1 { lib, pkgs, config, myconfig, ... }:
3 env = myconfig.env.tools.etherpad-lite;
4 cfg = config.myServices.websites.tools.etherpad-lite;
5 # Make sure we’re not rebuilding whole libreoffice just because of a
7 libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
8 ecfg = config.services.etherpad-lite;
10 options.myServices.websites.tools.etherpad-lite = {
11 enable = lib.mkEnableOption "enable etherpad's website";
14 config = lib.mkIf cfg.enable {
17 dest = "webapps/tools-etherpad-apikey";
22 dest = "webapps/tools-etherpad-sessionkey";
24 text = env.session_key;
27 dest = "webapps/tools-etherpad";
32 "favicon": "favicon.ico",
35 "port" : "${ecfg.sockets.node}",
36 "showSettingsInAdminPage" : false,
37 "dbType" : "postgres",
39 "user" : "${env.postgresql.user}",
40 "host" : "${env.postgresql.socket}",
41 "password": "${env.postgresql.password}",
42 "database": "${env.postgresql.database}",
46 "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
51 "showLineNumbers": true,
52 "useMonospaceFont": false,
56 "alwaysShowChat": false,
57 "chatAndUsers": false,
61 "suppressErrorsInPadText" : false,
62 "requireSession" : false,
64 "sessionNoPassword" : false,
68 "soffice" : "${libreoffice}/bin/soffice",
69 "tidyHtml" : "${pkgs.html-tidy}/bin/tidy",
70 "allowUnknownFileEnds" : true,
71 "requireAuthentication" : false,
72 "requireAuthorization" : false,
74 "disableIPlogging" : false,
75 "automaticReconnectionTimeout" : 0,
76 "scrollWhenFocusLineIsOutOfViewport": {
78 "editionAboveViewport": 0,
79 "editionBelowViewport": 0
82 "scrollWhenCaretIsInTheLastLineOfViewport": false,
83 "percentageToScrollWhenUserPressesArrowUp": 0
87 "url": "ldaps://${env.ldap.host}",
88 "accountBase": "${env.ldap.base}",
89 "accountPattern": "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))",
90 "displayNameAttribute": "cn",
91 "searchDN": "cn=etherpad,ou=services,dc=immae,dc=eu",
92 "searchPWD": "${env.ldap.password}",
93 "groupSearchBase": "${env.ldap.base}",
94 "groupAttribute": "member",
95 "groupAttributeIsDN": true,
97 "groupSearch": "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)",
98 "anonymousReadonly": false
101 "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
103 "indentationOnNewLine": false,
106 ["bold", "italic", "underline", "strikethrough"],
107 ["orderedlist", "unorderedlist", "indent", "outdent"],
112 ["importexport", "timeslider", "savedrevision"],
113 ["settings", "embed"],
117 ["timeslider_export", "timeslider_returnToPad"]
121 "logconfig" : { "appenders": [ { "type": "console" } ] }
126 services.etherpad-lite = {
128 modules = builtins.attrValues pkgs.webapps.etherpad-lite-modules;
129 sessionKeyFile = "/var/secrets/webapps/tools-etherpad-sessionkey";
130 apiKeyFile = "/var/secrets/webapps/tools-etherpad-apikey";
131 configFile = "/var/secrets/webapps/tools-etherpad";
134 systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
136 services.filesWatcher.etherpad-lite = {
138 paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ];
141 services.websites.env.tools.modules = [
142 "headers" "proxy" "proxy_http" "proxy_wstunnel"
144 services.websites.env.tools.vhostConfs.etherpad-lite = {
145 certName = "eldiron";
147 hosts = [ "ether.immae.eu" ];
150 Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
151 RequestHeader set X-Forwarded-Proto "https"
155 RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" myconfig.env.tools.etherpad-lite.redirects}"
156 RewriteCond %{QUERY_STRING} "!noredirect"
157 RewriteCond %{REQUEST_URI} "^(.*)$"
158 RewriteCond ''${redirects:$1|Unknown} "!Unknown"
159 RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD]
161 RewriteCond %{REQUEST_URI} ^/socket.io [NC]
162 RewriteCond %{QUERY_STRING} transport=websocket [NC]
163 RewriteRule /(.*) unix://${ecfg.sockets.node}|ws://ether.immae.eu/$1 [P,NE,QSA,L]
165 <IfModule mod_proxy.c>
169 ProxyPass / unix://${ecfg.sockets.node}|http://ether.immae.eu/
170 ProxyPassReverse / unix://${ecfg.sockets.node}|http://ether.immae.eu/
172 Options FollowSymLinks MultiViews