1 { lib, pkgs, config, myconfig, ... }:
3 env = myconfig.env.tools.etherpad-lite;
4 cfg = config.services.myWebsites.tools.etherpad-lite;
5 # Make sure we’re not rebuilding whole libreoffice just because of a
7 libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
8 ecfg = config.services.etherpad-lite;
10 options.services.myWebsites.tools.etherpad-lite = {
11 enable = lib.mkEnableOption "enable etherpad's website";
14 config = lib.mkIf cfg.enable {
17 dest = "webapps/tools-etherpad-apikey";
22 dest = "webapps/tools-etherpad-sessionkey";
24 text = env.session_key;
27 dest = "webapps/tools-etherpad";
32 "favicon": "favicon.ico",
35 "port" : "${ecfg.sockets.node}",
36 "showSettingsInAdminPage" : false,
37 "dbType" : "postgres",
39 "user" : "${env.postgresql.user}",
40 "host" : "${env.postgresql.socket}",
41 "password": "${env.postgresql.password}",
42 "database": "${env.postgresql.database}",
46 "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
51 "showLineNumbers": true,
52 "useMonospaceFont": false,
56 "alwaysShowChat": false,
57 "chatAndUsers": false,
61 "suppressErrorsInPadText" : false,
62 "requireSession" : false,
64 "sessionNoPassword" : false,
68 "soffice" : "${libreoffice}/bin/soffice",
69 "tidyHtml" : "${pkgs.html-tidy}/bin/tidy",
70 "allowUnknownFileEnds" : true,
71 "requireAuthentication" : false,
72 "requireAuthorization" : false,
74 "disableIPlogging" : false,
75 "automaticReconnectionTimeout" : 0,
76 "scrollWhenFocusLineIsOutOfViewport": {
78 "editionAboveViewport": 0,
79 "editionBelowViewport": 0
82 "scrollWhenCaretIsInTheLastLineOfViewport": false,
83 "percentageToScrollWhenUserPressesArrowUp": 0
87 "url": "ldaps://${env.ldap.host}",
88 "accountBase": "${env.ldap.base}",
89 "accountPattern": "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))",
90 "displayNameAttribute": "cn",
91 "searchDN": "cn=etherpad,ou=services,dc=immae,dc=eu",
92 "searchPWD": "${env.ldap.password}",
93 "groupSearchBase": "${env.ldap.base}",
94 "groupAttribute": "member",
95 "groupAttributeIsDN": true,
97 "groupSearch": "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)",
98 "anonymousReadonly": false
101 "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
103 "indentationOnNewLine": false,
106 ["bold", "italic", "underline", "strikethrough"],
107 ["orderedlist", "unorderedlist", "indent", "outdent"],
112 ["importexport", "timeslider", "savedrevision"],
113 ["settings", "embed"],
117 ["timeslider_export", "timeslider_returnToPad"]
121 "logconfig" : { "appenders": [ { "type": "console" } ] }
126 services.etherpad-lite = {
128 modules = builtins.attrValues pkgs.webapps.etherpad-lite-modules;
129 sessionKeyFile = "/var/secrets/webapps/tools-etherpad-sessionkey";
130 apiKeyFile = "/var/secrets/webapps/tools-etherpad-apikey";
131 configFile = "/var/secrets/webapps/tools-etherpad";
134 systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
136 services.myWebsites.tools.modules = [
137 "headers" "proxy" "proxy_http" "proxy_wstunnel"
139 security.acme.certs."eldiron".extraDomains."ether.immae.eu" = null;
140 services.myWebsites.tools.vhostConfs.etherpad-lite = {
141 certName = "eldiron";
142 hosts = [ "ether.immae.eu" ];
145 Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
146 RequestHeader set X-Forwarded-Proto "https"
150 RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" myconfig.env.tools.etherpad-lite.redirects}"
151 RewriteCond %{QUERY_STRING} "!noredirect"
152 RewriteCond %{REQUEST_URI} "^(.*)$"
153 RewriteCond ''${redirects:$1|Unknown} "!Unknown"
154 RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD]
156 RewriteCond %{REQUEST_URI} ^/socket.io [NC]
157 RewriteCond %{QUERY_STRING} transport=websocket [NC]
158 RewriteRule /(.*) unix://${ecfg.sockets.node}|ws://ether.immae.eu/$1 [P,NE,QSA,L]
160 <IfModule mod_proxy.c>
164 ProxyPass / unix://${ecfg.sockets.node}|http://ether.immae.eu/
165 ProxyPassReverse / unix://${ecfg.sockets.node}|http://ether.immae.eu/
167 Options FollowSymLinks MultiViews