[perso/Immae/Config/Nix.git] / modules / private / websites / tools / ether / default.nix

{ lib, pkgs, config,  ... }:
let
  env = config.myEnv.tools.etherpad-lite;
  cfg = config.myServices.websites.tools.etherpad-lite;
  # Make sure we’re not rebuilding whole libreoffice just because of a
  # dependency
  libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
  ecfg = config.services.etherpad-lite;
in {
  options.myServices.websites.tools.etherpad-lite = {
    enable = lib.mkEnableOption "enable etherpad's website";
  };

  config = lib.mkIf cfg.enable {
    services.duplyBackup.profiles.etherpad-lite = {
      rootDir = "/var/lib/private/etherpad-lite";
    };
    secrets.keys = {
      "webapps/tools-etherpad-apikey" = {
        permissions = "0400";
        text = env.api_key;
      };
      "webapps/tools-etherpad-sessionkey" = {
        permissions = "0400";
        text = env.session_key;
      };
      "webapps/tools-etherpad" = {
        permissions = "0400";
        text = ''
          {
            "title": "Etherpad",
            "favicon": "favicon.ico",
            "skinName": "colibris",
            "skinVariants": "dark-toolbar light-background super-light-editor full-width-editor",

            "ip": "",
            "port" : "${ecfg.sockets.node}",
            "showSettingsInAdminPage" : false,
            "dbType" : "postgres",
            "dbSettings" : {
              "user"    : "${env.postgresql.user}",
              "host"    : "${env.postgresql.socket}",
              "password": "${env.postgresql.password}",
              "database": "${env.postgresql.database}",
              "charset" : "utf8mb4"
            },

            "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
            "padOptions": {
              "noColors": false,
              "showControls": true,
              "showChat": true,
              "showLineNumbers": true,
              "useMonospaceFont": false,
              "userName": false,
              "userColor": false,
              "rtl": false,
              "alwaysShowChat": false,
              "chatAndUsers": false,
              "lang": "fr"
            },

            "suppressErrorsInPadText" : false,
            "requireSession" : false,
            "editOnly" : false,
            "sessionNoPassword" : false,
            "minify" : true,
            "maxAge" : 21600,
            "abiword" : null,
            "soffice" : "${libreoffice}/bin/soffice",
            "tidyHtml" : "",
            "allowUnknownFileEnds" : true,
            "requireAuthentication" : false,
            "requireAuthorization" : false,
            "trustProxy" : false,
            "disableIPlogging" : false,
            "automaticReconnectionTimeout" : 0,
            "scrollWhenFocusLineIsOutOfViewport": {
              "percentage": {
                "editionAboveViewport": 0,
                "editionBelowViewport": 0
              },
              "duration": 0,
              "scrollWhenCaretIsInTheLastLineOfViewport": false,
              "percentageToScrollWhenUserPressesArrowUp": 0
            },
            "users": {
              "admin": {
                "password": "${env.adminPassword}",
                "is_admin": true
              },
              "ldapauth": {
                "hash": "invalid",
                "url": "ldaps://${env.ldap.host}",
                "accountBase": "${env.ldap.base}",
                "accountPattern": "${env.ldap.filter}",
                "displayNameAttribute": "cn",
                "searchDN": "${env.ldap.dn}",
                "searchPWD": "${env.ldap.password}",
                "groupSearchBase": "${env.ldap.base}",
                "groupAttribute": "member",
                "groupAttributeIsDN": true,
                "searchScope": "sub",
                "groupSearch": "${env.ldap.group_filter}",
                "anonymousReadonly": false
              }
            },
            "ep_mypads": {
              "warning": "This hash is stored in database, changing anything here will not have any consequence",
              "ldap": {
                "url": "ldaps://${env.ldap.host}",
                "bindDN": "${env.ldap.dn}",
                "bindCredentials": "${env.ldap.password}",
                "searchBase": "${env.ldap.base}",
                "searchFilter": "${env.ldap.filter}",
                "properties": {
                  "login": "uid",
                  "email": "mail",
                  "firstname": "givenName",
                  "lastname": "sn"
                },
                "defaultLang": "fr"
              }
            },
            "ep_comments_page": {
              "displayCommentAsIcon": true,
              "highlightSelectedText": true
            },
            "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
            "loadTest": false,
            "indentationOnNewLine": false,
            "toolbar": {
              "left": [
                ["bold", "italic", "underline", "strikethrough"],
                ["orderedlist", "unorderedlist", "indent", "outdent"],
                ["undo", "redo"],
                ["clearauthorship"]
              ],
              "right": [
                ["importexport", "timeslider", "savedrevision"],
                ["settings", "embed"],
                ["showusers"]
              ],
              "timeslider": [
                ["timeslider_export", "timeslider_returnToPad"]
              ]
            },
            "loglevel": "INFO",
            "logconfig" : { "appenders": [ { "type": "console" } ] }
          }
        '';
      };
    };
    services.etherpad-lite = {
      enable = true;
      package = pkgs.webapps.etherpad-lite.withModules (p: [
        p.ep_align p.ep_bookmark p.ep_colors p.ep_comments_page
        p.ep_cursortrace p.ep_delete_empty_pads p.ep_embedmedia
        p.ep_font_size p.ep_headings2 p.ep_immae_buttons p.ep_ldapauth
        p.ep_line_height p.ep_markdown p.ep_mypads p.ep_page_view
        p.ep_previewimages p.ep_ruler p.ep_scrollto
        p.ep_set_title_on_pad p.ep_subscript_and_superscript
        p.ep_timesliderdiff
      ]);
      modules = [];
      sessionKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-sessionkey";
      apiKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-apikey";
      configFile = config.secrets.fullPaths."webapps/tools-etherpad";
    };

    systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
    # Needed so that they get in the closure
    systemd.services.etherpad-lite.path = [ libreoffice pkgs.html-tidy ];

    services.filesWatcher.etherpad-lite = {
      restart = true;
      paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ];
    };

    services.websites.env.tools.modules = [
      "headers" "proxy" "proxy_http" "proxy_wstunnel"
    ];
    services.websites.env.tools.vhostConfs.etherpad-lite = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = [ "ether.immae.eu" ];
      root        = null;
      extraConfig = [ ''
        Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
        RequestHeader set X-Forwarded-Proto "https"

        RewriteEngine On

        RewriteMap  redirects "txt:${pkgs.writeText "redirects.txt" config.myEnv.tools.etherpad-lite.redirects}"
        RewriteCond %{QUERY_STRING}         "!noredirect"
        RewriteCond %{REQUEST_URI}          "^(.*)$"
        RewriteCond ''${redirects:$1|Unknown} "!Unknown"
        RewriteRule "^(.*)$"                ''${redirects:$1}  [L,NE,R=301,QSD]

        RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
        RewriteCond %{QUERY_STRING} transport=websocket    [NC]
        RewriteRule /(.*)           unix://${ecfg.sockets.node}|ws://ether.immae.eu/$1 [P,NE,QSA,L]

