X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Ftools%2Fether%2Fdefault.nix;h=1c56ed7a2fc6ed77f18c6e5a145b12ce425dfda7;hb=ab8f306d7c2c49b8116e1af7b355ed2384617ed9;hp=ebcbf6187af8173078e71c23fb8d128d05be4fc9;hpb=4288c2f2431fb782b0d512b1b3749187f2374b6a;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/websites/tools/ether/default.nix b/modules/private/websites/tools/ether/default.nix index ebcbf61..1c56ed7 100644 --- a/modules/private/websites/tools/ether/default.nix +++ b/modules/private/websites/tools/ether/default.nix @@ -1,6 +1,6 @@ -{ lib, pkgs, config, myconfig, ... }: +{ lib, pkgs, config, ... }: let - env = myconfig.env.tools.etherpad-lite; + env = config.myEnv.tools.etherpad-lite; cfg = config.myServices.websites.tools.etherpad-lite; # Make sure we’re not rebuilding whole libreoffice just because of a # dependency @@ -12,6 +12,9 @@ in { }; config = lib.mkIf cfg.enable { + services.duplyBackup.profiles.etherpad-lite = { + rootDir = "/var/lib/private/etherpad-lite"; + }; secrets.keys = [ { dest = "webapps/tools-etherpad-apikey"; @@ -86,15 +89,15 @@ in { "ldapauth": { "url": "ldaps://${env.ldap.host}", "accountBase": "${env.ldap.base}", - "accountPattern": "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))", + "accountPattern": "${env.ldap.filter}", "displayNameAttribute": "cn", - "searchDN": "cn=etherpad,ou=services,dc=immae,dc=eu", + "searchDN": "${env.ldap.dn}", "searchPWD": "${env.ldap.password}", "groupSearchBase": "${env.ldap.base}", "groupAttribute": "member", "groupAttributeIsDN": true, "searchScope": "sub", - "groupSearch": "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)", + "groupSearch": "${env.ldap.group_filter}", "anonymousReadonly": false } }, @@ -133,10 +136,15 @@ in { systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys"; - services.websites.tools.modules = [ + services.filesWatcher.etherpad-lite = { + restart = true; + paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ]; + }; + + services.websites.env.tools.modules = [ "headers" "proxy" "proxy_http" "proxy_wstunnel" ]; - services.websites.tools.vhostConfs.etherpad-lite = { + services.websites.env.tools.vhostConfs.etherpad-lite = { certName = "eldiron"; addToCerts = true; hosts = [ "ether.immae.eu" ]; @@ -147,7 +155,7 @@ in { RewriteEngine On - RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" myconfig.env.tools.etherpad-lite.redirects}" + RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" config.myEnv.tools.etherpad-lite.redirects}" RewriteCond %{QUERY_STRING} "!noredirect" RewriteCond %{REQUEST_URI} "^(.*)$" RewriteCond ''${redirects:$1|Unknown} "!Unknown"