[perso/Immae/Config/Nix.git] / modules / private / websites / tools / ether / default.nix

{ lib, pkgs, config,  ... }:
let
  env = config.myEnv.tools.etherpad-lite;
  cfg = config.myServices.websites.tools.etherpad-lite;
  # Make sure we’re not rebuilding whole libreoffice just because of a
  # dependency
  libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
  ecfg = config.services.etherpad-lite;
in {
  options.myServices.websites.tools.etherpad-lite = {
    enable = lib.mkEnableOption "enable etherpad's website";
  };

  config = lib.mkIf cfg.enable {
    myServices.chatonsProperties.services.etherpad = {
      file.datetime = "2021-01-04T00:01:00";
      service = {
        name = "Etherpad";
        description = "Éditeur de texte collaboratif en temps réel. on peut y écrire simultanément.";
        website = "https://ether.immae.eu";
        logo = "https://ether.immae.eu/favicon.ico";
        status.level = "OK";
        status.description = "OK";
        registration."" = ["NONE" "MEMBER" "CLIENT"];
        registration.load = "OPEN";
        install.type = "PACKAGE";
      };
      software = {
        name = "Etherpad";
        website = "https://etherpad.org/";
        license.url = "https://github.com/ether/etherpad-lite/blob/develop/LICENSE";
        license.name = "Apache License Version 2.0";
        version = ecfg.package.version;
        source.url = "https://github.com/ether/etherpad-lite";
        modules = ecfg.package.moduleNames;
      };
    };
    secrets.keys = {
      "webapps/tools-etherpad-apikey" = {
        permissions = "0400";
        text = env.api_key;
      };
      "webapps/tools-etherpad-sessionkey" = {
        permissions = "0400";
        text = env.session_key;
      };
      "webapps/tools-etherpad" = {
        permissions = "0400";
        text = ''
          {
            "title": "Etherpad",
            "favicon": "favicon.ico",
            "skinName": "colibris",
            "skinVariants": "dark-toolbar light-background super-light-editor full-width-editor",

            "ip": "",
            "port" : "${ecfg.sockets.node}",
            "showSettingsInAdminPage" : false,
            "dbType" : "postgres",
            "dbSettings" : {
              "user"    : "${env.postgresql.user}",
              "host"    : "${env.postgresql.socket}",
              "password": "${env.postgresql.password}",
              "database": "${env.postgresql.database}",
              "charset" : "utf8mb4"
            },

            "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
            "padOptions": {
              "noColors": false,
              "showControls": true,
              "showChat": true,
              "showLineNumbers": true,
              "useMonospaceFont": false,
              "userName": false,
              "userColor": false,
              "rtl": false,
              "alwaysShowChat": false,
              "chatAndUsers": false,
              "lang": "fr"
            },

