]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/ether/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
(no commit message)
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / ether / default.nix
1 { lib, pkgs, config, ... }:
2 let
3 env = config.myEnv.tools.etherpad-lite;
4 cfg = config.myServices.websites.tools.etherpad-lite;
5 # Make sure we’re not rebuilding whole libreoffice just because of a
6 # dependency
7 libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
8 ecfg = config.services.etherpad-lite;
9 in {
10 options.myServices.websites.tools.etherpad-lite = {
11 enable = lib.mkEnableOption "enable etherpad's website";
12 };
13
14 config = lib.mkIf cfg.enable {
15 myServices.chatonsProperties.services.etherpad = {
16 file.datetime = "2021-01-04T00:01:00";
17 service = {
18 name = "Etherpad";
19 description = "Éditeur de texte collaboratif en temps réel. on peut y écrire simultanément.";
20 website = "https://ether.immae.eu";
21 logo = "https://ether.immae.eu/favicon.ico";
22 status.level = "OK";
23 status.description = "OK";
24 registration."" = ["NONE" "MEMBER" "CLIENT"];
25 registration.load = "OPEN";
26 install.type = "PACKAGE";
27 };
28 software = {
29 name = "Etherpad";
30 website = "https://etherpad.org/";
31 license.url = "https://github.com/ether/etherpad-lite/blob/develop/LICENSE";
32 license.name = "Apache License Version 2.0";
33 version = ecfg.package.version;
34 source.url = "https://github.com/ether/etherpad-lite";
35 modules = ecfg.package.moduleNames;
36 };
37 };
38 secrets.keys = {
39 "webapps/tools-etherpad-apikey" = {
40 permissions = "0400";
41 text = env.api_key;
42 };
43 "webapps/tools-etherpad-sessionkey" = {
44 permissions = "0400";
45 text = env.session_key;
46 };
47 "webapps/tools-etherpad" = {
48 permissions = "0400";
49 text = ''
50 {
51 "title": "Etherpad",
52 "favicon": "favicon.ico",
53 "skinName": "colibris",
54 "skinVariants": "dark-toolbar light-background super-light-editor full-width-editor",
55
56 "ip": "",
57 "port" : "${ecfg.sockets.node}",
58 "showSettingsInAdminPage" : false,
59 "dbType" : "postgres",
60 "dbSettings" : {
61 "user" : "${env.postgresql.user}",
62 "host" : "${env.postgresql.socket}",
63 "password": "${env.postgresql.password}",
64 "database": "${env.postgresql.database}",
65 "charset" : "utf8mb4"
66 },
67
68 "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
69 "padOptions": {
70 "noColors": false,
71 "showControls": true,
72 "showChat": true,
73 "showLineNumbers": true,
74 "useMonospaceFont": false,
75 "userName": false,
76 "userColor": false,
77 "rtl": false,
78 "alwaysShowChat": false,
79 "chatAndUsers": false,
80 "lang": "fr"
81 },
82
83 "suppressErrorsInPadText" : false,
84 "requireSession" : false,
85 "editOnly" : false,
86 "sessionNoPassword" : false,
87 "minify" : false,
88 "maxAge" : 21600,
89 "abiword" : null,
90 "soffice" : "${libreoffice}/bin/soffice",
91 "tidyHtml" : "",
92 "allowUnknownFileEnds" : true,
93 "requireAuthentication" : false,
94 "requireAuthorization" : false,
95 "trustProxy" : true,
96 "disableIPlogging" : false,
97 "automaticReconnectionTimeout" : 0,
98 "scrollWhenFocusLineIsOutOfViewport": {
99 "percentage": {
100 "editionAboveViewport": 0,
101 "editionBelowViewport": 0
102 },
103 "duration": 0,
104 "scrollWhenCaretIsInTheLastLineOfViewport": false,
105 "percentageToScrollWhenUserPressesArrowUp": 0
106 },
107 "users": {
108 "admin": {
109 "password": "${env.adminPassword}",
110 "is_admin": true
111 },
112 "ldapauth": {
113 "hash": "invalid",
114 "url": "ldaps://${env.ldap.host}",
115 "accountBase": "${env.ldap.base}",
116 "accountPattern": "${env.ldap.filter}",
117 "displayNameAttribute": "cn",
118 "searchDN": "${env.ldap.dn}",
