--- /dev/null
+{ lib, pkgs, config, myconfig, mylibs, ... }:
+let
+ etherpad = pkgs.callPackage ./etherpad_lite.nix {
+ inherit (mylibs) fetchedGithub;
+ env = myconfig.env.tools.etherpad-lite;
+ };
+
+ cfg = config.services.myWebsites.tools.etherpad-lite;
+in {
+ options.services.myWebsites.tools.etherpad-lite = {
+ enable = lib.mkEnableOption "enable etherpad's website";
+ };
+
+ config = lib.mkIf cfg.enable {
+ systemd.services.etherpad-lite = {
+ description = "Etherpad-lite";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" "postgresql.service" ];
+ wants = [ "postgresql.service" ];
+
+ environment.NODE_ENV = "production";
+ environment.HOME = etherpad.webappDir;
+
+ path = [ pkgs.nodejs ];
+
+ script = ''
+ exec ${pkgs.nodejs}/bin/node ${etherpad.webappDir}/src/node/server.js \
+ --settings ${etherpad.config}
+ '';
+
+ serviceConfig = {
+ DynamicUser = true;
+ User = "etherpad-lite";
+ Group = "etherpad-lite";
+ WorkingDirectory = etherpad.webappDir;
+ PrivateTmp = true;
+ NoNewPrivileges = true;
+ PrivateDevices = true;
+ ProtectHome = true;
+ ProtectControlGroups = true;
+ ProtectKernelModules = true;
+ Restart = "always";
+ Type = "simple";
+ TimeoutSec = 60;
+ };
+ };
+
+ services.myWebsites.tools.modules = [
+ "headers" "proxy" "proxy_http" "proxy_wstunnel"
+ ];
+ security.acme.certs."eldiron".extraDomains."ether.immae.eu" = null;
+ services.myWebsites.tools.vhostConfs.etherpad-lite = {
+ certName = "eldiron";
+ hosts = [ "ether.immae.eu" ];
+ root = null;
+ extraConfig = [ ''
+ Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
+ RequestHeader set X-Forwarded-Proto "https"
+
+ RewriteEngine On
+
+ RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" myconfig.env.tools.etherpad-lite.redirects}"
+ RewriteCond %{QUERY_STRING} "!noredirect"
+ RewriteCond %{REQUEST_URI} "^(.*)$"
+ RewriteCond ''${redirects:$1|Unknown} "!Unknown"
+ RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD]
+
+ RewriteCond %{REQUEST_URI} ^/socket.io [NC]
+ RewriteCond %{QUERY_STRING} transport=websocket [NC]
+ RewriteRule /(.*) ws://localhost:${etherpad.listenPort}/$1 [P,L]
+
+ <IfModule mod_proxy.c>
+ ProxyVia On
+ ProxyRequests Off
+ ProxyPreserveHost On
+ ProxyPass / http://localhost:${etherpad.listenPort}/
+ ProxyPassReverse / http://localhost:${etherpad.listenPort}/
+ ProxyPass /socket.io ws://localhost:${etherpad.listenPort}/socket.io
+ ProxyPassReverse /socket.io ws://localhost:${etherpad.listenPort}/socket.io
+ <Proxy *>
+ Options FollowSymLinks MultiViews
+ AllowOverride None
+ Require all granted
+ </Proxy>
+ </IfModule>
+ '' ];
+ };
+ };
+}
--- /dev/null
+{ env, fetchedGithub, fetchurl, stdenv, writeText, pkgs, cacert }:
+let
+ listenPort = "18001";
+ sessionkey = writeText "SESSIONKEY.txt" env.session_key;
+ apikey = writeText "APIKEY.txt" env.api_key;
+ jquery = fetchurl {
+ url = https://code.jquery.com/jquery-1.9.1.js;
+ sha256 = "0h4dk67yc9d0kadqxb6b33585f3x3559p6qmp70l00qwq030vn3v";
+ };
+ etherpad_modules = [
+ "ep_aa_file_menu_toolbar"
+ "ep_adminpads"
+ "ep_align"
+ "ep_bookmark"
+ "ep_clear_formatting"
+ "ep_colors"
+ "ep_copy_paste_select_all"
+ "ep_cursortrace"
+ "ep_embedmedia"
+ "ep_font_family"
+ "ep_font_size"
+ "ep_headings2"
+ "ep_ldapauth"
+ "ep_line_height"
+ "ep_markdown"
+ "ep_previewimages"
+ "ep_ruler"
+ "ep_scrollto"
+ "ep_set_title_on_pad"
+ "ep_subscript_and_superscript"
+ "ep_timesliderdiff"
+ ];
+ config =
+ # Make sure we’re not rebuilding whole libreoffice just because of a
+ # dependency
+ let libreoffice = (import <nixpkgs> {}).libreoffice-fresh;
+ in
+ writeText "settings.json" ''
+ {
+ "title": "Etherpad",
+ "favicon": "favicon.ico",
+
+ "ip": "127.0.0.1",
+ "port" : ${listenPort},
+ "showSettingsInAdminPage" : false,
+ "dbType" : "postgres",
+ "dbSettings" : {
+ "user" : "${env.postgresql.user}",
+ "host" : "${env.postgresql.socket}",
+ "password": "${env.postgresql.password}",
+ "database": "${env.postgresql.database}",
