./tools/mastodon.nix
./tools/mediagoblin.nix
./tools/diaspora.nix
- ./tools/ether
+ ./tools/ether.nix
./tools/peertube
# built using:
# sed -e "s/services\.httpd/services\.httpdProd/g" .nix-defexpr/channels/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix
--- /dev/null
+{ lib, pkgs, config, myconfig, mylibs, ... }:
+let
+ etherpad = pkgs.webapps.etherpad-lite.withModules
+ (builtins.attrValues pkgs.webapps.etherpad-lite-modules);
+ env = myconfig.env.tools.etherpad-lite;
+ varDir = etherpad.varDir;
+ cfg = config.services.myWebsites.tools.etherpad-lite;
+ # Make sure we’re not rebuilding whole libreoffice just because of a
+ # dependency
+ libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
+in {
+ options.services.myWebsites.tools.etherpad-lite = {
+ enable = lib.mkEnableOption "enable etherpad's website";
+ };
+
+ config = lib.mkIf cfg.enable {
+ mySecrets.keys = [
+ {
+ dest = "webapps/tools-etherpad-apikey";
+ permissions = "0400";
+ text = env.api_key;
+ }
+ {
+ dest = "webapps/tools-etherpad-sessionkey";
+ permissions = "0400";
+ text = env.session_key;
+ }
+ {
+ dest = "webapps/tools-etherpad";
+ permissions = "0400";
+ text = ''
+ {
+ "title": "Etherpad",
+ "favicon": "favicon.ico",
+
+ "ip": "127.0.0.1",
+ "port" : ${env.listenPort},
+ "showSettingsInAdminPage" : false,
+ "dbType" : "postgres",
+ "dbSettings" : {
+ "user" : "${env.postgresql.user}",
+ "host" : "${env.postgresql.socket}",
+ "password": "${env.postgresql.password}",
+ "database": "${env.postgresql.database}",
+ "charset" : "utf8mb4"
+ },
+
+ "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
+ "padOptions": {
+ "noColors": false,
+ "showControls": true,
+ "showChat": true,
+ "showLineNumbers": true,
+ "useMonospaceFont": false,
+ "userName": false,
+ "userColor": false,
+ "rtl": false,
+ "alwaysShowChat": false,
+ "chatAndUsers": false,
+ "lang": "en-gb"
+ },
+
+ "suppressErrorsInPadText" : false,
+ "requireSession" : false,
+ "editOnly" : false,
+ "sessionNoPassword" : false,
+ "minify" : true,
+ "maxAge" : 21600,
+ "abiword" : null,
+ "soffice" : "${libreoffice}/bin/soffice",
+ "tidyHtml" : "${pkgs.html-tidy}/bin/tidy",
+ "allowUnknownFileEnds" : true,
+ "requireAuthentication" : false,
+ "requireAuthorization" : false,
+ "trustProxy" : false,
+ "disableIPlogging" : false,
+ "automaticReconnectionTimeout" : 0,
+ "scrollWhenFocusLineIsOutOfViewport": {
+ "percentage": {
+ "editionAboveViewport": 0,
+ "editionBelowViewport": 0
+ },
+ "duration": 0,
+ "scrollWhenCaretIsInTheLastLineOfViewport": false,
+ "percentageToScrollWhenUserPressesArrowUp": 0
+ },
+ "users": {
+ "ldapauth": {
+ "url": "ldaps://${env.ldap.host}",
+ "accountBase": "${env.ldap.base}",
+ "accountPattern": "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))",
+ "displayNameAttribute": "cn",
+ "searchDN": "cn=etherpad,ou=services,dc=immae,dc=eu",
+ "searchPWD": "${env.ldap.password}",
+ "groupSearchBase": "${env.ldap.base}",
+ "groupAttribute": "member",
+ "groupAttributeIsDN": true,
+ "searchScope": "sub",
+ "groupSearch": "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)",
+ "anonymousReadonly": false
+ }
+ },
+ "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
+ "loadTest": false,
