1 { lib, pkgs, config, ... }:
3 env = config.myEnv.tools.etherpad-lite;
4 cfg = config.myServices.websites.tools.etherpad-lite;
5 # Make sure we’re not rebuilding whole libreoffice just because of a
7 libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
8 ecfg = config.services.etherpad-lite;
10 options.myServices.websites.tools.etherpad-lite = {
11 enable = lib.mkEnableOption "enable etherpad's website";
14 config = lib.mkIf cfg.enable {
16 "webapps/tools-etherpad-apikey" = {
20 "webapps/tools-etherpad-sessionkey" = {
22 text = env.session_key;
24 "webapps/tools-etherpad" = {
29 "favicon": "favicon.ico",
30 "skinName": "colibris",
31 "skinVariants": "dark-toolbar light-background super-light-editor full-width-editor",
34 "port" : "${ecfg.sockets.node}",
35 "showSettingsInAdminPage" : false,
36 "dbType" : "postgres",
38 "user" : "${env.postgresql.user}",
39 "host" : "${env.postgresql.socket}",
40 "password": "${env.postgresql.password}",
41 "database": "${env.postgresql.database}",
45 "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
50 "showLineNumbers": true,
51 "useMonospaceFont": false,
55 "alwaysShowChat": false,
56 "chatAndUsers": false,
60 "suppressErrorsInPadText" : false,
61 "requireSession" : false,
63 "sessionNoPassword" : false,
67 "soffice" : "${libreoffice}/bin/soffice",
69 "allowUnknownFileEnds" : true,
70 "requireAuthentication" : false,
71 "requireAuthorization" : false,
73 "disableIPlogging" : false,
74 "automaticReconnectionTimeout" : 0,
75 "scrollWhenFocusLineIsOutOfViewport": {
77 "editionAboveViewport": 0,
78 "editionBelowViewport": 0
81 "scrollWhenCaretIsInTheLastLineOfViewport": false,
82 "percentageToScrollWhenUserPressesArrowUp": 0
86 "password": "${env.adminPassword}",
91 "url": "ldaps://${env.ldap.host}",
92 "accountBase": "${env.ldap.base}",
93 "accountPattern": "${env.ldap.filter}",
94 "displayNameAttribute": "cn",
95 "searchDN": "${env.ldap.dn}",
96 "searchPWD": "${env.ldap.password}",
97 "groupSearchBase": "${env.ldap.base}",
98 "groupAttribute": "member",
99 "groupAttributeIsDN": true,
100 "searchScope": "sub",
101 "groupSearch": "${env.ldap.group_filter}",
102 "anonymousReadonly": false
106 "warning": "This hash is stored in database, changing anything here will not have any consequence",
108 "url": "ldaps://${env.ldap.host}",
109 "bindDN": "${env.ldap.dn}",
110 "bindCredentials": "${env.ldap.password}",
111 "searchBase": "${env.ldap.base}",
112 "searchFilter": "${env.ldap.filter}",
116 "firstname": "givenName",
122 "ep_comments_page": {
123 "displayCommentAsIcon": true,
124 "highlightSelectedText": true
126 "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
128 "indentationOnNewLine": false,
131 ["bold", "italic", "underline", "strikethrough"],
132 ["orderedlist", "unorderedlist", "indent", "outdent"],
137 ["importexport", "timeslider", "savedrevision"],
138 ["settings", "embed"],
142 ["timeslider_export", "timeslider_returnToPad"]
146 "logconfig" : { "appenders": [ { "type": "console" } ] }
151 services.etherpad-lite = {
153 package = pkgs.webapps.etherpad-lite.withModules (p: [
154 p.ep_align p.ep_bookmark p.ep_colors p.ep_comments_page
155 p.ep_cursortrace p.ep_delete_empty_pads p.ep_embedmedia
156 p.ep_font_size p.ep_headings2 p.ep_immae_buttons p.ep_ldapauth
157 p.ep_line_height p.ep_markdown p.ep_mypads p.ep_page_view
158 p.ep_previewimages p.ep_ruler p.ep_scrollto
159 p.ep_set_title_on_pad p.ep_subscript_and_superscript
163 sessionKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-sessionkey";
164 apiKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-apikey";
165 configFile = config.secrets.fullPaths."webapps/tools-etherpad";
168 systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
169 # Needed so that they get in the closure
170 systemd.services.etherpad-lite.path = [ libreoffice pkgs.html-tidy ];
172 services.filesWatcher.etherpad-lite = {
174 paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ];
177 services.websites.env.tools.modules = [
178 "headers" "proxy" "proxy_http" "proxy_wstunnel"
180 services.websites.env.tools.vhostConfs.etherpad-lite = {
181 certName = "eldiron";
183 hosts = [ "ether.immae.eu" ];
186 Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
187 RequestHeader set X-Forwarded-Proto "https"
191 RewriteCond %{REQUEST_URI} ^/socket.io [NC]
192 RewriteCond %{QUERY_STRING} transport=websocket [NC]
193 RewriteRule /(.*) unix://${ecfg.sockets.node}|ws://ether.immae.eu/$1 [P,NE,QSA,L]
195 <IfModule mod_proxy.c>
199 ProxyPass / unix://${ecfg.sockets.node}|http://ether.immae.eu/
200 ProxyPassReverse / unix://${ecfg.sockets.node}|http://ether.immae.eu/
202 Options FollowSymLinks MultiViews