Squash changes containing private information

There were a lot of changes since the previous commit, but a lot of them contained personnal information about users. All thos changes got stashed into a single commit (history is kept in a different place) and private information was moved in a separate private repository
author: Ismaël Bouya <ismael.bouya@normalesup.org> 2023-10-04 01:35:06 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2023-10-04 02:11:48 +0200
commit: 1a64deeb894dc95e2645a75771732c6cc53a79ad (patch)
tree: 1b9df4838f894577a09b9b260151756272efeb53 /modules/private/websites/tools/ether
parent: fa25ffd4583cc362075cd5e1b4130f33306103f0 (diff)
download: Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz
Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst
Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip
1 files changed, 0 insertions, 216 deletions
diff --git a/modules/private/websites/tools/ether/default.nix b/modules/private/websites/tools/ether/default.nix
deleted file mode 100644
index 0539095..0000000
--- a/modules/private/websites/tools/ether/default.nix
+++ /dev/null
@@ -1,216 +0,0 @@
-{ lib, pkgs, config,  ... }:
-let
-  env = config.myEnv.tools.etherpad-lite;
-  cfg = config.myServices.websites.tools.etherpad-lite;
-  # Make sure we’re not rebuilding whole libreoffice just because of a
-  # dependency
-  libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
-  ecfg = config.services.etherpad-lite;
-in {
-  options.myServices.websites.tools.etherpad-lite = {
-    enable = lib.mkEnableOption "enable etherpad's website";
-  };
-  config = lib.mkIf cfg.enable {
-    secrets.keys = {
-      "webapps/tools-etherpad-apikey" = {
-        permissions = "0400";
-        text = env.api_key;
-      };
-      "webapps/tools-etherpad-sessionkey" = {
-        permissions = "0400";
-        text = env.session_key;
-      };
-      "webapps/tools-etherpad" = {
-        permissions = "0400";
-        text = ''
-          {
-            "title": "Etherpad",
-            "favicon": "favicon.ico",
-            "skinName": "colibris",
-            "skinVariants": "dark-toolbar light-background super-light-editor full-width-editor",
-            "ip": "",
-            "port" : "${ecfg.sockets.node}",
-            "showSettingsInAdminPage" : false,
-            "dbType" : "postgres",
-            "dbSettings" : {
-              "user"    : "${env.postgresql.user}",
-              "host"    : "${env.postgresql.socket}",
-              "password": "${env.postgresql.password}",
-              "database": "${env.postgresql.database}",
-              "charset" : "utf8mb4"
-            },
-            "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
-            "padOptions": {
-              "noColors": false,
-              "showControls": true,
-              "showChat": true,
-              "showLineNumbers": true,
-              "useMonospaceFont": false,
-              "userName": false,
-              "userColor": false,
-              "rtl": false,
-              "alwaysShowChat": false,
-              "chatAndUsers": false,
-              "lang": "fr"
-            },
-            "suppressErrorsInPadText" : false,
-            "requireSession" : false,
-            "editOnly" : false,
-            "sessionNoPassword" : false,
-            "minify" : true,
-            "maxAge" : 21600,
-            "abiword" : null,
-            "soffice" : "${libreoffice}/bin/soffice",
-            "tidyHtml" : "",
-            "allowUnknownFileEnds" : true,
-            "requireAuthentication" : false,
-            "requireAuthorization" : false,
-            "trustProxy" : false,
-            "disableIPlogging" : false,
-            "automaticReconnectionTimeout" : 0,
-            "scrollWhenFocusLineIsOutOfViewport": {
-              "percentage": {
-                "editionAboveViewport": 0,
-                "editionBelowViewport": 0
-              },
-              "duration": 0,
-              "scrollWhenCaretIsInTheLastLineOfViewport": false,
-              "percentageToScrollWhenUserPressesArrowUp": 0
-            },
-            "users": {