+ "charset" : "utf8mb4"
+ },
+
+ "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
+ "padOptions": {
+ "noColors": false,
+ "showControls": true,
+ "showChat": true,
+ "showLineNumbers": true,
+ "useMonospaceFont": false,
+ "userName": false,
+ "userColor": false,
+ "rtl": false,
+ "alwaysShowChat": false,
+ "chatAndUsers": false,
+ "lang": "en-gb"
+ },
+
+ "suppressErrorsInPadText" : false,
+ "requireSession" : false,
+ "editOnly" : false,
+ "sessionNoPassword" : false,
+ "minify" : true,
+ "maxAge" : 21600,
+ "abiword" : null,
+ "soffice" : "${libreoffice}/bin/soffice",
+ "tidyHtml" : "${pkgs.html-tidy}/bin/tidy",
+ "allowUnknownFileEnds" : true,
+ "requireAuthentication" : false,
+ "requireAuthorization" : false,
+ "trustProxy" : false,
+ "disableIPlogging" : false,
+ "automaticReconnectionTimeout" : 0,
+ "scrollWhenFocusLineIsOutOfViewport": {
+ "percentage": {
+ "editionAboveViewport": 0,
+ "editionBelowViewport": 0
+ },
+ "duration": 0,
+ "scrollWhenCaretIsInTheLastLineOfViewport": false,
+ "percentageToScrollWhenUserPressesArrowUp": 0
+ },
+ "users": {
+ "ldapauth": {
+ "url": "ldaps://${env.ldap.host}",
+ "accountBase": "${env.ldap.base}",
+ "accountPattern": "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))",
+ "displayNameAttribute": "cn",
+ "searchDN": "cn=etherpad,ou=services,dc=immae,dc=eu",
+ "searchPWD": "${env.ldap.password}",
+ "groupSearchBase": "${env.ldap.base}",
+ "groupAttribute": "member",
+ "groupAttributeIsDN": true,
+ "searchScope": "sub",
+ "groupSearch": "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)",
+ "anonymousReadonly": false
+ }
+ },
+ "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
+ "loadTest": false,
+ "indentationOnNewLine": false,
+ "toolbar": {
+ "left": [
+ ["bold", "italic", "underline", "strikethrough"],
+ ["orderedlist", "unorderedlist", "indent", "outdent"],
+ ["undo", "redo"],
+ ["clearauthorship"]
+ ],
+ "right": [
+ ["importexport", "timeslider", "savedrevision"],
+ ["settings", "embed"],
+ ["showusers"]
+ ],
+ "timeslider": [
+ ["timeslider_export", "timeslider_returnToPad"]
+ ]
+ },
+ "loglevel": "INFO",
+ "logconfig" : { "appenders": [ { "type": "console" } ] }
+ }
+ '';
+ webappDir = stdenv.mkDerivation (fetchedGithub ./etherpad-lite.json // rec {
+ __noChroot = true;
+ patches = [ ./libreoffice_patch.diff ];
+ buildPhase = ''
+ export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
+ export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
+ export HOME=$PWD
+
+ touch src/.ep_initialized
+ cp -v src/static/custom/js.template src/static/custom/index.js
+ cp -v src/static/custom/js.template src/static/custom/pad.js
+ cp -v src/static/custom/js.template src/static/custom/timeslider.js
+ cp -v src/static/custom/css.template src/static/custom/index.css
+ cp -v src/static/custom/css.template src/static/custom/pad.css
+ cp -v src/static/custom/css.template src/static/custom/timeslider.css
+
+ sed -i 's/var\/dirty.db/\/var\/lib\/etherpad-lite\/dirty.db/g' \
+ settings.json.template
+
+ mkdir -v node_modules
+ ln -s ../src node_modules/ep_etherpad-lite
+
+ node bin/doc/generate doc/index.md --format=html \
+ --template=doc/template.html > documentation.html
+
+ cd src
+ npm install
+ cd ..
+ ${builtins.concatStringsSep "\n"
+ (map (n: "npm install ${n}; touch node_modules/${n}/.ep_initialized") etherpad_modules)}
+ '';
+ installPhase = ''
+ mkdir -p $out
+ install -t $out/src/ -vDm 644 src/.ep_initialized
+ cp -a node_modules $out/
+ cp -a src/* $out/src/
+ ln -sf ${sessionkey} $out/SESSIONKEY.txt
+ ln -sf ${apikey} $out/APIKEY.txt
+ cp ${jquery} $out/src/static/js/jquery.js
+
+ mkdir $out/doc
+ install -t "$out/doc/" \
+ -vDm 644 {CHANGELOG,CONTRIBUTING,README}.md \
+ -vDm 644 documentation.html
+ '';
+ buildInputs = [ pkgs.nodejs pkgs.python ];
+ });
+in
+ {
+ inherit webappDir config listenPort;
+ }
projects / perso / Immae / Config / Nix.git / commitdiff