            "suppressErrorsInPadText" : false,
            "requireSession" : false,
            "editOnly" : false,
            "sessionNoPassword" : false,
            "minify" : false,
            "maxAge" : 21600,
            "abiword" : null,
            "soffice" : "${libreoffice}/bin/soffice",
            "tidyHtml" : "",
            "allowUnknownFileEnds" : true,
            "requireAuthentication" : false,
            "requireAuthorization" : false,
            "trustProxy" : true,
            "disableIPlogging" : false,
            "automaticReconnectionTimeout" : 0,
            "scrollWhenFocusLineIsOutOfViewport": {
              "percentage": {
                "editionAboveViewport": 0,
                "editionBelowViewport": 0
              },
              "duration": 0,
              "scrollWhenCaretIsInTheLastLineOfViewport": false,
              "percentageToScrollWhenUserPressesArrowUp": 0
            },
            "users": {
              "admin": {
                "password": "${env.adminPassword}",
                "is_admin": true
              },
              "ldapauth": {
                "hash": "invalid",
                "url": "ldaps://${env.ldap.host}",
                "accountBase": "${env.ldap.base}",
                "accountPattern": "${env.ldap.filter}",
                "displayNameAttribute": "cn",
                "searchDN": "${env.ldap.dn}",
                "searchPWD": "${env.ldap.password}",
                "groupSearchBase": "${env.ldap.base}",
                "groupAttribute": "member",
                "groupAttributeIsDN": true,
                "searchScope": "sub",
                "groupSearch": "${env.ldap.group_filter}",
                "anonymousReadonly": false
              }
            },
            "ep_mypads": {
              "warning": "This hash is stored in database, changing anything here will not have any consequence",
              "ldap": {
                "url": "ldaps://${env.ldap.host}",
                "bindDN": "${env.ldap.dn}",
                "bindCredentials": "${env.ldap.password}",
                "searchBase": "${env.ldap.base}",
                "searchFilter": "${env.ldap.filter}",
                "properties": {
                  "login": "uid",
                  "email": "mail",
                  "firstname": "givenName",
                  "lastname": "sn"
                },
                "defaultLang": "fr"
              }
            },
            "ep_comments_page": {
              "displayCommentAsIcon": true,
              "highlightSelectedText": true
            },
            "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
            "loadTest": false,
            "indentationOnNewLine": false,
            "toolbar": {
              "left": [
                ["bold", "italic", "underline", "strikethrough"],
                ["orderedlist", "unorderedlist", "indent", "outdent"],
                ["undo", "redo"],
                ["clearauthorship"]
              ],
              "right": [
                ["importexport", "timeslider", "savedrevision"],
                ["settings", "embed"],
                ["showusers"]
              ],
              "timeslider": [
                ["timeslider_export", "timeslider_returnToPad"]
              ]
            },
            "loglevel": "INFO",
            "logconfig" : { "appenders": [ { "type": "console" } ] }
          }
        '';
      };
    };
    services.etherpad-lite = {
      enable = true;
      package = pkgs.webapps.etherpad-lite.withModules (p: [
        p.ep_align p.ep_bookmark p.ep_colors p.ep_comments_page
        p.ep_cursortrace p.ep_delete_empty_pads p.ep_embedmedia
        p.ep_font_size p.ep_headings2 p.ep_immae_buttons p.ep_ldapauth
        p.ep_line_height p.ep_markdown p.ep_mypads p.ep_page_view
        p.ep_previewimages p.ep_ruler p.ep_scrollto
        p.ep_set_title_on_pad p.ep_subscript_and_superscript
        p.ep_timesliderdiff
      ]);
      modules = [];
      sessionKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-sessionkey";
      apiKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-apikey";
      configFile = config.secrets.fullPaths."webapps/tools-etherpad";
    };

    systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
    systemd.services.etherpad-lite-cleanup.serviceConfig.SupplementaryGroups = "keys";
    # Needed so that they get in the closure
    systemd.services.etherpad-lite.path = [ libreoffice pkgs.html-tidy ];

    services.filesWatcher.etherpad-lite = {
      restart = true;
      paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ];
    };

    services.websites.env.tools.modules = [
      "headers" "proxy" "proxy_http" "proxy_wstunnel"
    ];
    services.websites.env.tools.vhostConfs.etherpad-lite = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = [ "ether.immae.eu" ];
      root        = null;
      extraConfig = [ ''
        Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
        RequestHeader set X-Forwarded-Proto "https"

        RewriteEngine On

        RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
        RewriteCond %{QUERY_STRING} transport=websocket    [NC]
        RewriteRule /(.*)           unix://${ecfg.sockets.node}|ws://ether.immae.eu/$1 [P,NE,QSA,L]

