X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Fether.nix;fp=nixops%2Fmodules%2Fwebsites%2Ftools%2Fether.nix;h=0000000000000000000000000000000000000000;hb=4288c2f2431fb782b0d512b1b3749187f2374b6a;hp=8c9bbb181390021536716bb7c3a8650fcefc8d42;hpb=f40f5b235b890f46770a22f005f8a0f664cf0562;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/nixops/modules/websites/tools/ether.nix b/nixops/modules/websites/tools/ether.nix deleted file mode 100644 index 8c9bbb1..0000000 --- a/nixops/modules/websites/tools/ether.nix +++ /dev/null @@ -1,175 +0,0 @@ -{ lib, pkgs, config, myconfig, ... }: -let - env = myconfig.env.tools.etherpad-lite; - cfg = config.services.myWebsites.tools.etherpad-lite; - # Make sure we’re not rebuilding whole libreoffice just because of a - # dependency - libreoffice = (import { overlays = []; }).libreoffice-fresh; - ecfg = config.services.etherpad-lite; -in { - options.services.myWebsites.tools.etherpad-lite = { - enable = lib.mkEnableOption "enable etherpad's website"; - }; - - config = lib.mkIf cfg.enable { - secrets.keys = [ - { - dest = "webapps/tools-etherpad-apikey"; - permissions = "0400"; - text = env.api_key; - } - { - dest = "webapps/tools-etherpad-sessionkey"; - permissions = "0400"; - text = env.session_key; - } - { - dest = "webapps/tools-etherpad"; - permissions = "0400"; - text = '' - { - "title": "Etherpad", - "favicon": "favicon.ico", - - "ip": "", - "port" : "${ecfg.sockets.node}", - "showSettingsInAdminPage" : false, - "dbType" : "postgres", - "dbSettings" : { - "user" : "${env.postgresql.user}", - "host" : "${env.postgresql.socket}", - "password": "${env.postgresql.password}", - "database": "${env.postgresql.database}", - "charset" : "utf8mb4" - }, - - "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n", - "padOptions": { - "noColors": false, - "showControls": true, - "showChat": true, - "showLineNumbers": true, - "useMonospaceFont": false, - "userName": false, - "userColor": false, - "rtl": false, - "alwaysShowChat": false, - "chatAndUsers": false, - "lang": "en-gb" - }, - - "suppressErrorsInPadText" : false, - "requireSession" : false, - "editOnly" : false, - "sessionNoPassword" : false, - "minify" : true, - "maxAge" : 21600, - "abiword" : null, - "soffice" : "${libreoffice}/bin/soffice", - "tidyHtml" : "${pkgs.html-tidy}/bin/tidy", - "allowUnknownFileEnds" : true, - "requireAuthentication" : false, - "requireAuthorization" : false, - "trustProxy" : false, - "disableIPlogging" : false, - "automaticReconnectionTimeout" : 0, - "scrollWhenFocusLineIsOutOfViewport": { - "percentage": { - "editionAboveViewport": 0, - "editionBelowViewport": 0 - }, - "duration": 0, - "scrollWhenCaretIsInTheLastLineOfViewport": false, - "percentageToScrollWhenUserPressesArrowUp": 0 - }, - "users": { - "ldapauth": { - "url": "ldaps://${env.ldap.host}", - "accountBase": "${env.ldap.base}", - "accountPattern": "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))", - "displayNameAttribute": "cn", - "searchDN": "cn=etherpad,ou=services,dc=immae,dc=eu", - "searchPWD": "${env.ldap.password}", - "groupSearchBase": "${env.ldap.base}", - "groupAttribute": "member", - "groupAttributeIsDN": true, - "searchScope": "sub", - "groupSearch": "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)", - "anonymousReadonly": false - } - }, - "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"], - "loadTest": false, - "indentationOnNewLine": false, - "toolbar": { - "left": [ - ["bold", "italic", "underline", "strikethrough"], - ["orderedlist", "unorderedlist", "indent", "outdent"], - ["undo", "redo"], - ["clearauthorship"] - ], - "right": [ - ["importexport", "timeslider", "savedrevision"], - ["settings", "embed"], - ["showusers"] - ], - "timeslider": [ - ["timeslider_export", "timeslider_returnToPad"] - ] - }, - "loglevel": "INFO", - "logconfig" : { "appenders": [ { "type": "console" } ] } - } - ''; - } - ]; - services.etherpad-lite = { - enable = true; - modules = builtins.attrValues pkgs.webapps.etherpad-lite-modules; - sessionKeyFile = "/var/secrets/webapps/tools-etherpad-sessionkey"; - apiKeyFile = "/var/secrets/webapps/tools-etherpad-apikey"; - configFile = "/var/secrets/webapps/tools-etherpad"; - }; - - systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys"; - - services.websites.tools.modules = [ - "headers" "proxy" "proxy_http" "proxy_wstunnel" - ]; - services.websites.tools.vhostConfs.etherpad-lite = { - certName = "eldiron"; - addToCerts = true; - hosts = [ "ether.immae.eu" ]; - root = null; - extraConfig = [ '' - Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;" - RequestHeader set X-Forwarded-Proto "https" - - RewriteEngine On - - RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" myconfig.env.tools.etherpad-lite.redirects}" - RewriteCond %{QUERY_STRING} "!noredirect" - RewriteCond %{REQUEST_URI} "^(.*)$" - RewriteCond ''${redirects:$1|Unknown} "!Unknown" - RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD] - - RewriteCond %{REQUEST_URI} ^/socket.io [NC] - RewriteCond %{QUERY_STRING} transport=websocket [NC] - RewriteRule /(.*) unix://${ecfg.sockets.node}|ws://ether.immae.eu/$1 [P,NE,QSA,L] - - - ProxyVia On - ProxyRequests Off - ProxyPreserveHost On - ProxyPass / unix://${ecfg.sockets.node}|http://ether.immae.eu/ - ProxyPassReverse / unix://${ecfg.sockets.node}|http://ether.immae.eu/ - - Options FollowSymLinks MultiViews - AllowOverride None - Require all granted - - - '' ]; - }; - }; -}