-              "admin": {
-                "password": "${env.adminPassword}",
-                "is_admin": true
-              },
-              "ldapauth": {
-                "hash": "invalid",
-                "url": "ldaps://${env.ldap.host}",
-                "accountBase": "${env.ldap.base}",
-                "accountPattern": "${env.ldap.filter}",
-                "displayNameAttribute": "cn",
-                "searchDN": "${env.ldap.dn}",
-                "searchPWD": "${env.ldap.password}",
-                "groupSearchBase": "${env.ldap.base}",
-                "groupAttribute": "member",
-                "groupAttributeIsDN": true,
-                "searchScope": "sub",
-                "groupSearch": "${env.ldap.group_filter}",
-                "anonymousReadonly": false
-              }
-            },
-            "ep_mypads": {
-              "warning": "This hash is stored in database, changing anything here will not have any consequence",
-              "ldap": {
-                "url": "ldaps://${env.ldap.host}",
-                "bindDN": "${env.ldap.dn}",
-                "bindCredentials": "${env.ldap.password}",
-                "searchBase": "${env.ldap.base}",
-                "searchFilter": "${env.ldap.filter}",
-                "properties": {
-                  "login": "uid",
-                  "email": "mail",
-                  "firstname": "givenName",
-                  "lastname": "sn"
-                },
-                "defaultLang": "fr"
-              }
-            },
-            "ep_comments_page": {
-              "displayCommentAsIcon": true,
-              "highlightSelectedText": true
-            },
-            "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
-            "loadTest": false,
-            "indentationOnNewLine": false,
-            "toolbar": {
-              "left": [
-                ["bold", "italic", "underline", "strikethrough"],
-                ["orderedlist", "unorderedlist", "indent", "outdent"],
-                ["undo", "redo"],
-                ["clearauthorship"]
-              ],
-              "right": [
-                ["importexport", "timeslider", "savedrevision"],
-                ["settings", "embed"],
-                ["showusers"]
-              ],
-              "timeslider": [
-                ["timeslider_export", "timeslider_returnToPad"]
-              ]
-            },
-            "loglevel": "INFO",
-            "logconfig" : { "appenders": [ { "type": "console" } ] }
-          }
-        '';
-      };
-    };
-    services.etherpad-lite = {
-      enable = true;
-      package = pkgs.webapps.etherpad-lite.withModules (p: [
-        p.ep_align p.ep_bookmark p.ep_colors p.ep_comments_page
-        p.ep_cursortrace p.ep_delete_empty_pads p.ep_embedmedia
-        p.ep_font_size p.ep_headings2 p.ep_immae_buttons p.ep_ldapauth
-        p.ep_line_height p.ep_markdown p.ep_mypads p.ep_page_view
-        p.ep_previewimages p.ep_ruler p.ep_scrollto
-        p.ep_set_title_on_pad p.ep_subscript_and_superscript
-        p.ep_timesliderdiff
-      ]);
-      modules = [];
-      sessionKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-sessionkey";
-      apiKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-apikey";
-      configFile = config.secrets.fullPaths."webapps/tools-etherpad";
-    };
-    systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
-    # Needed so that they get in the closure
-    systemd.services.etherpad-lite.path = [ libreoffice pkgs.html-tidy ];
-    services.filesWatcher.etherpad-lite = {
-      restart = true;
-      paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ];
-    };
-    services.websites.env.tools.modules = [
-      "headers" "proxy" "proxy_http" "proxy_wstunnel"
-    ];
-    services.websites.env.tools.vhostConfs.etherpad-lite = {
-      certName    = "eldiron";
-      addToCerts  = true;
-      hosts       = [ "ether.immae.eu" ];
-      root        = null;
-      extraConfig = [ ''
-        Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
-        RequestHeader set X-Forwarded-Proto "https"
-        RewriteEngine On
