1 { lib, pkgs, config, ... }:
3 env = config.myEnv.tools.etherpad-lite;
4 cfg = config.myServices.websites.tools.etherpad-lite;
5 # Make sure we’re not rebuilding whole libreoffice just because of a
7 libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
8 ecfg = config.services.etherpad-lite;
10 options.myServices.websites.tools.etherpad-lite = {
11 enable = lib.mkEnableOption "enable etherpad's website";
14 config = lib.mkIf cfg.enable {
15 services.duplyBackup.profiles.etherpad-lite = {
16 rootDir = "/var/lib/private/etherpad-lite";
20 dest = "webapps/tools-etherpad-apikey";
25 dest = "webapps/tools-etherpad-sessionkey";
27 text = env.session_key;
30 dest = "webapps/tools-etherpad";
35 "favicon": "favicon.ico",
38 "port" : "${ecfg.sockets.node}",
39 "showSettingsInAdminPage" : false,
40 "dbType" : "postgres",
42 "user" : "${env.postgresql.user}",
43 "host" : "${env.postgresql.socket}",
44 "password": "${env.postgresql.password}",
45 "database": "${env.postgresql.database}",
49 "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
54 "showLineNumbers": true,
55 "useMonospaceFont": false,
59 "alwaysShowChat": false,
60 "chatAndUsers": false,
64 "suppressErrorsInPadText" : false,
65 "requireSession" : false,
67 "sessionNoPassword" : false,
71 "soffice" : "${libreoffice}/bin/soffice",
72 "tidyHtml" : "${pkgs.html-tidy}/bin/tidy",
73 "allowUnknownFileEnds" : true,
74 "requireAuthentication" : false,
75 "requireAuthorization" : false,
77 "disableIPlogging" : false,
78 "automaticReconnectionTimeout" : 0,
79 "scrollWhenFocusLineIsOutOfViewport": {
81 "editionAboveViewport": 0,
82 "editionBelowViewport": 0
85 "scrollWhenCaretIsInTheLastLineOfViewport": false,
86 "percentageToScrollWhenUserPressesArrowUp": 0
90 "url": "ldaps://${env.ldap.host}",
91 "accountBase": "${env.ldap.base}",
92 "accountPattern": "${env.ldap.filter}",
93 "displayNameAttribute": "cn",
94 "searchDN": "${env.ldap.dn}",
95 "searchPWD": "${env.ldap.password}",
96 "groupSearchBase": "${env.ldap.base}",
97 "groupAttribute": "member",
98 "groupAttributeIsDN": true,
100 "groupSearch": "${env.ldap.group_filter}",
101 "anonymousReadonly": false
104 "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
106 "indentationOnNewLine": false,
109 ["bold", "italic", "underline", "strikethrough"],
110 ["orderedlist", "unorderedlist", "indent", "outdent"],
115 ["importexport", "timeslider", "savedrevision"],
116 ["settings", "embed"],
120 ["timeslider_export", "timeslider_returnToPad"]
124 "logconfig" : { "appenders": [ { "type": "console" } ] }
129 services.etherpad-lite = {
131 modules = builtins.attrValues pkgs.webapps.etherpad-lite-modules;
132 sessionKeyFile = "/var/secrets/webapps/tools-etherpad-sessionkey";
133 apiKeyFile = "/var/secrets/webapps/tools-etherpad-apikey";
134 configFile = "/var/secrets/webapps/tools-etherpad";
137 systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
139 services.filesWatcher.etherpad-lite = {
141 paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ];
144 services.websites.env.tools.modules = [
145 "headers" "proxy" "proxy_http" "proxy_wstunnel"
147 services.websites.env.tools.vhostConfs.etherpad-lite = {
148 certName = "eldiron";
150 hosts = [ "ether.immae.eu" ];
153 Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
154 RequestHeader set X-Forwarded-Proto "https"
158 RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" config.myEnv.tools.etherpad-lite.redirects}"
159 RewriteCond %{QUERY_STRING} "!noredirect"
160 RewriteCond %{REQUEST_URI} "^(.*)$"
161 RewriteCond ''${redirects:$1|Unknown} "!Unknown"
162 RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD]
164 RewriteCond %{REQUEST_URI} ^/socket.io [NC]
165 RewriteCond %{QUERY_STRING} transport=websocket [NC]
166 RewriteRule /(.*) unix://${ecfg.sockets.node}|ws://ether.immae.eu/$1 [P,NE,QSA,L]
168 <IfModule mod_proxy.c>
172 ProxyPass / unix://${ecfg.sockets.node}|http://ether.immae.eu/
173 ProxyPassReverse / unix://${ecfg.sockets.node}|http://ether.immae.eu/
175 Options FollowSymLinks MultiViews