{ lib, pkgs, config, ... }: let env = config.myEnv.tools.etherpad-lite; cfg = config.myServices.websites.tools.etherpad-lite; # Make sure we’re not rebuilding whole libreoffice just because of a # dependency libreoffice = (import { overlays = []; }).libreoffice-fresh; ecfg = config.services.etherpad-lite; in { options.myServices.websites.tools.etherpad-lite = { enable = lib.mkEnableOption "enable etherpad's website"; }; config = lib.mkIf cfg.enable { services.duplyBackup.profiles.etherpad-lite = { rootDir = "/var/lib/private/etherpad-lite"; }; secrets.keys = [ { dest = "webapps/tools-etherpad-apikey"; permissions = "0400"; text = env.api_key; } { dest = "webapps/tools-etherpad-sessionkey"; permissions = "0400"; text = env.session_key; } { dest = "webapps/tools-etherpad"; permissions = "0400"; text = '' { "title": "Etherpad", "favicon": "favicon.ico", "ip": "", "port" : "${ecfg.sockets.node}", "showSettingsInAdminPage" : false, "dbType" : "postgres", "dbSettings" : { "user" : "${env.postgresql.user}", "host" : "${env.postgresql.socket}", "password": "${env.postgresql.password}", "database": "${env.postgresql.database}", "charset" : "utf8mb4" }, "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n", "padOptions": { "noColors": false, "showControls": true, "showChat": true, "showLineNumbers": true, "useMonospaceFont": false, "userName": false, "userColor": false, "rtl": false, "alwaysShowChat": false, "chatAndUsers": false, "lang": "en-gb" }, "suppressErrorsInPadText" : false, "requireSession" : false, "editOnly" : false, "sessionNoPassword" : false, "minify" : true, "maxAge" : 21600, "abiword" : null, "soffice" : "${libreoffice}/bin/soffice", "tidyHtml" : "${pkgs.html-tidy}/bin/tidy", "allowUnknownFileEnds" : true, "requireAuthentication" : false, "requireAuthorization" : false, "trustProxy" : false, "disableIPlogging" : false, "automaticReconnectionTimeout" : 0, "scrollWhenFocusLineIsOutOfViewport": { "percentage": { "editionAboveViewport": 0, "editionBelowViewport": 0 }, "duration": 0, "scrollWhenCaretIsInTheLastLineOfViewport": false, "percentageToScrollWhenUserPressesArrowUp": 0 }, "users": { "ldapauth": { "url": "ldaps://${env.ldap.host}", "accountBase": "${env.ldap.base}", "accountPattern": "${env.ldap.filter}", "displayNameAttribute": "cn", "searchDN": "${env.ldap.dn}", "searchPWD": "${env.ldap.password}", "groupSearchBase": "${env.ldap.base}", "groupAttribute": "member", "groupAttributeIsDN": true, "searchScope": "sub", "groupSearch": "${env.ldap.group_filter}", "anonymousReadonly": false } }, "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"], "loadTest": false, "indentationOnNewLine": false, "toolbar": { "left": [ ["bold", "italic", "underline", "strikethrough"], ["orderedlist", "unorderedlist", "indent", "outdent"], ["undo", "redo"], ["clearauthorship"] ], "right": [ ["importexport", "timeslider", "savedrevision"], ["settings", "embed"], ["showusers"] ], "timeslider": [ ["timeslider_export", "timeslider_returnToPad"] ] }, "loglevel": "INFO", "logconfig" : { "appenders": [ { "type": "console" } ] } } ''; } ]; services.etherpad-lite = { enable = true; modules = builtins.attrValues pkgs.webapps.etherpad-lite-modules; sessionKeyFile = "/var/secrets/webapps/tools-etherpad-sessionkey"; apiKeyFile = "/var/secrets/webapps/tools-etherpad-apikey"; configFile = "/var/secrets/webapps/tools-etherpad"; }; systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys"; services.filesWatcher.etherpad-lite = { restart = true; paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ]; }; services.websites.env.tools.modules = [ "headers" "proxy" "proxy_http" "proxy_wstunnel" ]; services.websites.env.tools.vhostConfs.etherpad-lite = { certName = "eldiron"; addToCerts = true; hosts = [ "ether.immae.eu" ]; root = null; extraConfig = [ '' Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;" RequestHeader set X-Forwarded-Proto "https" RewriteEngine On RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" config.myEnv.tools.etherpad-lite.redirects}" RewriteCond %{QUERY_STRING} "!noredirect" RewriteCond %{REQUEST_URI} "^(.*)$" RewriteCond ''${redirects:$1|Unknown} "!Unknown" RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD] RewriteCond %{REQUEST_URI} ^/socket.io [NC] RewriteCond %{QUERY_STRING} transport=websocket [NC] RewriteRule /(.*) unix://${ecfg.sockets.node}|ws://ether.immae.eu/$1 [P,NE,QSA,L] ProxyVia On ProxyRequests Off ProxyPreserveHost On ProxyPass / unix://${ecfg.sockets.node}|http://ether.immae.eu/ ProxyPassReverse / unix://${ecfg.sockets.node}|http://ether.immae.eu/ Options FollowSymLinks MultiViews AllowOverride None Require all granted '' ]; }; }; }