        <IfModule mod_proxy.c>
          ProxyVia On
          ProxyRequests Off
          ProxyPreserveHost On
          ProxyPass         / unix://${ecfg.sockets.node}|http://ether.immae.eu/
          ProxyPassReverse  / unix://${ecfg.sockets.node}|http://ether.immae.eu/
          <Proxy *>
            Options FollowSymLinks MultiViews
            AllowOverride None
            Require all granted
          </Proxy>
        </IfModule>
      '' ];
    };
  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
bf3b7671	2	let
ab8f306d	3	env = config.myEnv.tools.etherpad-lite;
4288c2f2	4	cfg = config.myServices.websites.tools.etherpad-lite;
bf3b7671 IB	5	# Make sure we’re not rebuilding whole libreoffice just because of a
	6	# dependency
	7	libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
5af8d43b	8	ecfg = config.services.etherpad-lite;
bf3b7671	9	in {
4288c2f2	10	options.myServices.websites.tools.etherpad-lite = {
bf3b7671 IB	11	enable = lib.mkEnableOption "enable etherpad's website";
	12	};
	13
	14	config = lib.mkIf cfg.enable {
120bcf4d IB	15	myServices.chatonsProperties.services.etherpad = {
	16	file.datetime = "2021-01-04T00:01:00";
	17	service = {
	18	name = "Etherpad";
	19	description = "Éditeur de texte collaboratif en temps réel. on peut y écrire simultanément.";
	20	website = "https://ether.immae.eu";
	21	logo = "https://ether.immae.eu/favicon.ico";
	22	status.level = "OK";
	23	status.description = "OK";
	24	registration."" = ["NONE" "MEMBER" "CLIENT"];
	25	registration.load = "OPEN";
	26	install.type = "PACKAGE";
	27	};
	28	software = {
	29	name = "Etherpad";
	30	website = "https://etherpad.org/";
	31	license.url = "https://github.com/ether/etherpad-lite/blob/develop/LICENSE";
	32	license.name = "Apache License Version 2.0";
	33	version = ecfg.package.version;
	34	source.url = "https://github.com/ether/etherpad-lite";
	35	modules = ecfg.package.moduleNames;
	36	};
	37	};
4c4652aa IB	38	secrets.keys = {
4c4652aa IB	39	"webapps/tools-etherpad-apikey" = {
bf3b7671 IB	40	permissions = "0400";
bf3b7671 IB	41	text = env.api_key;
4c4652aa IB	42	};
4c4652aa IB	43	"webapps/tools-etherpad-sessionkey" = {
bf3b7671 IB	44	permissions = "0400";
bf3b7671 IB	45	text = env.session_key;
4c4652aa IB	46	};
4c4652aa IB	47	"webapps/tools-etherpad" = {
bf3b7671 IB	48	permissions = "0400";
	49	text = ''
	50	{
	51	"title": "Etherpad",
	52	"favicon": "favicon.ico",
d3e4c366 IB	53	"skinName": "colibris",
d3e4c366 IB	54	"skinVariants": "dark-toolbar light-background super-light-editor full-width-editor",
bf3b7671	55
5af8d43b IB	56	"ip": "",
5af8d43b IB	57	"port" : "${ecfg.sockets.node}",
bf3b7671 IB	58	"showSettingsInAdminPage" : false,
	59	"dbType" : "postgres",
	60	"dbSettings" : {
	61	"user" : "${env.postgresql.user}",
	62	"host" : "${env.postgresql.socket}",
	63	"password": "${env.postgresql.password}",
	64	"database": "${env.postgresql.database}",
	65	"charset" : "utf8mb4"
	66	},
	67
	68	"defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
	69	"padOptions": {
	70	"noColors": false,
	71	"showControls": true,
	72	"showChat": true,
	73	"showLineNumbers": true,
	74	"useMonospaceFont": false,
	75	"userName": false,
	76	"userColor": false,
	77	"rtl": false,
	78	"alwaysShowChat": false,
	79	"chatAndUsers": false,
78228078	80	"lang": "fr"
bf3b7671 IB	81	},
	82
	83	"suppressErrorsInPadText" : false,
	84	"requireSession" : false,
	85	"editOnly" : false,
	86	"sessionNoPassword" : false,
1f1c7c69	87	"minify" : false,
bf3b7671 IB	88	"maxAge" : 21600,
	89	"abiword" : null,
	90	"soffice" : "${libreoffice}/bin/soffice",
78228078	91	"tidyHtml" : "",
bf3b7671 IB	92	"allowUnknownFileEnds" : true,
	93	"requireAuthentication" : false,
	94	"requireAuthorization" : false,
1f1c7c69	95	"trustProxy" : true,
bf3b7671 IB	96	"disableIPlogging" : false,
	97	"automaticReconnectionTimeout" : 0,
	98	"scrollWhenFocusLineIsOutOfViewport": {
	99	"percentage": {
	100	"editionAboveViewport": 0,
	101	"editionBelowViewport": 0
	102	},
	103	"duration": 0,
	104	"scrollWhenCaretIsInTheLastLineOfViewport": false,
	105	"percentageToScrollWhenUserPressesArrowUp": 0
	106	},
	107	"users": {
f0d942ac IB	108	"admin": {
	109	"password": "${env.adminPassword}",
	110	"is_admin": true
	111	},
bf3b7671	112	"ldapauth": {
d3e4c366	113	"hash": "invalid",
bf3b7671 IB	114	"url": "ldaps://${env.ldap.host}",
