88 | "percentageToScrollWhenUserPressesArrowUp": 0 | |
89 | }, | |
90 | "users": { | |
f0d942ac IB |
91 | "admin": { |
92 | "password": "${env.adminPassword}", | |
93 | "is_admin": true | |
94 | }, | |
bf3b7671 | 95 | "ldapauth": { |
d3e4c366 | 96 | "hash": "invalid", |
bf3b7671 IB |
97 | "url": "ldaps://${env.ldap.host}", |
98 | "accountBase": "${env.ldap.base}", | |
ab8f306d | 99 | "accountPattern": "${env.ldap.filter}", |
bf3b7671 | 100 | "displayNameAttribute": "cn", |
ab8f306d | 101 | "searchDN": "${env.ldap.dn}", |
bf3b7671 IB |
102 | "searchPWD": "${env.ldap.password}", |
103 | "groupSearchBase": "${env.ldap.base}", | |
104 | "groupAttribute": "member", | |
105 | "groupAttributeIsDN": true, | |
106 | "searchScope": "sub", | |
ab8f306d | 107 | "groupSearch": "${env.ldap.group_filter}", |
bf3b7671 IB |
108 | "anonymousReadonly": false |
109 | } | |
110 | }, | |
f0d942ac IB |
111 | "ep_mypads": { |
112 | "warning": "This hash is stored in database, changing anything here will not have any consequence", | |
113 | "ldap": { | |
114 | "url": "ldaps://${env.ldap.host}", | |
115 | "bindDN": "${env.ldap.dn}", | |
116 | "bindCredentials": "${env.ldap.password}", | |
117 | "searchBase": "${env.ldap.base}", | |
118 | "searchFilter": "${env.ldap.filter}", | |
119 | "properties": { | |
120 | "login": "uid", | |
121 | "email": "mail", | |
122 | "firstname": "givenName", | |
123 | "lastname": "sn" | |
124 | }, | |
125 | "defaultLang": "fr" | |
126 | } | |
127 | }, | |
4b0a82cc IB |
128 | "ep_comments_page": { |
129 | "displayCommentAsIcon": true, | |
130 | "highlightSelectedText": true | |
131 | }, | |
bf3b7671 IB |
132 | "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"], |
133 | "loadTest": false, | |
134 | "indentationOnNewLine": false, | |
135 | "toolbar": { | |
136 | "left": [ | |
137 | ["bold", "italic", "underline", "strikethrough"], | |
138 | ["orderedlist", "unorderedlist", "indent", "outdent"], | |
139 | ["undo", "redo"], | |
140 | ["clearauthorship"] | |
141 | ], | |
142 | "right": [ | |
143 | ["importexport", "timeslider", "savedrevision"], | |
144 | ["settings", "embed"], | |
145 | ["showusers"] | |
146 | ], | |
147 | "timeslider": [ | |
148 | ["timeslider_export", "timeslider_returnToPad"] | |
149 | ] | |
150 | }, | |
151 | "loglevel": "INFO", | |
152 | "logconfig" : { "appenders": [ { "type": "console" } ] } | |
153 | } | |
154 | ''; | |
155 | } | |
156 | ]; | |
742c28ad IB |
157 | services.etherpad-lite = { |
158 | enable = true; | |
4b0a82cc IB |
159 | package = pkgs.webapps.etherpad-lite.withModules (p: [ |
160 | p.ep_align p.ep_bookmark p.ep_colors p.ep_comments_page | |
161 | p.ep_cursortrace p.ep_delete_empty_pads p.ep_embedmedia | |
162 | p.ep_font_size p.ep_headings2 p.ep_immae_buttons p.ep_ldapauth | |
163 | p.ep_line_height p.ep_markdown p.ep_mypads p.ep_page_view | |
164 | p.ep_previewimages p.ep_ruler p.ep_scrollto | |
165 | p.ep_set_title_on_pad p.ep_subscript_and_superscript | |
166 | p.ep_timesliderdiff | |
167 | ]); | |
168 | modules = []; | |
742c28ad IB |
169 | sessionKeyFile = "/var/secrets/webapps/tools-etherpad-sessionkey"; |
170 | apiKeyFile = "/var/secrets/webapps/tools-etherpad-apikey"; | |
171 | configFile = "/var/secrets/webapps/tools-etherpad"; | |
bf3b7671 IB |
172 | }; |
173 | ||
742c28ad | 174 | systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys"; |
78228078 IB |
175 | # Needed so that they get in the closure |
176 | systemd.services.etherpad-lite.path = [ libreoffice pkgs.html-tidy ]; | |
742c28ad | 177 | |
17f6eae9 IB |
178 | services.filesWatcher.etherpad-lite = { |
179 | restart = true; | |
180 | paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ]; | |
181 | }; | |
182 | ||
29f8cb85 | 183 | services.websites.env.tools.modules = [ |
bf3b7671 IB |
184 | "headers" "proxy" "proxy_http" "proxy_wstunnel" |
185 | ]; | |
29f8cb85 | 186 | services.websites.env.tools.vhostConfs.etherpad-lite = { |
bf3b7671 | 187 | certName = "eldiron"; |
7df420c2 | 188 | addToCerts = true; |
bf3b7671 IB |
189 | hosts = [ "ether.immae.eu" ]; |
190 | root = null; | |
191 | extraConfig = [ '' | |
192 | Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;" | |
193 | RequestHeader set X-Forwarded-Proto "https" | |
194 | ||
195 | RewriteEngine On | |
196 | ||
ab8f306d | 197 | RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" config.myEnv.tools.etherpad-lite.redirects}" |
bf3b7671 IB |
198 | RewriteCond %{QUERY_STRING} "!noredirect" |
199 | RewriteCond %{REQUEST_URI} "^(.*)$" | |
200 | RewriteCond ''${redirects:$1|Unknown} "!Unknown" | |
201 | RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD] | |
202 | ||
203 | RewriteCond %{REQUEST_URI} ^/socket.io [NC] | |
204 | RewriteCond %{QUERY_STRING} transport=websocket [NC] | |
5af8d43b | 205 | RewriteRule /(.*) unix://${ecfg.sockets.node}|ws://ether.immae.eu/$1 [P,NE,QSA,L] |
bf3b7671 IB |
206 | |
207 | <IfModule mod_proxy.c> | |
208 | ProxyVia On | |
209 | ProxyRequests Off | |
210 | ProxyPreserveHost On | |
5af8d43b IB |
211 | ProxyPass / unix://${ecfg.sockets.node}|http://ether.immae.eu/ |
212 | ProxyPassReverse / unix://${ecfg.sockets.node}|http://ether.immae.eu/ | |
bf3b7671 IB |
213 | <Proxy *> |
214 | Options FollowSymLinks MultiViews | |
215 | AllowOverride None | |
216 | Require all granted | |
217 | </Proxy> | |
218 | </IfModule> | |
219 | '' ]; | |
220 | }; | |
221 | }; | |
222 | } |