]>
Commit | Line | Data |
---|---|---|
bf3b7671 IB |
1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
2 | let | |
bf3b7671 | 3 | env = myconfig.env.tools.etherpad-lite; |
bf3b7671 IB |
4 | cfg = config.services.myWebsites.tools.etherpad-lite; |
5 | # Make sure we’re not rebuilding whole libreoffice just because of a | |
6 | # dependency | |
7 | libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh; | |
8 | in { | |
9 | options.services.myWebsites.tools.etherpad-lite = { | |
10 | enable = lib.mkEnableOption "enable etherpad's website"; | |
11 | }; | |
12 | ||
13 | config = lib.mkIf cfg.enable { | |
1a718805 | 14 | secrets.keys = [ |
bf3b7671 IB |
15 | { |
16 | dest = "webapps/tools-etherpad-apikey"; | |
17 | permissions = "0400"; | |
18 | text = env.api_key; | |
19 | } | |
20 | { | |
21 | dest = "webapps/tools-etherpad-sessionkey"; | |
22 | permissions = "0400"; | |
23 | text = env.session_key; | |
24 | } | |
25 | { | |
26 | dest = "webapps/tools-etherpad"; | |
27 | permissions = "0400"; | |
28 | text = '' | |
29 | { | |
30 | "title": "Etherpad", | |
31 | "favicon": "favicon.ico", | |
32 | ||
33 | "ip": "127.0.0.1", | |
34 | "port" : ${env.listenPort}, | |
35 | "showSettingsInAdminPage" : false, | |
36 | "dbType" : "postgres", | |
37 | "dbSettings" : { | |
38 | "user" : "${env.postgresql.user}", | |
39 | "host" : "${env.postgresql.socket}", | |
40 | "password": "${env.postgresql.password}", | |
41 | "database": "${env.postgresql.database}", | |
42 | "charset" : "utf8mb4" | |
43 | }, | |
44 | ||
45 | "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n", | |
46 | "padOptions": { | |
47 | "noColors": false, | |
48 | "showControls": true, | |
49 | "showChat": true, | |
50 | "showLineNumbers": true, | |
51 | "useMonospaceFont": false, | |
52 | "userName": false, | |
53 | "userColor": false, | |
54 | "rtl": false, | |
55 | "alwaysShowChat": false, | |
56 | "chatAndUsers": false, | |
57 | "lang": "en-gb" | |
58 | }, | |
59 | ||
60 | "suppressErrorsInPadText" : false, | |
61 | "requireSession" : false, | |
62 | "editOnly" : false, | |
63 | "sessionNoPassword" : false, | |
64 | "minify" : true, | |
65 | "maxAge" : 21600, | |
66 | "abiword" : null, | |
67 | "soffice" : "${libreoffice}/bin/soffice", | |
68 | "tidyHtml" : "${pkgs.html-tidy}/bin/tidy", | |
69 | "allowUnknownFileEnds" : true, | |
70 | "requireAuthentication" : false, | |
71 | "requireAuthorization" : false, | |
72 | "trustProxy" : false, | |
73 | "disableIPlogging" : false, | |
74 | "automaticReconnectionTimeout" : 0, | |
75 | "scrollWhenFocusLineIsOutOfViewport": { | |
76 | "percentage": { | |
77 | "editionAboveViewport": 0, | |
78 | "editionBelowViewport": 0 | |
79 | }, | |
80 | "duration": 0, | |
81 | "scrollWhenCaretIsInTheLastLineOfViewport": false, | |
82 | "percentageToScrollWhenUserPressesArrowUp": 0 | |
83 | }, | |
84 | "users": { | |
85 | "ldapauth": { | |
86 | "url": "ldaps://${env.ldap.host}", | |
87 | "accountBase": "${env.ldap.base}", | |
88 | "accountPattern": "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))", | |
89 | "displayNameAttribute": "cn", | |
90 | "searchDN": "cn=etherpad,ou=services,dc=immae,dc=eu", | |