-        RewriteMap  redirects "txt:${pkgs.writeText "redirects.txt" config.myEnv.tools.etherpad-lite.redirects}"
-        RewriteCond %{QUERY_STRING}         "!noredirect"
-        RewriteCond %{REQUEST_URI}          "^(.*)$"
-        RewriteCond ''${redirects:$1|Unknown} "!Unknown"
-        RewriteRule "^(.*)$"                ''${redirects:$1}  [L,NE,R=301,QSD]
-        RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
-        RewriteCond %{QUERY_STRING} transport=websocket    [NC]
-        RewriteRule /(.*)           unix://${ecfg.sockets.node}|ws://ether.immae.eu/$1 [P,NE,QSA,L]
-        <IfModule mod_proxy.c>
-          ProxyVia On
-          ProxyRequests Off
-          ProxyPreserveHost On
-          ProxyPass         / unix://${ecfg.sockets.node}|http://ether.immae.eu/
-          ProxyPassReverse  / unix://${ecfg.sockets.node}|http://ether.immae.eu/
-          <Proxy *>
-            Options FollowSymLinks MultiViews
-            AllowOverride None
-            Require all granted
-          </Proxy>
-        </IfModule>
-      '' ];
-    };
-  };
-}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2023-10-04 01:35:06 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2023-10-04 02:11:48 +0200
commit	1a64deeb894dc95e2645a75771732c6cc53a79ad (patch)
tree	1b9df4838f894577a09b9b260151756272efeb53 /modules/private/websites/tools/ether
parent	fa25ffd4583cc362075cd5e1b4130f33306103f0 (diff)
download	Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip

diff --git a/modules/private/websites/tools/ether/default.nix b/modules/private/websites/tools/ether/default.nix deleted file mode 100644 index 0539095..0000000 --- a/modules/private/websites/tools/ether/default.nix +++ /dev/null
@@ -1,216 +0,0 @@
1	{ lib, pkgs, config, ... }:
2	let
3	env = config.myEnv.tools.etherpad-lite;
4	cfg = config.myServices.websites.tools.etherpad-lite;
5	# Make sure we’re not rebuilding whole libreoffice just because of a
6	# dependency
7	libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
8	ecfg = config.services.etherpad-lite;
9	in {
10	options.myServices.websites.tools.etherpad-lite = {
11	enable = lib.mkEnableOption "enable etherpad's website";
12	};
13
14	config = lib.mkIf cfg.enable {
15	secrets.keys = {
16	"webapps/tools-etherpad-apikey" = {
17	permissions = "0400";
18	text = env.api_key;
19	};
20	"webapps/tools-etherpad-sessionkey" = {
21	permissions = "0400";
22	text = env.session_key;
23	};
24	"webapps/tools-etherpad" = {
25	permissions = "0400";
26	text = ''
27	{
28	"title": "Etherpad",
29	"favicon": "favicon.ico",
30	"skinName": "colibris",
31	"skinVariants": "dark-toolbar light-background super-light-editor full-width-editor",
32
33	"ip": "",
34	"port" : "${ecfg.sockets.node}",
35	"showSettingsInAdminPage" : false,
36	"dbType" : "postgres",
37	"dbSettings" : {
38	"user" : "${env.postgresql.user}",
39	"host" : "${env.postgresql.socket}",
40	"password": "${env.postgresql.password}",
41	"database": "${env.postgresql.database}",
42	"charset" : "utf8mb4"
43	},
44
45	"defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
46	"padOptions": {
47	"noColors": false,
48	"showControls": true,
49	"showChat": true,
50	"showLineNumbers": true,
51	"useMonospaceFont": false,
52	"userName": false,
53	"userColor": false,
54	"rtl": false,
55	"alwaysShowChat": false,
56	"chatAndUsers": false,
57	"lang": "fr"
58	},
59
60	"suppressErrorsInPadText" : false,
61	"requireSession" : false,
62	"editOnly" : false,
63	"sessionNoPassword" : false,
64	"minify" : true,
65	"maxAge" : 21600,
66	"abiword" : null,
67	"soffice" : "${libreoffice}/bin/soffice",
68	"tidyHtml" : "",
69	"allowUnknownFileEnds" : true,
70	"requireAuthentication" : false,
71	"requireAuthorization" : false,
72	"trustProxy" : false,
73	"disableIPlogging" : false,
74	"automaticReconnectionTimeout" : 0,
75	"scrollWhenFocusLineIsOutOfViewport": {
76	"percentage": {
77	"editionAboveViewport": 0,
78	"editionBelowViewport": 0
79	},
80	"duration": 0,
81	"scrollWhenCaretIsInTheLastLineOfViewport": false,
82	"percentageToScrollWhenUserPressesArrowUp": 0
83	},
84	"users": {
85	"admin": {
86	"password": "${env.adminPassword}",
