Move websites/tools to modules

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-22 20:01:33 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-22 20:01:33 +0200
commit: 4288c2f2431fb782b0d512b1b3749187f2374b6a (patch)
tree: aaf812414f91d6b695a7507265e7572de8dc477c /modules/private/websites/tools/ether
parent: f40f5b235b890f46770a22f005f8a0f664cf0562 (diff)
download: Nix-4288c2f2431fb782b0d512b1b3749187f2374b6a.tar.gz
Nix-4288c2f2431fb782b0d512b1b3749187f2374b6a.tar.zst
Nix-4288c2f2431fb782b0d512b1b3749187f2374b6a.zip
1 files changed, 175 insertions, 0 deletions
diff --git a/modules/private/websites/tools/ether/default.nix b/modules/private/websites/tools/ether/default.nix
new file mode 100644
index 0000000..ebcbf61
--- /dev/null
+++ b/modules/private/websites/tools/ether/default.nix
@@ -0,0 +1,175 @@
+{ lib, pkgs, config, myconfig,  ... }:
+let
+  env = myconfig.env.tools.etherpad-lite;
+  cfg = config.myServices.websites.tools.etherpad-lite;
+  # Make sure we’re not rebuilding whole libreoffice just because of a
+  # dependency
+  libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
+  ecfg = config.services.etherpad-lite;
+in {
+  options.myServices.websites.tools.etherpad-lite = {
+    enable = lib.mkEnableOption "enable etherpad's website";
+  };
+  config = lib.mkIf cfg.enable {
+    secrets.keys = [
+      {
+        dest = "webapps/tools-etherpad-apikey";
+        permissions = "0400";
+        text = env.api_key;
+      }
+      {
+        dest = "webapps/tools-etherpad-sessionkey";
+        permissions = "0400";
+        text = env.session_key;
+      }
+      {
+        dest = "webapps/tools-etherpad";
+        permissions = "0400";
+        text = ''
+          {
+            "title": "Etherpad",
+            "favicon": "favicon.ico",
+            "ip": "",
+            "port" : "${ecfg.sockets.node}",
+            "showSettingsInAdminPage" : false,
+            "dbType" : "postgres",
+            "dbSettings" : {
+              "user"    : "${env.postgresql.user}",
+              "host"    : "${env.postgresql.socket}",
+              "password": "${env.postgresql.password}",
+              "database": "${env.postgresql.database}",
+              "charset" : "utf8mb4"
+            },
+            "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
+            "padOptions": {
+              "noColors": false,
+              "showControls": true,
+              "showChat": true,
+              "showLineNumbers": true,
+              "useMonospaceFont": false,
+              "userName": false,
+              "userColor": false,
+              "rtl": false,
+              "alwaysShowChat": false,
+              "chatAndUsers": false,
+              "lang": "en-gb"
+            },
+            "suppressErrorsInPadText" : false,
+            "requireSession" : false,
+            "editOnly" : false,
+            "sessionNoPassword" : false,
+            "minify" : true,
+            "maxAge" : 21600,
+            "abiword" : null,
+            "soffice" : "${libreoffice}/bin/soffice",
+            "tidyHtml" : "${pkgs.html-tidy}/bin/tidy",
+            "allowUnknownFileEnds" : true,
+            "requireAuthentication" : false,
+            "requireAuthorization" : false,
+            "trustProxy" : false,
+            "disableIPlogging" : false,
+            "automaticReconnectionTimeout" : 0,
+            "scrollWhenFocusLineIsOutOfViewport": {
+              "percentage": {
+                "editionAboveViewport": 0,
+                "editionBelowViewport": 0
+              },
+              "duration": 0,
+              "scrollWhenCaretIsInTheLastLineOfViewport": false,
+              "percentageToScrollWhenUserPressesArrowUp": 0
+            },
+            "users": {
+              "ldapauth": {
+                "url": "ldaps://${env.ldap.host}",
+                "accountBase": "${env.ldap.base}",
+                "accountPattern": "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))",
+                "displayNameAttribute": "cn",
+                "searchDN": "cn=etherpad,ou=services,dc=immae,dc=eu",
+                "searchPWD": "${env.ldap.password}",
+                "groupSearchBase": "${env.ldap.base}",
+                "groupAttribute": "member",
+                "groupAttributeIsDN": true,
+                "searchScope": "sub",
+                "groupSearch": "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)",
+                "anonymousReadonly": false
