aboutsummaryrefslogtreecommitdiff
path: root/modules/private/websites/tools/ether
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2023-10-04 01:35:06 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2023-10-04 02:11:48 +0200
commit1a64deeb894dc95e2645a75771732c6cc53a79ad (patch)
tree1b9df4838f894577a09b9b260151756272efeb53 /modules/private/websites/tools/ether
parentfa25ffd4583cc362075cd5e1b4130f33306103f0 (diff)
downloadNix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz
Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst
Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip
Squash changes containing private information
There were a lot of changes since the previous commit, but a lot of them contained personnal information about users. All thos changes got stashed into a single commit (history is kept in a different place) and private information was moved in a separate private repository
Diffstat (limited to 'modules/private/websites/tools/ether')
-rw-r--r--modules/private/websites/tools/ether/default.nix216
1 files changed, 0 insertions, 216 deletions
diff --git a/modules/private/websites/tools/ether/default.nix b/modules/private/websites/tools/ether/default.nix
deleted file mode 100644
index 0539095..0000000
--- a/modules/private/websites/tools/ether/default.nix
+++ /dev/null
@@ -1,216 +0,0 @@
1{ lib, pkgs, config, ... }:
2let
3 env = config.myEnv.tools.etherpad-lite;
4 cfg = config.myServices.websites.tools.etherpad-lite;
5 # Make sure we’re not rebuilding whole libreoffice just because of a
6 # dependency
7 libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
8 ecfg = config.services.etherpad-lite;
9in {
10 options.myServices.websites.tools.etherpad-lite = {
11 enable = lib.mkEnableOption "enable etherpad's website";
12 };
13
14 config = lib.mkIf cfg.enable {
15 secrets.keys = {
16 "webapps/tools-etherpad-apikey" = {
17 permissions = "0400";
18 text = env.api_key;
19 };
20 "webapps/tools-etherpad-sessionkey" = {
21 permissions = "0400";
22 text = env.session_key;
23 };
24 "webapps/tools-etherpad" = {
25 permissions = "0400";
26 text = ''
27 {
28 "title": "Etherpad",
29 "favicon": "favicon.ico",
30 "skinName": "colibris",
31 "skinVariants": "dark-toolbar light-background super-light-editor full-width-editor",
32
33 "ip": "",
34 "port" : "${ecfg.sockets.node}",
35 "showSettingsInAdminPage" : false,
36 "dbType" : "postgres",
37 "dbSettings" : {
38 "user" : "${env.postgresql.user}",
39 "host" : "${env.postgresql.socket}",
40 "password": "${env.postgresql.password}",
41 "database": "${env.postgresql.database}",
42 "charset" : "utf8mb4"
43 },
44
45 "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
46 "padOptions": {
47 "noColors": false,
48 "showControls": true,
49 "showChat": true,
50 "showLineNumbers": true,
51 "useMonospaceFont": false,
52 "userName": false,
53 "userColor": false,
54 "rtl": false,
55 "alwaysShowChat": false,
56 "chatAndUsers": false,
57 "lang": "fr"
58 },
59
60 "suppressErrorsInPadText" : false,
61 "requireSession" : false,
62 "editOnly" : false,
63 "sessionNoPassword" : false,
64 "minify" : true,
65 "maxAge" : 21600,
66 "abiword" : null,
67 "soffice" : "${libreoffice}/bin/soffice",
68 "tidyHtml" : "",
69 "allowUnknownFileEnds" : true,
70 "requireAuthentication" : false,
71 "requireAuthorization" : false,
72 "trustProxy" : false,
73 "disableIPlogging" : false,
74 "automaticReconnectionTimeout" : 0,
75 "scrollWhenFocusLineIsOutOfViewport": {
76 "percentage": {
77 "editionAboveViewport": 0,
78 "editionBelowViewport": 0
79 },
80 "duration": 0,
81 "scrollWhenCaretIsInTheLastLineOfViewport": false,
82 "percentageToScrollWhenUserPressesArrowUp": 0
83 },
84 "users": {
85 "admin": {
86 "password": "${env.adminPassword}",
87 "is_admin": true
88 },
89 "ldapauth": {
90 "hash": "invalid",
91 "url": "ldaps://${env.ldap.host}",
92 "accountBase": "${env.ldap.base}",
93 "accountPattern": "${env.ldap.filter}",
