1 { lib, pkgs, config, ... }:
3 env = config.myEnv.tools.etherpad-lite;
4 cfg = config.myServices.websites.tools.etherpad-lite;
5 # Make sure we’re not rebuilding whole libreoffice just because of a
7 libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
8 ecfg = config.services.etherpad-lite;
10 options.myServices.websites.tools.etherpad-lite = {
11 enable = lib.mkEnableOption "enable etherpad's website";
14 config = lib.mkIf cfg.enable {
15 services.duplyBackup.profiles.etherpad-lite = {
16 rootDir = "/var/lib/private/etherpad-lite";
19 "webapps/tools-etherpad-apikey" = {
23 "webapps/tools-etherpad-sessionkey" = {
25 text = env.session_key;
27 "webapps/tools-etherpad" = {
32 "favicon": "favicon.ico",
33 "skinName": "colibris",
34 "skinVariants": "dark-toolbar light-background super-light-editor full-width-editor",
37 "port" : "${ecfg.sockets.node}",
38 "showSettingsInAdminPage" : false,
39 "dbType" : "postgres",
41 "user" : "${env.postgresql.user}",
42 "host" : "${env.postgresql.socket}",
43 "password": "${env.postgresql.password}",
44 "database": "${env.postgresql.database}",
48 "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
53 "showLineNumbers": true,
54 "useMonospaceFont": false,
58 "alwaysShowChat": false,
59 "chatAndUsers": false,
63 "suppressErrorsInPadText" : false,
64 "requireSession" : false,
66 "sessionNoPassword" : false,
70 "soffice" : "${libreoffice}/bin/soffice",
72 "allowUnknownFileEnds" : true,
73 "requireAuthentication" : false,
74 "requireAuthorization" : false,
76 "disableIPlogging" : false,
77 "automaticReconnectionTimeout" : 0,
78 "scrollWhenFocusLineIsOutOfViewport": {
80 "editionAboveViewport": 0,
81 "editionBelowViewport": 0
84 "scrollWhenCaretIsInTheLastLineOfViewport": false,
85 "percentageToScrollWhenUserPressesArrowUp": 0
89 "password": "${env.adminPassword}",
94 "url": "ldaps://${env.ldap.host}",
95 "accountBase": "${env.ldap.base}",
96 "accountPattern": "${env.ldap.filter}",
97 "displayNameAttribute": "cn",
98 "searchDN": "${env.ldap.dn}",
99 "searchPWD": "${env.ldap.password}",
100 "groupSearchBase": "${env.ldap.base}",
101 "groupAttribute": "member",
102 "groupAttributeIsDN": true,
103 "searchScope": "sub",
104 "groupSearch": "${env.ldap.group_filter}",
105 "anonymousReadonly": false
109 "warning": "This hash is stored in database, changing anything here will not have any consequence",
111 "url": "ldaps://${env.ldap.host}",
112 "bindDN": "${env.ldap.dn}",
113 "bindCredentials": "${env.ldap.password}",
114 "searchBase": "${env.ldap.base}",
115 "searchFilter": "${env.ldap.filter}",
119 "firstname": "givenName",
125 "ep_comments_page": {
126 "displayCommentAsIcon": true,
127 "highlightSelectedText": true
129 "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
131 "indentationOnNewLine": false,
134 ["bold", "italic", "underline", "strikethrough"],
135 ["orderedlist", "unorderedlist", "indent", "outdent"],
140 ["importexport", "timeslider", "savedrevision"],
141 ["settings", "embed"],
145 ["timeslider_export", "timeslider_returnToPad"]
149 "logconfig" : { "appenders": [ { "type": "console" } ] }
154 services.etherpad-lite = {
156 package = pkgs.webapps.etherpad-lite.withModules (p: [
157 p.ep_align p.ep_bookmark p.ep_colors p.ep_comments_page
158 p.ep_cursortrace p.ep_delete_empty_pads p.ep_embedmedia
159 p.ep_font_size p.ep_headings2 p.ep_immae_buttons p.ep_ldapauth
160 p.ep_line_height p.ep_markdown p.ep_mypads p.ep_page_view
161 p.ep_previewimages p.ep_ruler p.ep_scrollto
162 p.ep_set_title_on_pad p.ep_subscript_and_superscript
166 sessionKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-sessionkey";
167 apiKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-apikey";
168 configFile = config.secrets.fullPaths."webapps/tools-etherpad";
171 systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
172 # Needed so that they get in the closure
173 systemd.services.etherpad-lite.path = [ libreoffice pkgs.html-tidy ];
175 services.filesWatcher.etherpad-lite = {
177 paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ];
180 services.websites.env.tools.modules = [
181 "headers" "proxy" "proxy_http" "proxy_wstunnel"
183 services.websites.env.tools.vhostConfs.etherpad-lite = {
184 certName = "eldiron";
186 hosts = [ "ether.immae.eu" ];
189 Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
190 RequestHeader set X-Forwarded-Proto "https"
194 RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" config.myEnv.tools.etherpad-lite.redirects}"
195 RewriteCond %{QUERY_STRING} "!noredirect"
196 RewriteCond %{REQUEST_URI} "^(.*)$"
197 RewriteCond ''${redirects:$1|Unknown} "!Unknown"
198 RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD]
200 RewriteCond %{REQUEST_URI} ^/socket.io [NC]
201 RewriteCond %{QUERY_STRING} transport=websocket [NC]
202 RewriteRule /(.*) unix://${ecfg.sockets.node}|ws://ether.immae.eu/$1 [P,NE,QSA,L]
204 <IfModule mod_proxy.c>
208 ProxyPass / unix://${ecfg.sockets.node}|http://ether.immae.eu/
209 ProxyPassReverse / unix://${ecfg.sockets.node}|http://ether.immae.eu/
211 Options FollowSymLinks MultiViews