]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/ether/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:


da88ec54bb5c88e69818ceeda28d4237f7fedf1f
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / ether / default.nix
1 { lib, pkgs, config, ... }:
2 let
3 env = config.myEnv.tools.etherpad-lite;
4 cfg = config.myServices.websites.tools.etherpad-lite;
5 # Make sure we’re not rebuilding whole libreoffice just because of a
6 # dependency
7 libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
8 ecfg = config.services.etherpad-lite;
9 in {
10 options.myServices.websites.tools.etherpad-lite = {
11 enable = lib.mkEnableOption "enable etherpad's website";
12 };
13
14 config = lib.mkIf cfg.enable {
15 services.duplyBackup.profiles.etherpad-lite = {
16 rootDir = "/var/lib/private/etherpad-lite";
17 };
18 secrets.keys = [
19 {
20 dest = "webapps/tools-etherpad-apikey";
21 permissions = "0400";
22 text = env.api_key;
23 }
24 {
25 dest = "webapps/tools-etherpad-sessionkey";
26 permissions = "0400";
27 text = env.session_key;
28 }
29 {
30 dest = "webapps/tools-etherpad";
31 permissions = "0400";
32 text = ''
33 {
34 "title": "Etherpad",
35 "favicon": "favicon.ico",
36
37 "ip": "",
38 "port" : "${ecfg.sockets.node}",
39 "showSettingsInAdminPage" : false,
40 "dbType" : "postgres",
41 "dbSettings" : {
42 "user" : "${env.postgresql.user}",
43 "host" : "${env.postgresql.socket}",
44 "password": "${env.postgresql.password}",
45 "database": "${env.postgresql.database}",
46 "charset" : "utf8mb4"
47 },
48
49 "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
50 "padOptions": {
51 "noColors": false,
52 "showControls": true,
53 "showChat": true,
54 "showLineNumbers": true,
55 "useMonospaceFont": false,
56 "userName": false,
57 "userColor": false,
58 "rtl": false,
59 "alwaysShowChat": false,
60 "chatAndUsers": false,
61 "lang": "fr"
62 },
63
64 "suppressErrorsInPadText" : false,
65 "requireSession" : false,
66 "editOnly" : false,
67 "sessionNoPassword" : false,
68 "minify" : true,
69 "maxAge" : 21600,
70 "abiword" : null,
71 "soffice" : "${libreoffice}/bin/soffice",
72 "tidyHtml" : "",
73 "allowUnknownFileEnds" : true,
74 "requireAuthentication" : false,
75 "requireAuthorization" : false,
76 "trustProxy" : false,
77 "disableIPlogging" : false,
78 "automaticReconnectionTimeout" : 0,
79 "scrollWhenFocusLineIsOutOfViewport": {
80 "percentage": {
81 "editionAboveViewport": 0,
82 "editionBelowViewport": 0
83 },
84 "duration": 0,
85 "scrollWhenCaretIsInTheLastLineOfViewport": false,
86 "percentageToScrollWhenUserPressesArrowUp": 0
87 },
88 "users": {
89 "ldapauth": {
90 "url": "ldaps://${env.ldap.host}",
91 "accountBase": "${env.ldap.base}",
92 "accountPattern": "${env.ldap.filter}",
93 "displayNameAttribute": "cn",
94 "searchDN": "${env.ldap.dn}",
95 "searchPWD": "${env.ldap.password}",
96 "groupSearchBase": "${env.ldap.base}",
97 "groupAttribute": "member",
98 "groupAttributeIsDN": true,
99 "searchScope": "sub",
100 "groupSearch": "${env.ldap.group_filter}",
101 "anonymousReadonly": false
102 }
103 },
104 "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
105 "loadTest": false,
106 "indentationOnNewLine": false,
107 "toolbar": {
108 "left": [
109 ["bold", "italic", "underline", "strikethrough"],
110 ["orderedlist", "unorderedlist", "indent", "outdent"],
111 ["undo", "redo"],
112 ["clearauthorship"]
113 ],
114 "right": [
115 ["importexport", "timeslider", "savedrevision"],
116 ["settings", "embed"],
117 ["showusers"]
118 ],
119 "timeslider": [
120 ["timeslider_export", "timeslider_returnToPad"]
121 ]
122 },
123 "loglevel": "INFO",
124 "logconfig" : { "appenders": [ { "type": "console" } ] }
125 }
126 '';
127 }
128 ];
129 services.etherpad-lite = {
130 enable = true;
131 modules = builtins.attrValues pkgs.webapps.etherpad-lite-modules;
132 sessionKeyFile = "/var/secrets/webapps/tools-etherpad-sessionkey";
133 apiKeyFile = "/var/secrets/webapps/tools-etherpad-apikey";
134 configFile = "/var/secrets/webapps/tools-etherpad";
135 };
136
137 systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
138 # Needed so that they get in the closure
139 systemd.services.etherpad-lite.path = [ libreoffice pkgs.html-tidy ];
140
141 services.filesWatcher.etherpad-lite = {
142 restart = true;
143 paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ];
144 };
145
146 services.websites.env.tools.modules = [
147 "headers" "proxy" "proxy_http" "proxy_wstunnel"
148 ];
149 services.websites.env.tools.vhostConfs.etherpad-lite = {
150 certName = "eldiron";
151 addToCerts = true;
152 hosts = [ "ether.immae.eu" ];
153 root = null;
154 extraConfig = [ ''
155 Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
156 RequestHeader set X-Forwarded-Proto "https"
157
158 RewriteEngine On
159
160 RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" config.myEnv.tools.etherpad-lite.redirects}"
161 RewriteCond %{QUERY_STRING} "!noredirect"
162 RewriteCond %{REQUEST_URI} "^(.*)$"
163 RewriteCond ''${redirects:$1|Unknown} "!Unknown"
164 RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD]
165
166 RewriteCond %{REQUEST_URI} ^/socket.io [NC]
167 RewriteCond %{QUERY_STRING} transport=websocket [NC]
168 RewriteRule /(.*) unix://${ecfg.sockets.node}|ws://ether.immae.eu/$1 [P,NE,QSA,L]
169
170 <IfModule mod_proxy.c>
171 ProxyVia On
172 ProxyRequests Off
173 ProxyPreserveHost On
174 ProxyPass / unix://${ecfg.sockets.node}|http://ether.immae.eu/
175 ProxyPassReverse / unix://${ecfg.sockets.node}|http://ether.immae.eu/
176 <Proxy *>
177 Options FollowSymLinks MultiViews
178 AllowOverride None
179 Require all granted
180 </Proxy>
181 </IfModule>
182 '' ];
183 };
184 };
185 }
My infrastructure configuration