1 { lib, pkgs, config, myconfig, mylibs, ... }:
3 env = myconfig.env.tools.etherpad-lite;
4 cfg = config.services.myWebsites.tools.etherpad-lite;
5 # Make sure we’re not rebuilding whole libreoffice just because of a
7 libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
9 options.services.myWebsites.tools.etherpad-lite = {
10 enable = lib.mkEnableOption "enable etherpad's website";
13 config = lib.mkIf cfg.enable {
16 dest = "webapps/tools-etherpad-apikey";
21 dest = "webapps/tools-etherpad-sessionkey";
23 text = env.session_key;
26 dest = "webapps/tools-etherpad";
31 "favicon": "favicon.ico",
34 "port" : ${env.listenPort},
35 "showSettingsInAdminPage" : false,
36 "dbType" : "postgres",
38 "user" : "${env.postgresql.user}",
39 "host" : "${env.postgresql.socket}",
40 "password": "${env.postgresql.password}",
41 "database": "${env.postgresql.database}",
45 "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
50 "showLineNumbers": true,
51 "useMonospaceFont": false,
55 "alwaysShowChat": false,
56 "chatAndUsers": false,
60 "suppressErrorsInPadText" : false,
61 "requireSession" : false,
63 "sessionNoPassword" : false,
67 "soffice" : "${libreoffice}/bin/soffice",
68 "tidyHtml" : "${pkgs.html-tidy}/bin/tidy",
69 "allowUnknownFileEnds" : true,
70 "requireAuthentication" : false,
71 "requireAuthorization" : false,
73 "disableIPlogging" : false,
74 "automaticReconnectionTimeout" : 0,
75 "scrollWhenFocusLineIsOutOfViewport": {
77 "editionAboveViewport": 0,
78 "editionBelowViewport": 0
81 "scrollWhenCaretIsInTheLastLineOfViewport": false,
82 "percentageToScrollWhenUserPressesArrowUp": 0
86 "url": "ldaps://${env.ldap.host}",
87 "accountBase": "${env.ldap.base}",
88 "accountPattern": "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))",
89 "displayNameAttribute": "cn",
90 "searchDN": "cn=etherpad,ou=services,dc=immae,dc=eu",
91 "searchPWD": "${env.ldap.password}",
92 "groupSearchBase": "${env.ldap.base}",
93 "groupAttribute": "member",
94 "groupAttributeIsDN": true,
96 "groupSearch": "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)",
97 "anonymousReadonly": false
100 "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
102 "indentationOnNewLine": false,
105 ["bold", "italic", "underline", "strikethrough"],
106 ["orderedlist", "unorderedlist", "indent", "outdent"],
111 ["importexport", "timeslider", "savedrevision"],
112 ["settings", "embed"],
116 ["timeslider_export", "timeslider_returnToPad"]
120 "logconfig" : { "appenders": [ { "type": "console" } ] }
125 services.etherpad-lite = {
127 modules = builtins.attrValues pkgs.webapps.etherpad-lite-modules;
128 sessionKeyFile = "/var/secrets/webapps/tools-etherpad-sessionkey";
129 apiKeyFile = "/var/secrets/webapps/tools-etherpad-apikey";
130 configFile = "/var/secrets/webapps/tools-etherpad";
133 systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
135 services.myWebsites.tools.modules = [
136 "headers" "proxy" "proxy_http" "proxy_wstunnel"
138 security.acme.certs."eldiron".extraDomains."ether.immae.eu" = null;
139 services.myWebsites.tools.vhostConfs.etherpad-lite = {
140 certName = "eldiron";
141 hosts = [ "ether.immae.eu" ];
144 Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
145 RequestHeader set X-Forwarded-Proto "https"
149 RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" myconfig.env.tools.etherpad-lite.redirects}"
150 RewriteCond %{QUERY_STRING} "!noredirect"
151 RewriteCond %{REQUEST_URI} "^(.*)$"
152 RewriteCond ''${redirects:$1|Unknown} "!Unknown"
153 RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD]
155 RewriteCond %{REQUEST_URI} ^/socket.io [NC]
156 RewriteCond %{QUERY_STRING} transport=websocket [NC]
157 RewriteRule /(.*) ws://localhost:${env.listenPort}/$1 [P,L]
159 <IfModule mod_proxy.c>
163 ProxyPass / http://localhost:${env.listenPort}/
164 ProxyPassReverse / http://localhost:${env.listenPort}/
166 Options FollowSymLinks MultiViews