+ "indentationOnNewLine": false,
+ "toolbar": {
+ "left": [
+ ["bold", "italic", "underline", "strikethrough"],
+ ["orderedlist", "unorderedlist", "indent", "outdent"],
+ ["undo", "redo"],
+ ["clearauthorship"]
+ ],
+ "right": [
+ ["importexport", "timeslider", "savedrevision"],
+ ["settings", "embed"],
+ ["showusers"]
+ ],
+ "timeslider": [
+ ["timeslider_export", "timeslider_returnToPad"]
+ ]
+ },
+ "loglevel": "INFO",
+ "logconfig" : { "appenders": [ { "type": "console" } ] }
+ }
+ '';
+ }
+ ];
+ systemd.services.etherpad-lite = {
+ description = "Etherpad-lite";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" "postgresql.service" ];
+ wants = [ "postgresql.service" ];
+
+ environment.NODE_ENV = "production";
+ environment.HOME = etherpad;
+
+ path = [ pkgs.nodejs ];
+
+ script = ''
+ exec ${pkgs.nodejs}/bin/node ${etherpad}/src/node/server.js \
+ --sessionkey /var/secrets/webapps/tools-etherpad-sessionkey \
+ --apikey /var/secrets/webapps/tools-etherpad-apikey \
+ --settings /var/secrets/webapps/tools-etherpad
+ '';
+
+ serviceConfig = {
+ DynamicUser = true;
+ User = "etherpad-lite";
+ Group = "etherpad-lite";
+ SupplementaryGroups = "keys";
+ WorkingDirectory = etherpad;
+ PrivateTmp = true;
+ NoNewPrivileges = true;
+ PrivateDevices = true;
+ ProtectHome = true;
+ ProtectControlGroups = true;
+ ProtectKernelModules = true;
+ Restart = "always";
+ Type = "simple";
+ TimeoutSec = 60;
+ # Use ReadWritePaths= instead if varDir is outside of /var/lib
+ StateDirectory="etherpad-lite";
+ ExecStartPre = [
+ "+${pkgs.coreutils}/bin/install -d -m 0755 -o etherpad-lite -g etherpad-lite ${varDir}/ep_initialized"
+ "+${pkgs.coreutils}/bin/chown -R etherpad-lite:etherpad-lite ${varDir} /var/secrets/webapps/tools-etherpad /var/secrets/webapps/tools-etherpad-sessionkey /var/secrets/webapps/tools-etherpad-apikey"
+ ];
+ };
+ };
+
+ services.myWebsites.tools.modules = [
+ "headers" "proxy" "proxy_http" "proxy_wstunnel"
+ ];
+ security.acme.certs."eldiron".extraDomains."ether.immae.eu" = null;
+ services.myWebsites.tools.vhostConfs.etherpad-lite = {
+ certName = "eldiron";
+ hosts = [ "ether.immae.eu" ];
+ root = null;
+ extraConfig = [ ''
+ Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
+ RequestHeader set X-Forwarded-Proto "https"
+
+ RewriteEngine On
+
+ RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" myconfig.env.tools.etherpad-lite.redirects}"
+ RewriteCond %{QUERY_STRING} "!noredirect"
+ RewriteCond %{REQUEST_URI} "^(.*)$"
+ RewriteCond ''${redirects:$1|Unknown} "!Unknown"
+ RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD]
+
+ RewriteCond %{REQUEST_URI} ^/socket.io [NC]
+ RewriteCond %{QUERY_STRING} transport=websocket [NC]
+ RewriteRule /(.*) ws://localhost:${env.listenPort}/$1 [P,L]
+
+ <IfModule mod_proxy.c>
+ ProxyVia On
+ ProxyRequests Off
+ ProxyPreserveHost On
+ ProxyPass / http://localhost:${env.listenPort}/
+ ProxyPassReverse / http://localhost:${env.listenPort}/
+ <Proxy *>
+ Options FollowSymLinks MultiViews
+ AllowOverride None
+ Require all granted
+ </Proxy>
+ </IfModule>
+ '' ];
+ };
+ };
+}
+++ /dev/null
-{ lib, pkgs, config, myconfig, mylibs, ... }:
-let
- etherpad = pkgs.callPackage ./etherpad_lite.nix {
