]>
Commit | Line | Data |
---|---|---|
1 | { lib, pkgs, config, ... }: | |
2 | let | |
3 | env = config.myEnv.tools.etherpad-lite; | |
4 | cfg = config.myServices.websites.tools.etherpad-lite; | |
5 | # Make sure we’re not rebuilding whole libreoffice just because of a | |
6 | # dependency | |
7 | libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh; | |
8 | ecfg = config.services.etherpad-lite; | |
9 | in { | |
10 | options.myServices.websites.tools.etherpad-lite = { | |
11 | enable = lib.mkEnableOption "enable etherpad's website"; | |
12 | }; | |
13 | ||
14 | config = lib.mkIf cfg.enable { | |
15 | myServices.chatonsProperties.services.etherpad = { | |
16 | file.datetime = "2021-01-04T00:01:00"; | |
17 | service = { | |
18 | name = "Etherpad"; | |
19 | description = "Éditeur de texte collaboratif en temps réel. on peut y écrire simultanément."; | |
20 | website = "https://ether.immae.eu"; | |
21 | logo = "https://ether.immae.eu/favicon.ico"; | |
22 | status.level = "OK"; | |
23 | status.description = "OK"; | |
24 | registration."" = ["NONE" "MEMBER" "CLIENT"]; | |
25 | registration.load = "OPEN"; | |
26 | install.type = "PACKAGE"; | |
27 | }; | |
28 | software = { | |
29 | name = "Etherpad"; | |
30 | website = "https://etherpad.org/"; | |
31 | license.url = "https://github.com/ether/etherpad-lite/blob/develop/LICENSE"; | |
32 | license.name = "Apache License Version 2.0"; | |
33 | version = ecfg.package.version; | |
34 | source.url = "https://github.com/ether/etherpad-lite"; | |
35 | modules = ecfg.package.moduleNames; | |
36 | }; | |
37 | }; | |
38 | secrets.keys = { | |
39 | "webapps/tools-etherpad-apikey" = { | |
40 | permissions = "0400"; | |
41 | text = env.api_key; | |
42 | }; | |
43 | "webapps/tools-etherpad-sessionkey" = { | |
44 | permissions = "0400"; | |
45 | text = env.session_key; | |
46 | }; | |
47 | "webapps/tools-etherpad" = { | |
48 | permissions = "0400"; | |
49 | text = '' | |
50 | { | |
51 | "title": "Etherpad", | |
52 | "favicon": "favicon.ico", | |
53 | "skinName": "colibris", | |
54 | "skinVariants": "dark-toolbar light-background super-light-editor full-width-editor", | |
55 | ||
56 | "ip": "", | |
57 | "port" : "${ecfg.sockets.node}", | |
58 | "showSettingsInAdminPage" : false, | |
59 | "dbType" : "postgres", | |
60 | "dbSettings" : { | |
61 | "user" : "${env.postgresql.user}", | |
62 | "host" : "${env.postgresql.socket}", | |
63 | "password": "${env.postgresql.password}", | |
64 | "database": "${env.postgresql.database}", | |
65 | "charset" : "utf8mb4" | |
66 | }, | |
67 | ||
68 | "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n", | |
69 | "padOptions": { | |
70 | "noColors": false, | |
71 | "showControls": true, | |
72 | "showChat": true, | |
73 | "showLineNumbers": true, | |
74 | "useMonospaceFont": false, | |
75 | "userName": false, | |
76 | "userColor": false, | |
77 | "rtl": false, | |
78 | "alwaysShowChat": false, | |
79 | "chatAndUsers": false, | |
80 | "lang": "fr" | |
81 | }, | |
82 | ||
83 | "suppressErrorsInPadText" : false, | |
84 | "requireSession" : false, | |
85 | "editOnly" : false, | |
86 | "sessionNoPassword" : false, | |
87 | "minify" : false, | |
88 | "maxAge" : 21600, | |
89 | "abiword" : null, | |
90 | "soffice" : "${libreoffice}/bin/soffice", | |
91 | "tidyHtml" : "", | |
92 | "allowUnknownFileEnds" : true, | |
93 | "requireAuthentication" : false, | |
94 | "requireAuthorization" : false, | |
95 | "trustProxy" : true, | |
96 | "disableIPlogging" : false, | |
97 | "automaticReconnectionTimeout" : 0, | |
98 | "scrollWhenFocusLineIsOutOfViewport": { | |
99 | "percentage": { | |
100 | "editionAboveViewport": 0, | |
101 | "editionBelowViewport": 0 | |
102 | }, | |
103 | "duration": 0, | |
104 | "scrollWhenCaretIsInTheLastLineOfViewport": false, | |
105 | "percentageToScrollWhenUserPressesArrowUp": 0 | |
106 | }, | |
107 | "users": { | |
108 | "admin": { | |
109 | "password": "${env.adminPassword}", | |
110 | "is_admin": true | |
111 | }, | |
112 | "ldapauth": { | |
113 | "hash": "invalid", | |
114 | "url": "ldaps://${env.ldap.host}", | |
115 | "accountBase": "${env.ldap.base}", | |
116 | "accountPattern": "${env.ldap.filter}", | |
117 | "displayNameAttribute": "cn", | |
118 | "searchDN": "${env.ldap.dn}", | |
119 | "searchPWD": "${env.ldap.password}", | |
