};
config = lib.mkIf cfg.enable {
+ deployment.keys = etherpad.keys;
systemd.services.etherpad-lite = {
description = "Etherpad-lite";
wantedBy = [ "multi-user.target" ];
- after = [ "network.target" "postgresql.service" ];
- wants = [ "postgresql.service" ];
+ after = [ "network.target" "postgresql.service" "tools-etherpad-key.service" "tools-etherpad-apikey-key.service" "tools-etherpad-sessionkey-key.service" ];
+ wants = [ "postgresql.service" "tools-etherpad-key.service" "tools-etherpad-apikey-key.service" "tools-etherpad-sessionkey-key.service" ];
environment.NODE_ENV = "production";
environment.HOME = etherpad.webappDir;
script = ''
exec ${pkgs.nodejs}/bin/node ${etherpad.webappDir}/src/node/server.js \
- --settings ${etherpad.config}
+ --settings /run/keys/webapps/tools-etherpad
'';
serviceConfig = {
DynamicUser = true;
User = "etherpad-lite";
Group = "etherpad-lite";
+ SupplementaryGroups = "keys";
WorkingDirectory = etherpad.webappDir;
PrivateTmp = true;
NoNewPrivileges = true;
Restart = "always";
Type = "simple";
TimeoutSec = 60;
+ ExecStartPre = "+${pkgs.coreutils}/bin/chown etherpad-lite:etherpad-lite /run/keys/webapps/tools-etherpad /run/keys/webapps/tools-etherpad-sessionkey /run/keys/webapps/tools-etherpad-apikey";
};
};
ProxyPreserveHost On
ProxyPass / http://localhost:${etherpad.listenPort}/
ProxyPassReverse / http://localhost:${etherpad.listenPort}/
- ProxyPass /socket.io ws://localhost:${etherpad.listenPort}/socket.io
- ProxyPassReverse /socket.io ws://localhost:${etherpad.listenPort}/socket.io
<Proxy *>
Options FollowSymLinks MultiViews
AllowOverride None