X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=systems%2Feldiron%2Fwebsites%2Fether%2Fdefault.nix;fp=modules%2Fprivate%2Fwebsites%2Ftools%2Fether%2Fdefault.nix;h=3993553319c150c56505c40813655abf20f5d0b2;hp=0539095e11e7c165b57d39272e25f754685f2381;hb=1a64deeb894dc95e2645a75771732c6cc53a79ad;hpb=fa25ffd4583cc362075cd5e1b4130f33306103f0

diff --git a/modules/private/websites/tools/ether/default.nix b/systems/eldiron/websites/ether/default.nix
similarity index 79%
rename from modules/private/websites/tools/ether/default.nix
rename to systems/eldiron/websites/ether/default.nix
index 0539095..3993553 100644
--- a/modules/private/websites/tools/ether/default.nix
+++ b/systems/eldiron/websites/ether/default.nix
@@ -1,10 +1,10 @@
-{ lib, pkgs, config,  ... }:
+{ lib, pkgs, config, nixpkgsRaw, etherpad-lite, ... }:
 let
   env = config.myEnv.tools.etherpad-lite;
   cfg = config.myServices.websites.tools.etherpad-lite;
   # Make sure we’re not rebuilding whole libreoffice just because of a
   # dependency
-  libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
+  libreoffice = nixpkgsRaw.libreoffice-fresh;
   ecfg = config.services.etherpad-lite;
 in {
   options.myServices.websites.tools.etherpad-lite = {
@@ -12,6 +12,32 @@ in {
   };
 
   config = lib.mkIf cfg.enable {
+    myServices.dns.zones."immae.eu".subdomains.ether =
+      with config.myServices.dns.helpers; ips servers.eldiron.ips.main;
+
+    myServices.chatonsProperties.services.etherpad = {
+      file.datetime = "2021-01-04T00:01:00";
+      service = {
+        name = "Etherpad";
+        description = "Éditeur de texte collaboratif en temps réel. on peut y écrire simultanément.";
+        website = "https://ether.immae.eu";
+        logo = "https://ether.immae.eu/favicon.ico";
+        status.level = "OK";
+        status.description = "OK";
+        registration."" = ["NONE" "MEMBER" "CLIENT"];
+        registration.load = "OPEN";
+        install.type = "PACKAGE";
+      };
+      software = {
+        name = "Etherpad";
+        website = "https://etherpad.org/";
+        license.url = "https://github.com/ether/etherpad-lite/blob/develop/LICENSE";
+        license.name = "Apache License Version 2.0";
+        version = ecfg.package.version;
+        source.url = "https://github.com/ether/etherpad-lite";
+        modules = ecfg.package.moduleNames;
+      };
+    };
     secrets.keys = {
       "webapps/tools-etherpad-apikey" = {
         permissions = "0400";
@@ -23,6 +49,7 @@ in {
       };
       "webapps/tools-etherpad" = {
         permissions = "0400";
+        keyDependencies = [ libreoffice ];
         text = ''
           {
             "title": "Etherpad",
@@ -61,7 +88,7 @@ in {
             "requireSession" : false,
             "editOnly" : false,
             "sessionNoPassword" : false,
-            "minify" : true,
+            "minify" : false,
             "maxAge" : 21600,
             "abiword" : null,
             "soffice" : "${libreoffice}/bin/soffice",
@@ -69,7 +96,7 @@ in {
             "allowUnknownFileEnds" : true,
             "requireAuthentication" : false,
             "requireAuthorization" : false,
-            "trustProxy" : false,
+            "trustProxy" : true,
             "disableIPlogging" : false,
             "automaticReconnectionTimeout" : 0,
             "scrollWhenFocusLineIsOutOfViewport": {
@@ -150,7 +177,7 @@ in {
     };
     services.etherpad-lite = {
       enable = true;
-      package = pkgs.webapps.etherpad-lite.withModules (p: [
+      package = etherpad-lite.withModules (p: [
         p.ep_align p.ep_bookmark p.ep_colors p.ep_comments_page
         p.ep_cursortrace p.ep_delete_empty_pads p.ep_embedmedia
         p.ep_font_size p.ep_headings2 p.ep_immae_buttons p.ep_ldapauth
@@ -166,6 +193,7 @@ in {
     };
 
     systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
+    systemd.services.etherpad-lite-cleanup.serviceConfig.SupplementaryGroups = "keys";
     # Needed so that they get in the closure
     systemd.services.etherpad-lite.path = [ libreoffice pkgs.html-tidy ];
 
@@ -177,9 +205,9 @@ in {
     services.websites.env.tools.modules = [
       "headers" "proxy" "proxy_http" "proxy_wstunnel"
     ];
+    security.acme.certs.eldiron.extraDomainNames = [ "ether.immae.eu" ];
     services.websites.env.tools.vhostConfs.etherpad-lite = {
       certName    = "eldiron";
-      addToCerts  = true;
       hosts       = [ "ether.immae.eu" ];
       root        = null;
       extraConfig = [ ''
@@ -188,12 +216,6 @@ in {
 
         RewriteEngine On
 
-        RewriteMap  redirects "txt:${pkgs.writeText "redirects.txt" config.myEnv.tools.etherpad-lite.redirects}"
-        RewriteCond %{QUERY_STRING}         "!noredirect"
-        RewriteCond %{REQUEST_URI}          "^(.*)$"
-        RewriteCond ''${redirects:$1|Unknown} "!Unknown"
-        RewriteRule "^(.*)$"                ''${redirects:$1}  [L,NE,R=301,QSD]
-
         RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
         RewriteCond %{QUERY_STRING} transport=websocket    [NC]
         RewriteRule /(.*)           unix://${ecfg.sockets.node}|ws://ether.immae.eu/$1 [P,NE,QSA,L]
@@ -212,5 +234,18 @@ in {
         </IfModule>
       '' ];
     };
+    myServices.monitoring.fromMasterActivatedPlugins = [ "http" ];
+    myServices.monitoring.fromMasterObjects.service = [
+      {
+        service_description = "etherpad website is running on ether.immae.eu";
+        host_name = config.hostEnv.fqdn;
+        use = "external-web-service";
+        check_command = ["check_https" "ether.immae.eu" "/" "<title>Etherpad"];
+
+        servicegroups = "webstatus-webapps";
+        _webstatus_name = "Etherpad";
+        _webstatus_url = "https://ether.immae.eu/";
+      }
+    ];
   };
 }