+              }
+            },
+            "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
+            "loadTest": false,
+            "indentationOnNewLine": false,
+            "toolbar": {
+              "left": [
+                ["bold", "italic", "underline", "strikethrough"],
+                ["orderedlist", "unorderedlist", "indent", "outdent"],
+                ["undo", "redo"],
+                ["clearauthorship"]
+              ],
+              "right": [
+                ["importexport", "timeslider", "savedrevision"],
+                ["settings", "embed"],
+                ["showusers"]
+              ],
+              "timeslider": [
+                ["timeslider_export", "timeslider_returnToPad"]
+              ]
+            },
+            "loglevel": "INFO",
+            "logconfig" : { "appenders": [ { "type": "console" } ] }
+          }
+        '';
+      }
+    ];
+    services.etherpad-lite = {
+      enable = true;
+      modules = builtins.attrValues pkgs.webapps.etherpad-lite-modules;
+      sessionKeyFile = "/var/secrets/webapps/tools-etherpad-sessionkey";
+      apiKeyFile = "/var/secrets/webapps/tools-etherpad-apikey";
+      configFile = "/var/secrets/webapps/tools-etherpad";
+    };
+    systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
+    services.websites.tools.modules = [
+      "headers" "proxy" "proxy_http" "proxy_wstunnel"
+    ];
+    services.websites.tools.vhostConfs.etherpad-lite = {
+      certName    = "eldiron";
+      addToCerts  = true;
+      hosts       = [ "ether.immae.eu" ];
+      root        = null;
+      extraConfig = [ ''
+        Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
+        RequestHeader set X-Forwarded-Proto "https"
+        RewriteEngine On
+        RewriteMap  redirects "txt:${pkgs.writeText "redirects.txt" myconfig.env.tools.etherpad-lite.redirects}"
+        RewriteCond %{QUERY_STRING}         "!noredirect"
+        RewriteCond %{REQUEST_URI}          "^(.*)$"
+        RewriteCond ''${redirects:$1|Unknown} "!Unknown"
+        RewriteRule "^(.*)$"                ''${redirects:$1}  [L,NE,R=301,QSD]
+        RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
+        RewriteCond %{QUERY_STRING} transport=websocket    [NC]
+        RewriteRule /(.*)           unix://${ecfg.sockets.node}|ws://ether.immae.eu/$1 [P,NE,QSA,L]
+        <IfModule mod_proxy.c>
+          ProxyVia On
+          ProxyRequests Off
+          ProxyPreserveHost On
+          ProxyPass         / unix://${ecfg.sockets.node}|http://ether.immae.eu/
+          ProxyPassReverse  / unix://${ecfg.sockets.node}|http://ether.immae.eu/
+          <Proxy *>
+            Options FollowSymLinks MultiViews
+            AllowOverride None
+            Require all granted
+          </Proxy>
+        </IfModule>
+      '' ];
+    };
+  };
+}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-22 20:01:33 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-22 20:01:33 +0200
commit	4288c2f2431fb782b0d512b1b3749187f2374b6a (patch)
tree	aaf812414f91d6b695a7507265e7572de8dc477c /modules/private/websites/tools/ether
parent	f40f5b235b890f46770a22f005f8a0f664cf0562 (diff)
download	Nix-4288c2f2431fb782b0d512b1b3749187f2374b6a.tar.gz Nix-4288c2f2431fb782b0d512b1b3749187f2374b6a.tar.zst Nix-4288c2f2431fb782b0d512b1b3749187f2374b6a.zip

diff --git a/modules/private/websites/tools/ether/default.nix b/modules/private/websites/tools/ether/default.nix new file mode 100644 index 0000000..ebcbf61 --- /dev/null +++ b/modules/private/websites/tools/ether/default.nix
@@ -0,0 +1,175 @@
	1	{ lib, pkgs, config, myconfig, ... }:
	2	let
	3	env = myconfig.env.tools.etherpad-lite;
	4	cfg = config.myServices.websites.tools.etherpad-lite;
	5	# Make sure we’re not rebuilding whole libreoffice just because of a
	6	# dependency
	7	libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
	8	ecfg = config.services.etherpad-lite;
	9	in {
	10	options.myServices.websites.tools.etherpad-lite = {
	11	enable = lib.mkEnableOption "enable etherpad's website";
	12	};
	13
	14	config = lib.mkIf cfg.enable {
	15	secrets.keys = [
	16	{
	17	dest = "webapps/tools-etherpad-apikey";
	18	permissions = "0400";
	19	text = env.api_key;
	20	}
	21	{
	22	dest = "webapps/tools-etherpad-sessionkey";
	23	permissions = "0400";
	24	text = env.session_key;
	25	}
	26	{
	27	dest = "webapps/tools-etherpad";
	28	permissions = "0400";
	29	text = ''
	30	{
	31	"title": "Etherpad",