        <IfModule mod_proxy.c>
          ProxyVia On
          ProxyRequests Off
          ProxyPreserveHost On
          ProxyPass         / unix://${ecfg.sockets.node}|http://ether.immae.eu/
          ProxyPassReverse  / unix://${ecfg.sockets.node}|http://ether.immae.eu/
          <Proxy *>
            Options FollowSymLinks MultiViews
            AllowOverride None
            Require all granted
          </Proxy>
        </IfModule>
      '' ];
    };
  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
bf3b7671	2	let
ab8f306d	3	env = config.myEnv.tools.etherpad-lite;
4288c2f2	4	cfg = config.myServices.websites.tools.etherpad-lite;
bf3b7671 IB	5	# Make sure we’re not rebuilding whole libreoffice just because of a
	6	# dependency
	7	libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
5af8d43b	8	ecfg = config.services.etherpad-lite;
bf3b7671	9	in {
4288c2f2	10	options.myServices.websites.tools.etherpad-lite = {
bf3b7671 IB	11	enable = lib.mkEnableOption "enable etherpad's website";
	12	};
	13
	14	config = lib.mkIf cfg.enable {
d2e703c5	15	services.duplyBackup.profiles.etherpad-lite = {
6a8252b1 IB	16	rootDir = "/var/lib/private/etherpad-lite";
6a8252b1 IB	17	};
4c4652aa IB	18	secrets.keys = {
4c4652aa IB	19	"webapps/tools-etherpad-apikey" = {
bf3b7671 IB	20	permissions = "0400";
bf3b7671 IB	21	text = env.api_key;
4c4652aa IB	22	};
4c4652aa IB	23	"webapps/tools-etherpad-sessionkey" = {
bf3b7671 IB	24	permissions = "0400";
bf3b7671 IB	25	text = env.session_key;
4c4652aa IB	26	};
4c4652aa IB	27	"webapps/tools-etherpad" = {
bf3b7671 IB	28	permissions = "0400";
	29	text = ''
	30	{
	31	"title": "Etherpad",
	32	"favicon": "favicon.ico",
d3e4c366 IB	33	"skinName": "colibris",
d3e4c366 IB	34	"skinVariants": "dark-toolbar light-background super-light-editor full-width-editor",
bf3b7671	35
5af8d43b IB	36	"ip": "",
5af8d43b IB	37	"port" : "${ecfg.sockets.node}",
bf3b7671 IB	38	"showSettingsInAdminPage" : false,
	39	"dbType" : "postgres",
	40	"dbSettings" : {
	41	"user" : "${env.postgresql.user}",
	42	"host" : "${env.postgresql.socket}",
	43	"password": "${env.postgresql.password}",
	44	"database": "${env.postgresql.database}",
	45	"charset" : "utf8mb4"
	46	},
	47
	48	"defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
	49	"padOptions": {
	50	"noColors": false,
	51	"showControls": true,
	52	"showChat": true,
	53	"showLineNumbers": true,
	54	"useMonospaceFont": false,
	55	"userName": false,
	56	"userColor": false,
	57	"rtl": false,
	58	"alwaysShowChat": false,
	59	"chatAndUsers": false,
78228078	60	"lang": "fr"
bf3b7671 IB	61	},
	62
	63	"suppressErrorsInPadText" : false,
	64	"requireSession" : false,
	65	"editOnly" : false,
	66	"sessionNoPassword" : false,
	67	"minify" : true,
	68	"maxAge" : 21600,
	69	"abiword" : null,
	70	"soffice" : "${libreoffice}/bin/soffice",
78228078	71	"tidyHtml" : "",
bf3b7671 IB	72	"allowUnknownFileEnds" : true,
	73	"requireAuthentication" : false,
	74	"requireAuthorization" : false,
	75	"trustProxy" : false,
	76	"disableIPlogging" : false,
	77	"automaticReconnectionTimeout" : 0,
	78	"scrollWhenFocusLineIsOutOfViewport": {
	79	"percentage": {
	80	"editionAboveViewport": 0,
	81	"editionBelowViewport": 0
	82	},
	83	"duration": 0,
	84	"scrollWhenCaretIsInTheLastLineOfViewport": false,
	85	"percentageToScrollWhenUserPressesArrowUp": 0
	86	},
	87	"users": {
f0d942ac IB	88	"admin": {
	89	"password": "${env.adminPassword}",
	90	"is_admin": true
	91	},
bf3b7671	92	"ldapauth": {
d3e4c366	93	"hash": "invalid",
bf3b7671 IB	94	"url": "ldaps://${env.ldap.host}",
bf3b7671 IB	95	"accountBase": "${env.ldap.base}",
ab8f306d	96	"accountPattern": "${env.ldap.filter}",
bf3b7671	97	"displayNameAttribute": "cn",
ab8f306d	98	"searchDN": "${env.ldap.dn}",
bf3b7671 IB	99	"searchPWD": "${env.ldap.password}",
	100	"groupSearchBase": "${env.ldap.base}",
	101	"groupAttribute": "member",
	102	"groupAttributeIsDN": true,
	103	"searchScope": "sub",
ab8f306d	104	"groupSearch": "${env.ldap.group_filter}",
bf3b7671 IB	105	"anonymousReadonly": false
	106	}
	107	},
