1 { lib, pkgs, config, ... }:
3 env = config.myEnv.tools.etherpad-lite;
4 cfg = config.myServices.websites.tools.etherpad-lite;
5 # Make sure we’re not rebuilding whole libreoffice just because of a
7 libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
8 ecfg = config.services.etherpad-lite;
10 options.myServices.websites.tools.etherpad-lite = {
11 enable = lib.mkEnableOption "enable etherpad's website";
14 config = lib.mkIf cfg.enable {
15 services.duplyBackup.profiles.etherpad-lite = {
16 rootDir = "/var/lib/private/etherpad-lite";
20 dest = "webapps/tools-etherpad-apikey";
25 dest = "webapps/tools-etherpad-sessionkey";
27 text = env.session_key;
30 dest = "webapps/tools-etherpad";
35 "favicon": "favicon.ico",
38 "port" : "${ecfg.sockets.node}",
39 "showSettingsInAdminPage" : false,
40 "dbType" : "postgres",
42 "user" : "${env.postgresql.user}",
43 "host" : "${env.postgresql.socket}",
44 "password": "${env.postgresql.password}",
45 "database": "${env.postgresql.database}",
49 "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
54 "showLineNumbers": true,
55 "useMonospaceFont": false,
59 "alwaysShowChat": false,
60 "chatAndUsers": false,
64 "suppressErrorsInPadText" : false,
65 "requireSession" : false,
67 "sessionNoPassword" : false,
71 "soffice" : "${libreoffice}/bin/soffice",
73 "allowUnknownFileEnds" : true,
74 "requireAuthentication" : false,
75 "requireAuthorization" : false,
77 "disableIPlogging" : false,
78 "automaticReconnectionTimeout" : 0,
79 "scrollWhenFocusLineIsOutOfViewport": {
81 "editionAboveViewport": 0,
82 "editionBelowViewport": 0
85 "scrollWhenCaretIsInTheLastLineOfViewport": false,
86 "percentageToScrollWhenUserPressesArrowUp": 0
90 "url": "ldaps://${env.ldap.host}",
91 "accountBase": "${env.ldap.base}",
92 "accountPattern": "${env.ldap.filter}",
93 "displayNameAttribute": "cn",
94 "searchDN": "${env.ldap.dn}",
95 "searchPWD": "${env.ldap.password}",
96 "groupSearchBase": "${env.ldap.base}",
97 "groupAttribute": "member",
98 "groupAttributeIsDN": true,
100 "groupSearch": "${env.ldap.group_filter}",
101 "anonymousReadonly": false
104 "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
106 "indentationOnNewLine": false,
109 ["bold", "italic", "underline", "strikethrough"],
110 ["orderedlist", "unorderedlist", "indent", "outdent"],
115 ["importexport", "timeslider", "savedrevision"],
116 ["settings", "embed"],
120 ["timeslider_export", "timeslider_returnToPad"]
124 "logconfig" : { "appenders": [ { "type": "console" } ] }
129 services.etherpad-lite = {
131 modules = builtins.attrValues pkgs.webapps.etherpad-lite-modules;
132 sessionKeyFile = "/var/secrets/webapps/tools-etherpad-sessionkey";
133 apiKeyFile = "/var/secrets/webapps/tools-etherpad-apikey";
134 configFile = "/var/secrets/webapps/tools-etherpad";
137 systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
138 # Needed so that they get in the closure
139 systemd.services.etherpad-lite.path = [ libreoffice pkgs.html-tidy ];
141 services.filesWatcher.etherpad-lite = {
143 paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ];
146 services.websites.env.tools.modules = [
147 "headers" "proxy" "proxy_http" "proxy_wstunnel"
149 services.websites.env.tools.vhostConfs.etherpad-lite = {
150 certName = "eldiron";
152 hosts = [ "ether.immae.eu" ];
155 Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
156 RequestHeader set X-Forwarded-Proto "https"
160 RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" config.myEnv.tools.etherpad-lite.redirects}"
161 RewriteCond %{QUERY_STRING} "!noredirect"
162 RewriteCond %{REQUEST_URI} "^(.*)$"
163 RewriteCond ''${redirects:$1|Unknown} "!Unknown"
164 RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD]
166 RewriteCond %{REQUEST_URI} ^/socket.io [NC]
167 RewriteCond %{QUERY_STRING} transport=websocket [NC]
168 RewriteRule /(.*) unix://${ecfg.sockets.node}|ws://ether.immae.eu/$1 [P,NE,QSA,L]
170 <IfModule mod_proxy.c>
174 ProxyPass / unix://${ecfg.sockets.node}|http://ether.immae.eu/
175 ProxyPassReverse / unix://${ecfg.sockets.node}|http://ether.immae.eu/
177 Options FollowSymLinks MultiViews