bf3b7671 IB	115	"accountBase": "${env.ldap.base}",
ab8f306d	116	"accountPattern": "${env.ldap.filter}",
bf3b7671	117	"displayNameAttribute": "cn",
ab8f306d	118	"searchDN": "${env.ldap.dn}",
bf3b7671 IB	119	"searchPWD": "${env.ldap.password}",
	120	"groupSearchBase": "${env.ldap.base}",
	121	"groupAttribute": "member",
	122	"groupAttributeIsDN": true,
	123	"searchScope": "sub",
ab8f306d	124	"groupSearch": "${env.ldap.group_filter}",
bf3b7671 IB	125	"anonymousReadonly": false
	126	}
	127	},
f0d942ac IB	128	"ep_mypads": {
	129	"warning": "This hash is stored in database, changing anything here will not have any consequence",
	130	"ldap": {
	131	"url": "ldaps://${env.ldap.host}",
	132	"bindDN": "${env.ldap.dn}",
	133	"bindCredentials": "${env.ldap.password}",
	134	"searchBase": "${env.ldap.base}",
	135	"searchFilter": "${env.ldap.filter}",
	136	"properties": {
	137	"login": "uid",
	138	"email": "mail",
	139	"firstname": "givenName",
	140	"lastname": "sn"
	141	},
	142	"defaultLang": "fr"
	143	}
	144	},
4b0a82cc IB	145	"ep_comments_page": {
	146	"displayCommentAsIcon": true,
	147	"highlightSelectedText": true
	148	},
bf3b7671 IB	149	"socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
	150	"loadTest": false,
	151	"indentationOnNewLine": false,
	152	"toolbar": {
	153	"left": [
	154	["bold", "italic", "underline", "strikethrough"],
	155	["orderedlist", "unorderedlist", "indent", "outdent"],
	156	["undo", "redo"],
	157	["clearauthorship"]
	158	],
	159	"right": [
	160	["importexport", "timeslider", "savedrevision"],
	161	["settings", "embed"],
	162	["showusers"]
	163	],
	164	"timeslider": [
	165	["timeslider_export", "timeslider_returnToPad"]
	166	]
	167	},
	168	"loglevel": "INFO",
	169	"logconfig" : { "appenders": [ { "type": "console" } ] }
	170	}
	171	'';
4c4652aa IB	172	};
4c4652aa IB	173	};
742c28ad IB	174	services.etherpad-lite = {
742c28ad IB	175	enable = true;
4b0a82cc IB	176	package = pkgs.webapps.etherpad-lite.withModules (p: [
	177	p.ep_align p.ep_bookmark p.ep_colors p.ep_comments_page
	178	p.ep_cursortrace p.ep_delete_empty_pads p.ep_embedmedia
	179	p.ep_font_size p.ep_headings2 p.ep_immae_buttons p.ep_ldapauth
	180	p.ep_line_height p.ep_markdown p.ep_mypads p.ep_page_view
	181	p.ep_previewimages p.ep_ruler p.ep_scrollto
	182	p.ep_set_title_on_pad p.ep_subscript_and_superscript
	183	p.ep_timesliderdiff
	184	]);
	185	modules = [];
da30ae4f IB	186	sessionKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-sessionkey";
	187	apiKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-apikey";
	188	configFile = config.secrets.fullPaths."webapps/tools-etherpad";
bf3b7671 IB	189	};
bf3b7671 IB	190
742c28ad	191	systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
1f1c7c69	192	systemd.services.etherpad-lite-cleanup.serviceConfig.SupplementaryGroups = "keys";
78228078 IB	193	# Needed so that they get in the closure
78228078 IB	194	systemd.services.etherpad-lite.path = [ libreoffice pkgs.html-tidy ];
742c28ad	195
17f6eae9 IB	196	services.filesWatcher.etherpad-lite = {
	197	restart = true;
	198	paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ];
	199	};
	200
29f8cb85	201	services.websites.env.tools.modules = [
bf3b7671 IB	202	"headers" "proxy" "proxy_http" "proxy_wstunnel"
bf3b7671 IB	203	];
29f8cb85	204	services.websites.env.tools.vhostConfs.etherpad-lite = {
bf3b7671	205	certName = "eldiron";
7df420c2	206	addToCerts = true;
bf3b7671 IB	207	hosts = [ "ether.immae.eu" ];
	208	root = null;
	209	extraConfig = [ ''
	210	Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
	211	RequestHeader set X-Forwarded-Proto "https"
	212
	213	RewriteEngine On
	214
bf3b7671 IB	215	RewriteCond %{REQUEST_URI} ^/socket.io [NC]
bf3b7671 IB	216	RewriteCond %{QUERY_STRING} transport=websocket [NC]
5af8d43b	217	RewriteRule /(.*) unix://${ecfg.sockets.node}\|ws://ether.immae.eu/$1 [P,NE,QSA,L]
bf3b7671 IB	218
	219	<IfModule mod_proxy.c>
	220	ProxyVia On
	221	ProxyRequests Off
	222	ProxyPreserveHost On
5af8d43b IB	223	ProxyPass / unix://${ecfg.sockets.node}\|http://ether.immae.eu/
5af8d43b IB	224	ProxyPassReverse / unix://${ecfg.sockets.node}\|http://ether.immae.eu/
bf3b7671 IB	225	<Proxy *>
	226	Options FollowSymLinks MultiViews
	227	AllowOverride None
	228	Require all granted
	229	</Proxy>
	230	</IfModule>
	231	'' ];
	232	};
	233	};
	234	}