91 | "searchPWD": "${env.ldap.password}", | |
92 | "groupSearchBase": "${env.ldap.base}", | |
93 | "groupAttribute": "member", | |
94 | "groupAttributeIsDN": true, | |
95 | "searchScope": "sub", | |
96 | "groupSearch": "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)", | |
97 | "anonymousReadonly": false | |
98 | } | |
99 | }, | |
100 | "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"], | |
101 | "loadTest": false, | |
102 | "indentationOnNewLine": false, | |
103 | "toolbar": { | |
104 | "left": [ | |
105 | ["bold", "italic", "underline", "strikethrough"], | |
106 | ["orderedlist", "unorderedlist", "indent", "outdent"], | |
107 | ["undo", "redo"], | |
108 | ["clearauthorship"] | |
109 | ], | |
110 | "right": [ | |
111 | ["importexport", "timeslider", "savedrevision"], | |
112 | ["settings", "embed"], | |
113 | ["showusers"] | |
114 | ], | |
115 | "timeslider": [ | |
116 | ["timeslider_export", "timeslider_returnToPad"] | |
117 | ] | |
118 | }, | |
119 | "loglevel": "INFO", | |
120 | "logconfig" : { "appenders": [ { "type": "console" } ] } | |
121 | } | |
122 | ''; | |
123 | } | |
124 | ]; | |
742c28ad IB |
125 | services.etherpad-lite = { |
126 | enable = true; | |
127 | modules = builtins.attrValues pkgs.webapps.etherpad-lite-modules; | |
128 | sessionKeyFile = "/var/secrets/webapps/tools-etherpad-sessionkey"; | |
129 | apiKeyFile = "/var/secrets/webapps/tools-etherpad-apikey"; | |
130 | configFile = "/var/secrets/webapps/tools-etherpad"; | |
bf3b7671 IB |
131 | }; |
132 | ||
742c28ad IB |
133 | systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys"; |
134 | ||
bf3b7671 IB |
135 | services.myWebsites.tools.modules = [ |
136 | "headers" "proxy" "proxy_http" "proxy_wstunnel" | |
137 | ]; | |
138 | security.acme.certs."eldiron".extraDomains."ether.immae.eu" = null; | |
139 | services.myWebsites.tools.vhostConfs.etherpad-lite = { | |
140 | certName = "eldiron"; | |
141 | hosts = [ "ether.immae.eu" ]; | |
142 | root = null; | |
143 | extraConfig = [ '' | |
144 | Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;" | |
145 | RequestHeader set X-Forwarded-Proto "https" | |
146 | ||
147 | RewriteEngine On | |
148 | ||
149 | RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" myconfig.env.tools.etherpad-lite.redirects}" | |
150 | RewriteCond %{QUERY_STRING} "!noredirect" | |
151 | RewriteCond %{REQUEST_URI} "^(.*)$" | |
152 | RewriteCond ''${redirects:$1|Unknown} "!Unknown" | |
153 | RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD] | |
154 | ||
155 | RewriteCond %{REQUEST_URI} ^/socket.io [NC] | |
156 | RewriteCond %{QUERY_STRING} transport=websocket [NC] | |
157 | RewriteRule /(.*) ws://localhost:${env.listenPort}/$1 [P,L] | |
158 | ||
159 | <IfModule mod_proxy.c> | |
160 | ProxyVia On | |
161 | ProxyRequests Off | |
162 | ProxyPreserveHost On | |
163 | ProxyPass / http://localhost:${env.listenPort}/ | |
164 | ProxyPassReverse / http://localhost:${env.listenPort}/ | |
165 | <Proxy *> | |
166 | Options FollowSymLinks MultiViews | |
167 | AllowOverride None | |
168 | Require all granted | |
169 | </Proxy> | |
170 | </IfModule> | |
171 | '' ]; | |
172 | }; | |
173 | }; | |
174 | } |