119 "searchPWD": "${env.ldap.password}",
120 "groupSearchBase": "${env.ldap.base}",
121 "groupAttribute": "member",
122 "groupAttributeIsDN": true,
123 "searchScope": "sub",
124 "groupSearch": "${env.ldap.group_filter}",
125 "anonymousReadonly": false
126 }
127 },
128 "ep_mypads": {
129 "warning": "This hash is stored in database, changing anything here will not have any consequence",
130 "ldap": {
131 "url": "ldaps://${env.ldap.host}",
132 "bindDN": "${env.ldap.dn}",
133 "bindCredentials": "${env.ldap.password}",
134 "searchBase": "${env.ldap.base}",
135 "searchFilter": "${env.ldap.filter}",
136 "properties": {
137 "login": "uid",
138 "email": "mail",
139 "firstname": "givenName",
140 "lastname": "sn"
141 },
142 "defaultLang": "fr"
143 }
144 },
145 "ep_comments_page": {
146 "displayCommentAsIcon": true,
147 "highlightSelectedText": true
148 },
149 "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
150 "loadTest": false,
151 "indentationOnNewLine": false,
152 "toolbar": {
153 "left": [
154 ["bold", "italic", "underline", "strikethrough"],
155 ["orderedlist", "unorderedlist", "indent", "outdent"],
156 ["undo", "redo"],
157 ["clearauthorship"]
158 ],
159 "right": [
160 ["importexport", "timeslider", "savedrevision"],
161 ["settings", "embed"],
162 ["showusers"]
163 ],
164 "timeslider": [
165 ["timeslider_export", "timeslider_returnToPad"]
166 ]
167 },
168 "loglevel": "INFO",
169 "logconfig" : { "appenders": [ { "type": "console" } ] }
170 }
171 '';
172 };
173 };
174 services.etherpad-lite = {
175 enable = true;
176 package = pkgs.webapps.etherpad-lite.withModules (p: [
177 p.ep_align p.ep_bookmark p.ep_colors p.ep_comments_page
178 p.ep_cursortrace p.ep_delete_empty_pads p.ep_embedmedia
179 p.ep_font_size p.ep_headings2 p.ep_immae_buttons p.ep_ldapauth
180 p.ep_line_height p.ep_markdown p.ep_mypads p.ep_page_view
181 p.ep_previewimages p.ep_ruler p.ep_scrollto
182 p.ep_set_title_on_pad p.ep_subscript_and_superscript
183 p.ep_timesliderdiff
184 ]);
185 modules = [];
186 sessionKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-sessionkey";
187 apiKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-apikey";
188 configFile = config.secrets.fullPaths."webapps/tools-etherpad";
189 };
190
191 systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
192 systemd.services.etherpad-lite-cleanup.serviceConfig.SupplementaryGroups = "keys";
193 # Needed so that they get in the closure
194 systemd.services.etherpad-lite.path = [ libreoffice pkgs.html-tidy ];
195
196 services.filesWatcher.etherpad-lite = {
197 restart = true;
198 paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ];
199 };
200
201 services.websites.env.tools.modules = [
202 "headers" "proxy" "proxy_http" "proxy_wstunnel"
203 ];
204 services.websites.env.tools.vhostConfs.etherpad-lite = {
205 certName = "eldiron";
206 addToCerts = true;
207 hosts = [ "ether.immae.eu" ];
208 root = null;
209 extraConfig = [ ''
210 Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
211 RequestHeader set X-Forwarded-Proto "https"
212
213 RewriteEngine On
214
215 RewriteCond %{REQUEST_URI} ^/socket.io [NC]
216 RewriteCond %{QUERY_STRING} transport=websocket [NC]
217 RewriteRule /(.*) unix://${ecfg.sockets.node}|ws://ether.immae.eu/$1 [P,NE,QSA,L]
218
219 <IfModule mod_proxy.c>
220 ProxyVia On
221 ProxyRequests Off
222 ProxyPreserveHost On
223 ProxyPass / unix://${ecfg.sockets.node}|http://ether.immae.eu/
224 ProxyPassReverse / unix://${ecfg.sockets.node}|http://ether.immae.eu/
225 <Proxy *>
226 Options FollowSymLinks MultiViews
227 AllowOverride None
228 Require all granted
229 </Proxy>
230 </IfModule>
231 '' ];
232 };
233 };
234 }
My infrastructure configuration