	32	"favicon": "favicon.ico",
	33
	34	"ip": "",
	35	"port" : "${ecfg.sockets.node}",
	36	"showSettingsInAdminPage" : false,
	37	"dbType" : "postgres",
	38	"dbSettings" : {
	39	"user" : "${env.postgresql.user}",
	40	"host" : "${env.postgresql.socket}",
	41	"password": "${env.postgresql.password}",
	42	"database": "${env.postgresql.database}",
	43	"charset" : "utf8mb4"
	44	},
	45
	46	"defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
	47	"padOptions": {
	48	"noColors": false,
	49	"showControls": true,
	50	"showChat": true,
	51	"showLineNumbers": true,
	52	"useMonospaceFont": false,
	53	"userName": false,
	54	"userColor": false,
	55	"rtl": false,
	56	"alwaysShowChat": false,
	57	"chatAndUsers": false,
	58	"lang": "en-gb"
	59	},
	60
	61	"suppressErrorsInPadText" : false,
	62	"requireSession" : false,
	63	"editOnly" : false,
	64	"sessionNoPassword" : false,
	65	"minify" : true,
	66	"maxAge" : 21600,
	67	"abiword" : null,
	68	"soffice" : "${libreoffice}/bin/soffice",
	69	"tidyHtml" : "${pkgs.html-tidy}/bin/tidy",
	70	"allowUnknownFileEnds" : true,
	71	"requireAuthentication" : false,
	72	"requireAuthorization" : false,
	73	"trustProxy" : false,
	74	"disableIPlogging" : false,
	75	"automaticReconnectionTimeout" : 0,
	76	"scrollWhenFocusLineIsOutOfViewport": {
	77	"percentage": {
	78	"editionAboveViewport": 0,
	79	"editionBelowViewport": 0
	80	},
	81	"duration": 0,
	82	"scrollWhenCaretIsInTheLastLineOfViewport": false,
	83	"percentageToScrollWhenUserPressesArrowUp": 0
	84	},
	85	"users": {
	86	"ldapauth": {
	87	"url": "ldaps://${env.ldap.host}",
	88	"accountBase": "${env.ldap.base}",
	89	"accountPattern": "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))",
	90	"displayNameAttribute": "cn",
	91	"searchDN": "cn=etherpad,ou=services,dc=immae,dc=eu",
	92	"searchPWD": "${env.ldap.password}",
	93	"groupSearchBase": "${env.ldap.base}",
	94	"groupAttribute": "member",
	95	"groupAttributeIsDN": true,
	96	"searchScope": "sub",
	97	"groupSearch": "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)",
	98	"anonymousReadonly": false
	99	}
	100	},
	101	"socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
	102	"loadTest": false,
	103	"indentationOnNewLine": false,
	104	"toolbar": {
	105	"left": [
	106	["bold", "italic", "underline", "strikethrough"],
	107	["orderedlist", "unorderedlist", "indent", "outdent"],
	108	["undo", "redo"],
	109	["clearauthorship"]
	110	],
	111	"right": [
	112	["importexport", "timeslider", "savedrevision"],
	113	["settings", "embed"],
	114	["showusers"]
	115	],
	116	"timeslider": [
	117	["timeslider_export", "timeslider_returnToPad"]
	118	]
	119	},
	120	"loglevel": "INFO",
	121	"logconfig" : { "appenders": [ { "type": "console" } ] }
	122	}
	123	'';
	124	}
	125	];
	126	services.etherpad-lite = {
	127	enable = true;
	128	modules = builtins.attrValues pkgs.webapps.etherpad-lite-modules;
	129	sessionKeyFile = "/var/secrets/webapps/tools-etherpad-sessionkey";
	130	apiKeyFile = "/var/secrets/webapps/tools-etherpad-apikey";
	131	configFile = "/var/secrets/webapps/tools-etherpad";
	132	};
	133
	134	systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
	135
	136	services.websites.tools.modules = [
	137	"headers" "proxy" "proxy_http" "proxy_wstunnel"
	138	];
	139	services.websites.tools.vhostConfs.etherpad-lite = {
	140	certName = "eldiron";
	141	addToCerts = true;
	142	hosts = [ "ether.immae.eu" ];
	143	root = null;
	144	extraConfig = [ ''
	145	Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
	146	RequestHeader set X-Forwarded-Proto "https"
	147
	148	RewriteEngine On
	149
	150	RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" myconfig.env.tools.etherpad-lite.redirects}"
	151	RewriteCond %{QUERY_STRING} "!noredirect"
	152	RewriteCond %{REQUEST_URI} "^(.*)$"
	153	RewriteCond ''${redirects:$1\|Unknown} "!Unknown"
	154	RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD]
	155
	156	RewriteCond %{REQUEST_URI} ^/socket.io [NC]
	157	RewriteCond %{QUERY_STRING} transport=websocket [NC]
	158	RewriteRule /(.*) unix://${ecfg.sockets.node}\|ws://ether.immae.eu/$1 [P,NE,QSA,L]
	159
	160	<IfModule mod_proxy.c>
	161	ProxyVia On
	162	ProxyRequests Off
	163	ProxyPreserveHost On
	164	ProxyPass / unix://${ecfg.sockets.node}\|http://ether.immae.eu/
	165	ProxyPassReverse / unix://${ecfg.sockets.node}\|http://ether.immae.eu/
	166	<Proxy *>
	167	Options FollowSymLinks MultiViews
	168	AllowOverride None
	169	Require all granted
	170	</Proxy>
	171	</IfModule>
	172	'' ];
	173	};
	174	};
	175	}