f0d942ac IB	108	"ep_mypads": {
	109	"warning": "This hash is stored in database, changing anything here will not have any consequence",
	110	"ldap": {
	111	"url": "ldaps://${env.ldap.host}",
	112	"bindDN": "${env.ldap.dn}",
	113	"bindCredentials": "${env.ldap.password}",
	114	"searchBase": "${env.ldap.base}",
	115	"searchFilter": "${env.ldap.filter}",
	116	"properties": {
	117	"login": "uid",
	118	"email": "mail",
	119	"firstname": "givenName",
	120	"lastname": "sn"
	121	},
	122	"defaultLang": "fr"
	123	}
	124	},
4b0a82cc IB	125	"ep_comments_page": {
	126	"displayCommentAsIcon": true,
	127	"highlightSelectedText": true
	128	},
bf3b7671 IB	129	"socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
	130	"loadTest": false,
	131	"indentationOnNewLine": false,
	132	"toolbar": {
	133	"left": [
	134	["bold", "italic", "underline", "strikethrough"],
	135	["orderedlist", "unorderedlist", "indent", "outdent"],
	136	["undo", "redo"],
	137	["clearauthorship"]
	138	],
	139	"right": [
	140	["importexport", "timeslider", "savedrevision"],
	141	["settings", "embed"],
	142	["showusers"]
	143	],
	144	"timeslider": [
	145	["timeslider_export", "timeslider_returnToPad"]
	146	]
	147	},
	148	"loglevel": "INFO",
	149	"logconfig" : { "appenders": [ { "type": "console" } ] }
	150	}
	151	'';
4c4652aa IB	152	};
4c4652aa IB	153	};
742c28ad IB	154	services.etherpad-lite = {
742c28ad IB	155	enable = true;
4b0a82cc IB	156	package = pkgs.webapps.etherpad-lite.withModules (p: [
	157	p.ep_align p.ep_bookmark p.ep_colors p.ep_comments_page
	158	p.ep_cursortrace p.ep_delete_empty_pads p.ep_embedmedia
	159	p.ep_font_size p.ep_headings2 p.ep_immae_buttons p.ep_ldapauth
	160	p.ep_line_height p.ep_markdown p.ep_mypads p.ep_page_view
	161	p.ep_previewimages p.ep_ruler p.ep_scrollto
	162	p.ep_set_title_on_pad p.ep_subscript_and_superscript
	163	p.ep_timesliderdiff
	164	]);
	165	modules = [];
da30ae4f IB	166	sessionKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-sessionkey";
	167	apiKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-apikey";
	168	configFile = config.secrets.fullPaths."webapps/tools-etherpad";
bf3b7671 IB	169	};
bf3b7671 IB	170
742c28ad	171	systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
78228078 IB	172	# Needed so that they get in the closure
78228078 IB	173	systemd.services.etherpad-lite.path = [ libreoffice pkgs.html-tidy ];
742c28ad	174
17f6eae9 IB	175	services.filesWatcher.etherpad-lite = {
	176	restart = true;
	177	paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ];
	178	};
	179
29f8cb85	180	services.websites.env.tools.modules = [
bf3b7671 IB	181	"headers" "proxy" "proxy_http" "proxy_wstunnel"
bf3b7671 IB	182	];
29f8cb85	183	services.websites.env.tools.vhostConfs.etherpad-lite = {
bf3b7671	184	certName = "eldiron";
7df420c2	185	addToCerts = true;
bf3b7671 IB	186	hosts = [ "ether.immae.eu" ];
	187	root = null;
	188	extraConfig = [ ''
	189	Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
	190	RequestHeader set X-Forwarded-Proto "https"
	191
	192	RewriteEngine On
	193
ab8f306d	194	RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" config.myEnv.tools.etherpad-lite.redirects}"
bf3b7671 IB	195	RewriteCond %{QUERY_STRING} "!noredirect"
	196	RewriteCond %{REQUEST_URI} "^(.*)$"
	197	RewriteCond ''${redirects:$1\|Unknown} "!Unknown"
	198	RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD]
	199
	200	RewriteCond %{REQUEST_URI} ^/socket.io [NC]
	201	RewriteCond %{QUERY_STRING} transport=websocket [NC]
5af8d43b	202	RewriteRule /(.*) unix://${ecfg.sockets.node}\|ws://ether.immae.eu/$1 [P,NE,QSA,L]
bf3b7671 IB	203
	204	<IfModule mod_proxy.c>
	205	ProxyVia On
	206	ProxyRequests Off
	207	ProxyPreserveHost On
5af8d43b IB	208	ProxyPass / unix://${ecfg.sockets.node}\|http://ether.immae.eu/
5af8d43b IB	209	ProxyPassReverse / unix://${ecfg.sockets.node}\|http://ether.immae.eu/
bf3b7671 IB	210	<Proxy *>
	211	Options FollowSymLinks MultiViews
	212	AllowOverride None
	213	Require all granted
	214	</Proxy>
	215	</IfModule>
	216	'' ];
	217	};
	218	};
	219	}