]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - modules/private/websites/ressourcerie_banon/cryptpad.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add cryptpad farm
[perso/Immae/Config/Nix.git] / modules / private / websites / ressourcerie_banon / cryptpad.nix
diff --git a/modules/private/websites/ressourcerie_banon/cryptpad.nix b/modules/private/websites/ressourcerie_banon/cryptpad.nix
index 961302da866d5f42dbd870a8b4e1bebcd755c174..7aea728c66c93b252e5d1c88581d17f22c5089c6 100644 (file)
--- a/modules/private/websites/ressourcerie_banon/cryptpad.nix
+++ b/modules/private/websites/ressourcerie_banon/cryptpad.nix
@@ -1,33 +1,49 @@
 { lib, pkgs, config, ... }:
 let
   cfg = config.myServices.websites.ressourcerie_banon.cryptpad;
-  configFile = "${pkgs.cryptpad}/lib/node_modules/cryptpad/config/config.example.js";
+  envCfg = config.myEnv.tools.cryptpad.ressourcerie_banon;
+  port = envCfg.port;
+  configFile = pkgs.writeText "config.js" ''
+    // ${pkgs.cryptpad}/lib/node_modules/cryptpad/config/config.example.js
+    module.exports = {
+      httpUnsafeOrigin: 'https://${domain}',
+      httpPort: ${toString port},
+      adminEmail: '${envCfg.email}',
+      filePath: './datastore/',
+      archivePath: './data/archive',
+      pinPath: './data/pins',
+      taskPath: './data/tasks',
+      blockPath: './block',
+      blobPath: './blob',
+      blobStagingPath: './data/blobstage',
+      decreePath: './data/decrees',
+      logPath: './data/logs',
+      logToStdout: false,
+      logLevel: 'info',
+      logFeedback: false,
+      verbose: false,
+      inactiveTime: false,
+      adminKeys: ${builtins.toJSON envCfg.admins},
+    };
+  '';
+  domain = "pad.le-garage-autonome.org";
 in {
   options.myServices.websites.ressourcerie_banon.cryptpad.enable = lib.mkEnableOption "Enable Ressourcerie Banon’s cryptpad";
 
   config = lib.mkIf cfg.enable {
-    systemd.services.cryptpad-ressourcerie_banon = {
-      description = "Cryptpad Banon Service";
-      wantedBy = [ "multi-user.target" ];
-      after = [ "networking.target" ];
-      serviceConfig = {
-        DynamicUser = true;
-        Environment = [
-          "CRYPTPAD_CONFIG=${configFile}"
-          "HOME=%S/cryptpad/ressourcerie_banon"
-        ];
-        ExecStart = "${pkgs.cryptpad}/bin/cryptpad";
-        PrivateTmp = true;
-        Restart = "always";
-        StateDirectory = "cryptpad/ressourcerie_banon";
-        WorkingDirectory = "%S/cryptpad/ressourcerie_banon";
-      };
+    myServices.tools.cryptpad.farm.hosts.ressourcerie_banon = {
+      inherit domain port;
+      config = configFile;
     };
+    services.websites.env.production.modules = [ "proxy_wstunnel" ];
     services.websites.env.production.vhostConfs.ressourcerie_banon_cryptpad = {
       certName = "ressourcerie_banon";
       addToCerts = true;
-      hosts = ["pad.le-garage-autonome.org"];
-      root = null;
+      hosts = [domain];
+      root = config.myServices.tools.cryptpad.farm.vhostRoots.ressourcerie_banon;
+      extraConfig = [
+        config.myServices.tools.cryptpad.farm.vhosts.ressourcerie_banon
+      ];
     };
   };
 }
My infrastructure configuration