87	"is_admin": true
88	},
89	"ldapauth": {
90	"hash": "invalid",
91	"url": "ldaps://${env.ldap.host}",
92	"accountBase": "${env.ldap.base}",
93	"accountPattern": "${env.ldap.filter}",
94	"displayNameAttribute": "cn",
95	"searchDN": "${env.ldap.dn}",
96	"searchPWD": "${env.ldap.password}",
97	"groupSearchBase": "${env.ldap.base}",
98	"groupAttribute": "member",
99	"groupAttributeIsDN": true,
100	"searchScope": "sub",
101	"groupSearch": "${env.ldap.group_filter}",
102	"anonymousReadonly": false
103	}
104	},
105	"ep_mypads": {
106	"warning": "This hash is stored in database, changing anything here will not have any consequence",
107	"ldap": {
108	"url": "ldaps://${env.ldap.host}",
109	"bindDN": "${env.ldap.dn}",
110	"bindCredentials": "${env.ldap.password}",
111	"searchBase": "${env.ldap.base}",
112	"searchFilter": "${env.ldap.filter}",
113	"properties": {
114	"login": "uid",
115	"email": "mail",
116	"firstname": "givenName",
117	"lastname": "sn"
118	},
119	"defaultLang": "fr"
120	}
121	},
122	"ep_comments_page": {
123	"displayCommentAsIcon": true,
124	"highlightSelectedText": true
125	},
126	"socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
127	"loadTest": false,
128	"indentationOnNewLine": false,
129	"toolbar": {
130	"left": [
131	["bold", "italic", "underline", "strikethrough"],
132	["orderedlist", "unorderedlist", "indent", "outdent"],
133	["undo", "redo"],
134	["clearauthorship"]
135	],
136	"right": [
137	["importexport", "timeslider", "savedrevision"],
138	["settings", "embed"],
139	["showusers"]
140	],
141	"timeslider": [
142	["timeslider_export", "timeslider_returnToPad"]
143	]
144	},
145	"loglevel": "INFO",
146	"logconfig" : { "appenders": [ { "type": "console" } ] }
147	}
148	'';
149	};
150	};
151	services.etherpad-lite = {
152	enable = true;
153	package = pkgs.webapps.etherpad-lite.withModules (p: [
154	p.ep_align p.ep_bookmark p.ep_colors p.ep_comments_page
155	p.ep_cursortrace p.ep_delete_empty_pads p.ep_embedmedia
156	p.ep_font_size p.ep_headings2 p.ep_immae_buttons p.ep_ldapauth
157	p.ep_line_height p.ep_markdown p.ep_mypads p.ep_page_view
158	p.ep_previewimages p.ep_ruler p.ep_scrollto
159	p.ep_set_title_on_pad p.ep_subscript_and_superscript
160	p.ep_timesliderdiff
161	]);
162	modules = [];
163	sessionKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-sessionkey";
164	apiKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-apikey";
165	configFile = config.secrets.fullPaths."webapps/tools-etherpad";
166	};
167
168	systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
169	# Needed so that they get in the closure
170	systemd.services.etherpad-lite.path = [ libreoffice pkgs.html-tidy ];
171
172	services.filesWatcher.etherpad-lite = {
173	restart = true;
174	paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ];
175	};
176
177	services.websites.env.tools.modules = [
178	"headers" "proxy" "proxy_http" "proxy_wstunnel"
179	];
180	services.websites.env.tools.vhostConfs.etherpad-lite = {
181	certName = "eldiron";
182	addToCerts = true;
183	hosts = [ "ether.immae.eu" ];
184	root = null;
185	extraConfig = [ ''
186	Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
187	RequestHeader set X-Forwarded-Proto "https"
188
189	RewriteEngine On
190
191	RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" config.myEnv.tools.etherpad-lite.redirects}"
192	RewriteCond %{QUERY_STRING} "!noredirect"
193	RewriteCond %{REQUEST_URI} "^(.*)$"
194	RewriteCond ''${redirects:$1\|Unknown} "!Unknown"
195	RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD]
196
197	RewriteCond %{REQUEST_URI} ^/socket.io [NC]
198	RewriteCond %{QUERY_STRING} transport=websocket [NC]
199	RewriteRule /(.*) unix://${ecfg.sockets.node}\|ws://ether.immae.eu/$1 [P,NE,QSA,L]
200
201	<IfModule mod_proxy.c>
202	ProxyVia On
203	ProxyRequests Off
204	ProxyPreserveHost On
205	ProxyPass / unix://${ecfg.sockets.node}\|http://ether.immae.eu/
206	ProxyPassReverse / unix://${ecfg.sockets.node}\|http://ether.immae.eu/
207	<Proxy *>
208	Options FollowSymLinks MultiViews
209	AllowOverride None
210	Require all granted
211	</Proxy>
212	</IfModule>
213	'' ];
214	};
215	};
216	}