- inherit (pkgs.webapps) etherpad-lite etherpad-lite-modules;
- env = myconfig.env.tools.etherpad-lite;
- };
-
- varDir = etherpad.webappDir.varDir;
- cfg = config.services.myWebsites.tools.etherpad-lite;
-in {
- options.services.myWebsites.tools.etherpad-lite = {
- enable = lib.mkEnableOption "enable etherpad's website";
- };
-
- config = lib.mkIf cfg.enable {
- mySecrets.keys = etherpad.keys;
- systemd.services.etherpad-lite = {
- description = "Etherpad-lite";
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" "postgresql.service" ];
- wants = [ "postgresql.service" ];
-
- environment.NODE_ENV = "production";
- environment.HOME = etherpad.webappDir;
-
- path = [ pkgs.nodejs ];
-
- script = ''
- exec ${pkgs.nodejs}/bin/node ${etherpad.webappDir}/src/node/server.js \
- --sessionkey /var/secrets/webapps/tools-etherpad-sessionkey \
- --apikey /var/secrets/webapps/tools-etherpad-apikey \
- --settings /var/secrets/webapps/tools-etherpad
- '';
-
- serviceConfig = {
- DynamicUser = true;
- User = "etherpad-lite";
- Group = "etherpad-lite";
- SupplementaryGroups = "keys";
- WorkingDirectory = etherpad.webappDir;
- PrivateTmp = true;
- NoNewPrivileges = true;
- PrivateDevices = true;
- ProtectHome = true;
- ProtectControlGroups = true;
- ProtectKernelModules = true;
- Restart = "always";
- Type = "simple";
- TimeoutSec = 60;
- # Use ReadWritePaths= instead if varDir is outside of /var/lib
- StateDirectory="etherpad-lite";
- ExecStartPre = [
- "+${pkgs.coreutils}/bin/install -d -m 0755 -o etherpad-lite -g etherpad-lite ${varDir}/ep_initialized"
- "+${pkgs.coreutils}/bin/chown -R etherpad-lite:etherpad-lite ${varDir} /var/secrets/webapps/tools-etherpad /var/secrets/webapps/tools-etherpad-sessionkey /var/secrets/webapps/tools-etherpad-apikey"
- ];
- };
- };
-
- services.myWebsites.tools.modules = [
- "headers" "proxy" "proxy_http" "proxy_wstunnel"
- ];
- security.acme.certs."eldiron".extraDomains."ether.immae.eu" = null;
- services.myWebsites.tools.vhostConfs.etherpad-lite = {
- certName = "eldiron";
- hosts = [ "ether.immae.eu" ];
- root = null;
- extraConfig = [ ''
- Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
- RequestHeader set X-Forwarded-Proto "https"
-
- RewriteEngine On
-
- RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" myconfig.env.tools.etherpad-lite.redirects}"
- RewriteCond %{QUERY_STRING} "!noredirect"
- RewriteCond %{REQUEST_URI} "^(.*)$"
- RewriteCond ''${redirects:$1|Unknown} "!Unknown"
- RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD]
-
- RewriteCond %{REQUEST_URI} ^/socket.io [NC]
- RewriteCond %{QUERY_STRING} transport=websocket [NC]
- RewriteRule /(.*) ws://localhost:${etherpad.listenPort}/$1 [P,L]
-
- <IfModule mod_proxy.c>
- ProxyVia On
- ProxyRequests Off
- ProxyPreserveHost On
- ProxyPass / http://localhost:${etherpad.listenPort}/
- ProxyPassReverse / http://localhost:${etherpad.listenPort}/
- <Proxy *>
- Options FollowSymLinks MultiViews
- AllowOverride None
- Require all granted
- </Proxy>
- </IfModule>
- '' ];
- };
- };
-}
+++ /dev/null
-{ env, etherpad-lite, etherpad-lite-modules, writeText, pkgs }:
-let
- listenPort = env.listenPort;
- sessionkey = writeText "SESSIONKEY.txt" env.session_key;
