1 { lib, pkgs, config, ... }:
3 env = config.myEnv.tools.etherpad-lite;
4 cfg = config.myServices.websites.tools.etherpad-lite;
5 # Make sure we’re not rebuilding whole libreoffice just because of a
7 libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
8 ecfg = config.services.etherpad-lite;
10 options.myServices.websites.tools.etherpad-lite = {
11 enable = lib.mkEnableOption "enable etherpad's website";
14 config = lib.mkIf cfg.enable {
15 services.duplyBackup.profiles.etherpad-lite = {
16 rootDir = "/var/lib/private/etherpad-lite";
20 dest = "webapps/tools-etherpad-apikey";
25 dest = "webapps/tools-etherpad-sessionkey";
27 text = env.session_key;
30 dest = "webapps/tools-etherpad";
35 "favicon": "favicon.ico",
36 "skinName": "colibris",
37 "skinVariants": "dark-toolbar light-background super-light-editor full-width-editor",
40 "port" : "${ecfg.sockets.node}",
41 "showSettingsInAdminPage" : false,
42 "dbType" : "postgres",
44 "user" : "${env.postgresql.user}",
45 "host" : "${env.postgresql.socket}",
46 "password": "${env.postgresql.password}",
47 "database": "${env.postgresql.database}",
51 "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
56 "showLineNumbers": true,
57 "useMonospaceFont": false,
61 "alwaysShowChat": false,
62 "chatAndUsers": false,
66 "suppressErrorsInPadText" : false,
67 "requireSession" : false,
69 "sessionNoPassword" : false,
73 "soffice" : "${libreoffice}/bin/soffice",
75 "allowUnknownFileEnds" : true,
76 "requireAuthentication" : false,
77 "requireAuthorization" : false,
79 "disableIPlogging" : false,
80 "automaticReconnectionTimeout" : 0,
81 "scrollWhenFocusLineIsOutOfViewport": {
83 "editionAboveViewport": 0,
84 "editionBelowViewport": 0
87 "scrollWhenCaretIsInTheLastLineOfViewport": false,
88 "percentageToScrollWhenUserPressesArrowUp": 0
93 "url": "ldaps://${env.ldap.host}",
94 "accountBase": "${env.ldap.base}",
95 "accountPattern": "${env.ldap.filter}",
96 "displayNameAttribute": "cn",
97 "searchDN": "${env.ldap.dn}",
98 "searchPWD": "${env.ldap.password}",
99 "groupSearchBase": "${env.ldap.base}",
100 "groupAttribute": "member",
101 "groupAttributeIsDN": true,
102 "searchScope": "sub",
103 "groupSearch": "${env.ldap.group_filter}",
104 "anonymousReadonly": false
107 "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
109 "indentationOnNewLine": false,
112 ["bold", "italic", "underline", "strikethrough"],
113 ["orderedlist", "unorderedlist", "indent", "outdent"],
118 ["importexport", "timeslider", "savedrevision"],
119 ["settings", "embed"],
123 ["timeslider_export", "timeslider_returnToPad"]
127 "logconfig" : { "appenders": [ { "type": "console" } ] }
132 services.etherpad-lite = {
134 modules = builtins.attrValues pkgs.webapps.etherpad-lite-modules;
135 sessionKeyFile = "/var/secrets/webapps/tools-etherpad-sessionkey";
136 apiKeyFile = "/var/secrets/webapps/tools-etherpad-apikey";
137 configFile = "/var/secrets/webapps/tools-etherpad";
140 systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
141 # Needed so that they get in the closure
142 systemd.services.etherpad-lite.path = [ libreoffice pkgs.html-tidy ];
144 services.filesWatcher.etherpad-lite = {
146 paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ];
149 services.websites.env.tools.modules = [
150 "headers" "proxy" "proxy_http" "proxy_wstunnel"
152 services.websites.env.tools.vhostConfs.etherpad-lite = {
153 certName = "eldiron";
155 hosts = [ "ether.immae.eu" ];
158 Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
159 RequestHeader set X-Forwarded-Proto "https"
163 RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" config.myEnv.tools.etherpad-lite.redirects}"
164 RewriteCond %{QUERY_STRING} "!noredirect"
165 RewriteCond %{REQUEST_URI} "^(.*)$"
166 RewriteCond ''${redirects:$1|Unknown} "!Unknown"
167 RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD]
169 RewriteCond %{REQUEST_URI} ^/socket.io [NC]
170 RewriteCond %{QUERY_STRING} transport=websocket [NC]
171 RewriteRule /(.*) unix://${ecfg.sockets.node}|ws://ether.immae.eu/$1 [P,NE,QSA,L]
173 <IfModule mod_proxy.c>
177 ProxyPass / unix://${ecfg.sockets.node}|http://ether.immae.eu/
178 ProxyPassReverse / unix://${ecfg.sockets.node}|http://ether.immae.eu/
180 Options FollowSymLinks MultiViews