94 "displayNameAttribute": "cn",
95 "searchDN": "${env.ldap.dn}",
96 "searchPWD": "${env.ldap.password}",
97 "groupSearchBase": "${env.ldap.base}",
98 "groupAttribute": "member",
99 "groupAttributeIsDN": true,
100 "searchScope": "sub",
101 "groupSearch": "${env.ldap.group_filter}",
102 "anonymousReadonly": false
103 }
104 },
105 "ep_mypads": {
106 "warning": "This hash is stored in database, changing anything here will not have any consequence",
107 "ldap": {
108 "url": "ldaps://${env.ldap.host}",
109 "bindDN": "${env.ldap.dn}",
110 "bindCredentials": "${env.ldap.password}",
111 "searchBase": "${env.ldap.base}",
112 "searchFilter": "${env.ldap.filter}",
113 "properties": {
114 "login": "uid",
115 "email": "mail",
116 "firstname": "givenName",
117 "lastname": "sn"
118 },
119 "defaultLang": "fr"
120 }
121 },
122 "ep_comments_page": {
123 "displayCommentAsIcon": true,
124 "highlightSelectedText": true
125 },
126 "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
127 "loadTest": false,
128 "indentationOnNewLine": false,
129 "toolbar": {
130 "left": [
131 ["bold", "italic", "underline", "strikethrough"],
132 ["orderedlist", "unorderedlist", "indent", "outdent"],
133 ["undo", "redo"],
134 ["clearauthorship"]
135 ],
136 "right": [
137 ["importexport", "timeslider", "savedrevision"],
138 ["settings", "embed"],
139 ["showusers"]
140 ],
141 "timeslider": [
142 ["timeslider_export", "timeslider_returnToPad"]
143 ]
144 },
145 "loglevel": "INFO",
146 "logconfig" : { "appenders": [ { "type": "console" } ] }
147 }
148 '';
149 };
150 };
151 services.etherpad-lite = {
152 enable = true;
153 package = pkgs.webapps.etherpad-lite.withModules (p: [
154 p.ep_align p.ep_bookmark p.ep_colors p.ep_comments_page
155 p.ep_cursortrace p.ep_delete_empty_pads p.ep_embedmedia
156 p.ep_font_size p.ep_headings2 p.ep_immae_buttons p.ep_ldapauth
157 p.ep_line_height p.ep_markdown p.ep_mypads p.ep_page_view
158 p.ep_previewimages p.ep_ruler p.ep_scrollto
159 p.ep_set_title_on_pad p.ep_subscript_and_superscript
160 p.ep_timesliderdiff
161 ]);
162 modules = [];
163 sessionKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-sessionkey";
164 apiKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-apikey";
165 configFile = config.secrets.fullPaths."webapps/tools-etherpad";
166 };
167
168 systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
169 # Needed so that they get in the closure
170 systemd.services.etherpad-lite.path = [ libreoffice pkgs.html-tidy ];
171
172 services.filesWatcher.etherpad-lite = {
173 restart = true;
174 paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ];
175 };
176
177 services.websites.env.tools.modules = [
178 "headers" "proxy" "proxy_http" "proxy_wstunnel"
179 ];
180 services.websites.env.tools.vhostConfs.etherpad-lite = {
181 certName = "eldiron";
182 addToCerts = true;
183 hosts = [ "ether.immae.eu" ];
184 root = null;
185 extraConfig = [ ''
186 Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
187 RequestHeader set X-Forwarded-Proto "https"
188
189 RewriteEngine On
190
191 RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" config.myEnv.tools.etherpad-lite.redirects}"
192 RewriteCond %{QUERY_STRING} "!noredirect"
193 RewriteCond %{REQUEST_URI} "^(.*)$"
194 RewriteCond ''${redirects:$1|Unknown} "!Unknown"
195 RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD]
196
197 RewriteCond %{REQUEST_URI} ^/socket.io [NC]
198 RewriteCond %{QUERY_STRING} transport=websocket [NC]
199 RewriteRule /(.*) unix://${ecfg.sockets.node}|ws://ether.immae.eu/$1 [P,NE,QSA,L]
200
201 <IfModule mod_proxy.c>
202 ProxyVia On
203 ProxyRequests Off
204 ProxyPreserveHost On
205 ProxyPass / unix://${ecfg.sockets.node}|http://ether.immae.eu/
206 ProxyPassReverse / unix://${ecfg.sockets.node}|http://ether.immae.eu/
207 <Proxy *>
208 Options FollowSymLinks MultiViews
209 AllowOverride None
210 Require all granted
211 </Proxy>
212 </IfModule>
213 '' ];
214 };
215 };
216}