- apikey = writeText "APIKEY.txt" env.api_key;
- keys = [
- {
- dest = "webapps/tools-etherpad-apikey";
- permissions = "0400";
- text = env.api_key;
- }
- {
- dest = "webapps/tools-etherpad-sessionkey";
- permissions = "0400";
- text = env.session_key;
- }
- {
- dest = "webapps/tools-etherpad";
- permissions = "0400";
- text =
- # Make sure we’re not rebuilding whole libreoffice just because of a
- # dependency
- let libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
- in
- ''
- {
- "title": "Etherpad",
- "favicon": "favicon.ico",
-
- "ip": "127.0.0.1",
- "port" : ${env.listenPort},
- "showSettingsInAdminPage" : false,
- "dbType" : "postgres",
- "dbSettings" : {
- "user" : "${env.postgresql.user}",
- "host" : "${env.postgresql.socket}",
- "password": "${env.postgresql.password}",
- "database": "${env.postgresql.database}",
- "charset" : "utf8mb4"
- },
-
- "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
- "padOptions": {
- "noColors": false,
- "showControls": true,
- "showChat": true,
- "showLineNumbers": true,
- "useMonospaceFont": false,
- "userName": false,
- "userColor": false,
- "rtl": false,
- "alwaysShowChat": false,
- "chatAndUsers": false,
- "lang": "en-gb"
- },
-
- "suppressErrorsInPadText" : false,
- "requireSession" : false,
- "editOnly" : false,
- "sessionNoPassword" : false,
- "minify" : true,
- "maxAge" : 21600,
- "abiword" : null,
- "soffice" : "${libreoffice}/bin/soffice",
- "tidyHtml" : "${pkgs.html-tidy}/bin/tidy",
- "allowUnknownFileEnds" : true,
- "requireAuthentication" : false,
- "requireAuthorization" : false,
- "trustProxy" : false,
- "disableIPlogging" : false,
- "automaticReconnectionTimeout" : 0,
- "scrollWhenFocusLineIsOutOfViewport": {
- "percentage": {
- "editionAboveViewport": 0,
- "editionBelowViewport": 0
- },
- "duration": 0,
- "scrollWhenCaretIsInTheLastLineOfViewport": false,
- "percentageToScrollWhenUserPressesArrowUp": 0
- },
- "users": {
- "ldapauth": {
- "url": "ldaps://${env.ldap.host}",
- "accountBase": "${env.ldap.base}",
- "accountPattern": "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))",
- "displayNameAttribute": "cn",
- "searchDN": "cn=etherpad,ou=services,dc=immae,dc=eu",
- "searchPWD": "${env.ldap.password}",
- "groupSearchBase": "${env.ldap.base}",
- "groupAttribute": "member",
- "groupAttributeIsDN": true,
- "searchScope": "sub",
- "groupSearch": "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)",
- "anonymousReadonly": false
- }
- },
- "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
- "loadTest": false,
- "indentationOnNewLine": false,
- "toolbar": {
- "left": [
- ["bold", "italic", "underline", "strikethrough"],
- ["orderedlist", "unorderedlist", "indent", "outdent"],
- ["undo", "redo"],
- ["clearauthorship"]
- ],
- "right": [
- ["importexport", "timeslider", "savedrevision"],
- ["settings", "embed"],
- ["showusers"]
- ],
- "timeslider": [
- ["timeslider_export", "timeslider_returnToPad"]
- ]
- },
- "loglevel": "INFO",
- "logconfig" : { "appenders": [ { "type": "console" } ] }
- }
- '';
- }
- ];
- webappDir = etherpad-lite.withModules (builtins.attrValues etherpad-lite-modules);
-in
- {
- inherit webappDir keys listenPort;
- }
projects / perso / Immae / Config / Nix.git / commitdiff
