1 { lib, pkgs, config, myconfig, mylibs, ... }:
3 etherpad = pkgs.callPackage ./etherpad_lite.nix {
4 inherit (mylibs) fetchedGithub;
5 env = myconfig.env.tools.etherpad-lite;
8 cfg = config.services.myWebsites.tools.etherpad-lite;
10 options.services.myWebsites.tools.etherpad-lite = {
11 enable = lib.mkEnableOption "enable etherpad's website";
14 config = lib.mkIf cfg.enable {
15 systemd.services.etherpad-lite = {
16 description = "Etherpad-lite";
17 wantedBy = [ "multi-user.target" ];
18 after = [ "network.target" "postgresql.service" ];
19 wants = [ "postgresql.service" ];
21 environment.NODE_ENV = "production";
22 environment.HOME = etherpad.webappDir;
24 path = [ pkgs.nodejs ];
27 exec ${pkgs.nodejs}/bin/node ${etherpad.webappDir}/src/node/server.js \
28 --settings ${etherpad.config}
33 User = "etherpad-lite";
34 Group = "etherpad-lite";
35 WorkingDirectory = etherpad.webappDir;
37 NoNewPrivileges = true;
38 PrivateDevices = true;
40 ProtectControlGroups = true;
41 ProtectKernelModules = true;
48 services.myWebsites.tools.modules = [
49 "headers" "proxy" "proxy_http" "proxy_wstunnel"
51 security.acme.certs."eldiron".extraDomains."ether.immae.eu" = null;
52 services.myWebsites.tools.vhostConfs.etherpad-lite = {
54 hosts = [ "ether.immae.eu" ];
57 Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
58 RequestHeader set X-Forwarded-Proto "https"
62 RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" myconfig.env.tools.etherpad-lite.redirects}"
63 RewriteCond %{QUERY_STRING} "!noredirect"
64 RewriteCond %{REQUEST_URI} "^(.*)$"
65 RewriteCond ''${redirects:$1|Unknown} "!Unknown"
66 RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD]
68 RewriteCond %{REQUEST_URI} ^/socket.io [NC]
69 RewriteCond %{QUERY_STRING} transport=websocket [NC]
70 RewriteRule /(.*) ws://localhost:${etherpad.listenPort}/$1 [P,L]
72 <IfModule mod_proxy.c>
76 ProxyPass / http://localhost:${etherpad.listenPort}/
77 ProxyPassReverse / http://localhost:${etherpad.listenPort}/
78 ProxyPass /socket.io ws://localhost:${etherpad.listenPort}/socket.io
79 ProxyPassReverse /socket.io ws://localhost:${etherpad.listenPort}/socket.io
81 Options FollowSymLinks MultiViews