1 { lib, pkgs, config, ... }:
3 env = config.myEnv.tools.etherpad-lite;
4 cfg = config.myServices.websites.tools.etherpad-lite;
5 # Make sure we’re not rebuilding whole libreoffice just because of a
7 libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
8 ecfg = config.services.etherpad-lite;
10 options.myServices.websites.tools.etherpad-lite = {
11 enable = lib.mkEnableOption "enable etherpad's website";
14 config = lib.mkIf cfg.enable {
15 services.duplyBackup.profiles.etherpad-lite = {
16 rootDir = "/var/lib/private/etherpad-lite";
20 dest = "webapps/tools-etherpad-apikey";
25 dest = "webapps/tools-etherpad-sessionkey";
27 text = env.session_key;
30 dest = "webapps/tools-etherpad";
35 "favicon": "favicon.ico",
36 "skinName": "colibris",
37 "skinVariants": "dark-toolbar light-background super-light-editor full-width-editor",
40 "port" : "${ecfg.sockets.node}",
41 "showSettingsInAdminPage" : false,
42 "dbType" : "postgres",
44 "user" : "${env.postgresql.user}",
45 "host" : "${env.postgresql.socket}",
46 "password": "${env.postgresql.password}",
47 "database": "${env.postgresql.database}",
51 "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
56 "showLineNumbers": true,
57 "useMonospaceFont": false,
61 "alwaysShowChat": false,
62 "chatAndUsers": false,
66 "suppressErrorsInPadText" : false,
67 "requireSession" : false,
69 "sessionNoPassword" : false,
73 "soffice" : "${libreoffice}/bin/soffice",
75 "allowUnknownFileEnds" : true,
76 "requireAuthentication" : false,
77 "requireAuthorization" : false,
79 "disableIPlogging" : false,
80 "automaticReconnectionTimeout" : 0,
81 "scrollWhenFocusLineIsOutOfViewport": {
83 "editionAboveViewport": 0,
84 "editionBelowViewport": 0
87 "scrollWhenCaretIsInTheLastLineOfViewport": false,
88 "percentageToScrollWhenUserPressesArrowUp": 0
92 "password": "${env.adminPassword}",
97 "url": "ldaps://${env.ldap.host}",
98 "accountBase": "${env.ldap.base}",
99 "accountPattern": "${env.ldap.filter}",
100 "displayNameAttribute": "cn",
101 "searchDN": "${env.ldap.dn}",
102 "searchPWD": "${env.ldap.password}",
103 "groupSearchBase": "${env.ldap.base}",
104 "groupAttribute": "member",
105 "groupAttributeIsDN": true,
106 "searchScope": "sub",
107 "groupSearch": "${env.ldap.group_filter}",
108 "anonymousReadonly": false
112 "warning": "This hash is stored in database, changing anything here will not have any consequence",
114 "url": "ldaps://${env.ldap.host}",
115 "bindDN": "${env.ldap.dn}",
116 "bindCredentials": "${env.ldap.password}",
117 "searchBase": "${env.ldap.base}",
118 "searchFilter": "${env.ldap.filter}",
122 "firstname": "givenName",
128 "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
130 "indentationOnNewLine": false,
133 ["bold", "italic", "underline", "strikethrough"],
134 ["orderedlist", "unorderedlist", "indent", "outdent"],
139 ["importexport", "timeslider", "savedrevision"],
140 ["settings", "embed"],
144 ["timeslider_export", "timeslider_returnToPad"]
148 "logconfig" : { "appenders": [ { "type": "console" } ] }
153 services.etherpad-lite = {
155 modules = builtins.attrValues pkgs.webapps.etherpad-lite-modules;
156 sessionKeyFile = "/var/secrets/webapps/tools-etherpad-sessionkey";
157 apiKeyFile = "/var/secrets/webapps/tools-etherpad-apikey";
158 configFile = "/var/secrets/webapps/tools-etherpad";
161 systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
162 # Needed so that they get in the closure
163 systemd.services.etherpad-lite.path = [ libreoffice pkgs.html-tidy ];
165 services.filesWatcher.etherpad-lite = {
167 paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ];
170 services.websites.env.tools.modules = [
171 "headers" "proxy" "proxy_http" "proxy_wstunnel"
173 services.websites.env.tools.vhostConfs.etherpad-lite = {
174 certName = "eldiron";
176 hosts = [ "ether.immae.eu" ];
179 Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
180 RequestHeader set X-Forwarded-Proto "https"
184 RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" config.myEnv.tools.etherpad-lite.redirects}"
185 RewriteCond %{QUERY_STRING} "!noredirect"
186 RewriteCond %{REQUEST_URI} "^(.*)$"
187 RewriteCond ''${redirects:$1|Unknown} "!Unknown"
188 RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD]
190 RewriteCond %{REQUEST_URI} ^/socket.io [NC]
191 RewriteCond %{QUERY_STRING} transport=websocket [NC]
192 RewriteRule /(.*) unix://${ecfg.sockets.node}|ws://ether.immae.eu/$1 [P,NE,QSA,L]
194 <IfModule mod_proxy.c>
198 ProxyPass / unix://${ecfg.sockets.node}|http://ether.immae.eu/
199 ProxyPassReverse / unix://${ecfg.sockets.node}|http://ether.immae.eu/
201 Options FollowSymLinks MultiViews