120 | "groupSearchBase": "${env.ldap.base}", | |
121 | "groupAttribute": "member", | |
122 | "groupAttributeIsDN": true, | |
123 | "searchScope": "sub", | |
124 | "groupSearch": "${env.ldap.group_filter}", | |
125 | "anonymousReadonly": false | |
126 | } | |
127 | }, | |
128 | "ep_mypads": { | |
129 | "warning": "This hash is stored in database, changing anything here will not have any consequence", | |
130 | "ldap": { | |
131 | "url": "ldaps://${env.ldap.host}", | |
132 | "bindDN": "${env.ldap.dn}", | |
133 | "bindCredentials": "${env.ldap.password}", | |
134 | "searchBase": "${env.ldap.base}", | |
135 | "searchFilter": "${env.ldap.filter}", | |
136 | "properties": { | |
137 | "login": "uid", | |
138 | "email": "mail", | |
139 | "firstname": "givenName", | |
140 | "lastname": "sn" | |
141 | }, | |
142 | "defaultLang": "fr" | |
143 | } | |
144 | }, | |
145 | "ep_comments_page": { | |
146 | "displayCommentAsIcon": true, | |
147 | "highlightSelectedText": true | |
148 | }, | |
149 | "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"], | |
150 | "loadTest": false, | |
151 | "indentationOnNewLine": false, | |
152 | "toolbar": { | |
153 | "left": [ | |
154 | ["bold", "italic", "underline", "strikethrough"], | |
155 | ["orderedlist", "unorderedlist", "indent", "outdent"], | |
156 | ["undo", "redo"], | |
157 | ["clearauthorship"] | |
158 | ], | |
159 | "right": [ | |
160 | ["importexport", "timeslider", "savedrevision"], | |
161 | ["settings", "embed"], | |
162 | ["showusers"] | |
163 | ], | |
164 | "timeslider": [ | |
165 | ["timeslider_export", "timeslider_returnToPad"] | |
166 | ] | |
167 | }, | |
168 | "loglevel": "INFO", | |
169 | "logconfig" : { "appenders": [ { "type": "console" } ] } | |
170 | } | |
171 | ''; | |
172 | }; | |
173 | }; | |
174 | services.etherpad-lite = { | |
175 | enable = true; | |
176 | package = pkgs.webapps.etherpad-lite.withModules (p: [ | |
177 | p.ep_align p.ep_bookmark p.ep_colors p.ep_comments_page | |
178 | p.ep_cursortrace p.ep_delete_empty_pads p.ep_embedmedia | |
179 | p.ep_font_size p.ep_headings2 p.ep_immae_buttons p.ep_ldapauth | |
180 | p.ep_line_height p.ep_markdown p.ep_mypads p.ep_page_view | |
181 | p.ep_previewimages p.ep_ruler p.ep_scrollto | |
182 | p.ep_set_title_on_pad p.ep_subscript_and_superscript | |
183 | p.ep_timesliderdiff | |
184 | ]); | |
185 | modules = []; | |
186 | sessionKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-sessionkey"; | |
187 | apiKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-apikey"; | |
188 | configFile = config.secrets.fullPaths."webapps/tools-etherpad"; | |
189 | }; | |
190 | ||
191 | systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys"; | |
192 | systemd.services.etherpad-lite-cleanup.serviceConfig.SupplementaryGroups = "keys"; | |
193 | # Needed so that they get in the closure | |
194 | systemd.services.etherpad-lite.path = [ libreoffice pkgs.html-tidy ]; | |
195 | ||
196 | services.filesWatcher.etherpad-lite = { | |
197 | restart = true; | |
198 | paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ]; | |
199 | }; | |
200 | ||
201 | services.websites.env.tools.modules = [ | |
202 | "headers" "proxy" "proxy_http" "proxy_wstunnel" | |
203 | ]; | |
204 | services.websites.env.tools.vhostConfs.etherpad-lite = { | |
205 | certName = "eldiron"; | |
206 | addToCerts = true; | |
207 | hosts = [ "ether.immae.eu" ]; | |
208 | root = null; | |
209 | extraConfig = [ '' | |
210 | Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;" | |
211 | RequestHeader set X-Forwarded-Proto "https" | |
212 | ||
213 | RewriteEngine On | |
214 | ||
215 | RewriteCond %{REQUEST_URI} ^/socket.io [NC] | |
216 | RewriteCond %{QUERY_STRING} transport=websocket [NC] | |
217 | RewriteRule /(.*) unix://${ecfg.sockets.node}|ws://ether.immae.eu/$1 [P,NE,QSA,L] | |
218 | ||
219 | <IfModule mod_proxy.c> | |
220 | ProxyVia On | |
221 | ProxyRequests Off | |
222 | ProxyPreserveHost On | |
223 | ProxyPass / unix://${ecfg.sockets.node}|http://ether.immae.eu/ | |
224 | ProxyPassReverse / unix://${ecfg.sockets.node}|http://ether.immae.eu/ | |
225 | <Proxy *> | |
226 | Options FollowSymLinks MultiViews | |
227 | AllowOverride None | |
228 | Require all granted | |
229 | </Proxy> | |
230 | </IfModule> | |
231 | '' ]; | |
232 | }; | |
233 | }; | |
234 | } |