]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/ether/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add specification for the private config file as a module.
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / ether / default.nix
1 { lib, pkgs, config, ... }:
2 let
3 env = config.myEnv.tools.etherpad-lite;
4 cfg = config.myServices.websites.tools.etherpad-lite;
5 # Make sure we’re not rebuilding whole libreoffice just because of a
6 # dependency
7 libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
8 ecfg = config.services.etherpad-lite;
9 in {
10 options.myServices.websites.tools.etherpad-lite = {
11 enable = lib.mkEnableOption "enable etherpad's website";
12 };
13
14 config = lib.mkIf cfg.enable {
15 services.duplyBackup.profiles.etherpad-lite = {
16 rootDir = "/var/lib/private/etherpad-lite";
17 };
18 secrets.keys = [
19 {
20 dest = "webapps/tools-etherpad-apikey";
21 permissions = "0400";
22 text = env.api_key;
23 }
24 {
25 dest = "webapps/tools-etherpad-sessionkey";
26 permissions = "0400";
27 text = env.session_key;
28 }
29 {
30 dest = "webapps/tools-etherpad";
31 permissions = "0400";
32 text = ''
33 {
34 "title": "Etherpad",
35 "favicon": "favicon.ico",
36
37 "ip": "",
38 "port" : "${ecfg.sockets.node}",
39 "showSettingsInAdminPage" : false,
40 "dbType" : "postgres",
41 "dbSettings" : {
42 "user" : "${env.postgresql.user}",
43 "host" : "${env.postgresql.socket}",
44 "password": "${env.postgresql.password}",
45 "database": "${env.postgresql.database}",
46 "charset" : "utf8mb4"
47 },
48
49 "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
50 "padOptions": {
51 "noColors": false,
52 "showControls": true,
53 "showChat": true,
54 "showLineNumbers": true,
55 "useMonospaceFont": false,
56 "userName": false,
57 "userColor": false,
58 "rtl": false,
59 "alwaysShowChat": false,
60 "chatAndUsers": false,
61 "lang": "en-gb"
62 },
63
64 "suppressErrorsInPadText" : false,
65 "requireSession" : false,
66 "editOnly" : false,
67 "sessionNoPassword" : false,
68 "minify" : true,
69 "maxAge" : 21600,
70 "abiword" : null,
71 "soffice" : "${libreoffice}/bin/soffice",
72 "tidyHtml" : "${pkgs.html-tidy}/bin/tidy",
73 "allowUnknownFileEnds" : true,
74 "requireAuthentication" : false,
75 "requireAuthorization" : false,
76 "trustProxy" : false,
77 "disableIPlogging" : false,
78 "automaticReconnectionTimeout" : 0,
79 "scrollWhenFocusLineIsOutOfViewport": {
80 "percentage": {
81 "editionAboveViewport": 0,
82 "editionBelowViewport": 0
83 },
84 "duration": 0,
85 "scrollWhenCaretIsInTheLastLineOfViewport": false,
86 "percentageToScrollWhenUserPressesArrowUp": 0
87 },
88 "users": {
89 "ldapauth": {
90 "url": "ldaps://${env.ldap.host}",
91 "accountBase": "${env.ldap.base}",
92 "accountPattern": "${env.ldap.filter}",
93 "displayNameAttribute": "cn",
94 "searchDN": "${env.ldap.dn}",
95 "searchPWD": "${env.ldap.password}",
96 "groupSearchBase": "${env.ldap.base}",
97 "groupAttribute": "member",
98 "groupAttributeIsDN": true,
99 "searchScope": "sub",
100 "groupSearch": "${env.ldap.group_filter}",
101 "anonymousReadonly": false
102 }
103 },
104 "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
105 "loadTest": false,
106 "indentationOnNewLine": false,
107 "toolbar": {
108 "left": [
109 ["bold", "italic", "underline", "strikethrough"],
110 ["orderedlist", "unorderedlist", "indent", "outdent"],
111 ["undo", "redo"],
112 ["clearauthorship"]
113 ],
114 "right": [
115 ["importexport", "timeslider", "savedrevision"],
116 ["settings", "embed"],
117 ["showusers"]
118 ],
119 "timeslider": [
120 ["timeslider_export", "timeslider_returnToPad"]
121 ]
122 },
123 "loglevel": "INFO",
124 "logconfig" : { "appenders": [ { "type": "console" } ] }
125 }
126 '';
127 }
128 ];
129 services.etherpad-lite = {
130 enable = true;
131 modules = builtins.attrValues pkgs.webapps.etherpad-lite-modules;
132 sessionKeyFile = "/var/secrets/webapps/tools-etherpad-sessionkey";
133 apiKeyFile = "/var/secrets/webapps/tools-etherpad-apikey";
134 configFile = "/var/secrets/webapps/tools-etherpad";
135 };
136
137 systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
138
139 services.filesWatcher.etherpad-lite = {
140 restart = true;
141 paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ];
142 };
143
144 services.websites.env.tools.modules = [
145 "headers" "proxy" "proxy_http" "proxy_wstunnel"
146 ];
147 services.websites.env.tools.vhostConfs.etherpad-lite = {
148 certName = "eldiron";
149 addToCerts = true;
150 hosts = [ "ether.immae.eu" ];
151 root = null;
152 extraConfig = [ ''
153 Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
154 RequestHeader set X-Forwarded-Proto "https"
155
156 RewriteEngine On
157
158 RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" config.myEnv.tools.etherpad-lite.redirects}"
159 RewriteCond %{QUERY_STRING} "!noredirect"
160 RewriteCond %{REQUEST_URI} "^(.*)$"
161 RewriteCond ''${redirects:$1|Unknown} "!Unknown"
162 RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD]
163
164 RewriteCond %{REQUEST_URI} ^/socket.io [NC]
165 RewriteCond %{QUERY_STRING} transport=websocket [NC]
166 RewriteRule /(.*) unix://${ecfg.sockets.node}|ws://ether.immae.eu/$1 [P,NE,QSA,L]
167
168 <IfModule mod_proxy.c>
169 ProxyVia On
170 ProxyRequests Off
171 ProxyPreserveHost On
172 ProxyPass / unix://${ecfg.sockets.node}|http://ether.immae.eu/
173 ProxyPassReverse / unix://${ecfg.sockets.node}|http://ether.immae.eu/
174 <Proxy *>
175 Options FollowSymLinks MultiViews
176 AllowOverride None
177 Require all granted
178 </Proxy>
179 </IfModule>
180 '' ];
181 };
182 };
183 }
My infrastructure configuration