Move etherpad and mediagoblin keys to secure location

Related issue: https://git.immae.eu/mantisbt/view.php?id=122
author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-04-16 13:46:47 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-04-16 13:49:24 +0200
commit: 51900e3488284b0711083819a5ecb1b0f280a913 (patch)
tree: 2367f6ac79eb9198d4890cf51add27b37cd7b6b0 /nixops/modules/websites/tools/ether/etherpad_lite.nix
parent: 3b45d5f2afc3a48809d0353a3133025525247331 (diff)
download: Nix-51900e3488284b0711083819a5ecb1b0f280a913.tar.gz
Nix-51900e3488284b0711083819a5ecb1b0f280a913.tar.zst
Nix-51900e3488284b0711083819a5ecb1b0f280a913.zip
1 files changed, 101 insertions, 97 deletions
diff --git a/nixops/modules/websites/tools/ether/etherpad_lite.nix b/nixops/modules/websites/tools/ether/etherpad_lite.nix
index 02071f1..bc62262 100644
--- a/nixops/modules/websites/tools/ether/etherpad_lite.nix
+++ b/nixops/modules/websites/tools/ether/etherpad_lite.nix
@@ -30,106 +30,110 @@ let
    "ep_subscript_and_superscript"
    "ep_timesliderdiff"
    ];
-  config =
+  keys.tools-etherpad = {
-    # Make sure we’re not rebuilding whole libreoffice just because of a
+    destDir = "/run/keys/webapps";
-    # dependency
+    permissions = "0400";
-    let libreoffice = (import <nixpkgs> {}).libreoffice-fresh;
+    text =
-    in
+      # Make sure we’re not rebuilding whole libreoffice just because of a
-    writeText "settings.json" ''
+      # dependency
-      {
+      let libreoffice = (import <nixpkgs> {}).libreoffice-fresh;
-        "title": "Etherpad",
+      in
-        "favicon": "favicon.ico",
+      ''
+        {
+          "title": "Etherpad",
+          "favicon": "favicon.ico",
-        "ip": "127.0.0.1",
+          "ip": "127.0.0.1",
-        "port" : ${env.listenPort},
+          "port" : ${env.listenPort},
-        "showSettingsInAdminPage" : false,
+          "showSettingsInAdminPage" : false,
-        "dbType" : "postgres",
+          "dbType" : "postgres",
-        "dbSettings" : {
+          "dbSettings" : {
-          "user"    : "${env.postgresql.user}",
+            "user"    : "${env.postgresql.user}",
-          "host"    : "${env.postgresql.socket}",
+            "host"    : "${env.postgresql.socket}",
-          "password": "${env.postgresql.password}",
+            "password": "${env.postgresql.password}",
-          "database": "${env.postgresql.database}",
+            "database": "${env.postgresql.database}",
-          "charset" : "utf8mb4"
+            "charset" : "utf8mb4"
-        },
+          },
-        "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
+          "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
-        "padOptions": {
+          "padOptions": {
-          "noColors": false,
+            "noColors": false,
-          "showControls": true,
+            "showControls": true,
-          "showChat": true,
+            "showChat": true,
-          "showLineNumbers": true,
+            "showLineNumbers": true,
-          "useMonospaceFont": false,
+            "useMonospaceFont": false,
-          "userName": false,
+            "userName": false,
-          "userColor": false,
+            "userColor": false,
-          "rtl": false,
+            "rtl": false,
-          "alwaysShowChat": false,
+            "alwaysShowChat": false,
-          "chatAndUsers": false,
+            "chatAndUsers": false,
-          "lang": "en-gb"
+            "lang": "en-gb"
-        },
+          },
-        "suppressErrorsInPadText" : false,
+          "suppressErrorsInPadText" : false,
-        "requireSession" : false,
+          "requireSession" : false,
-        "editOnly" : false,
+          "editOnly" : false,
-        "sessionNoPassword" : false,
+          "sessionNoPassword" : false,
-        "minify" : true,
+          "minify" : true,
-        "maxAge" : 21600,
+          "maxAge" : 21600,
-        "abiword" : null,
+          "abiword" : null,
-        "soffice" : "${libreoffice}/bin/soffice",
+          "soffice" : "${libreoffice}/bin/soffice",
-        "tidyHtml" : "${pkgs.html-tidy}/bin/tidy",
+          "tidyHtml" : "${pkgs.html-tidy}/bin/tidy",
-        "allowUnknownFileEnds" : true,
+          "allowUnknownFileEnds" : true,
-        "requireAuthentication" : false,
+          "requireAuthentication" : false,
-        "requireAuthorization" : false,
+          "requireAuthorization" : false,
-        "trustProxy" : false,
+          "trustProxy" : false,
-        "disableIPlogging" : false,
+          "disableIPlogging" : false,
-        "automaticReconnectionTimeout" : 0,
+          "automaticReconnectionTimeout" : 0,
-        "scrollWhenFocusLineIsOutOfViewport": {
+          "scrollWhenFocusLineIsOutOfViewport": {
-          "percentage": {
+            "percentage": {
-            "editionAboveViewport": 0,
+              "editionAboveViewport": 0,
-            "editionBelowViewport": 0
+              "editionBelowViewport": 0
+            },
+            "duration": 0,
+            "scrollWhenCaretIsInTheLastLineOfViewport": false,
+            "percentageToScrollWhenUserPressesArrowUp": 0
          },
-          "duration": 0,
+          "users": {
-          "scrollWhenCaretIsInTheLastLineOfViewport": false,
+            "ldapauth": {
-          "percentageToScrollWhenUserPressesArrowUp": 0
+              "url": "ldaps://${env.ldap.host}",
-        },
+              "accountBase": "${env.ldap.base}",
-        "users": {
+              "accountPattern": "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))",
-          "ldapauth": {
+              "displayNameAttribute": "cn",
-            "url": "ldaps://${env.ldap.host}",
+              "searchDN": "cn=etherpad,ou=services,dc=immae,dc=eu",
-            "accountBase": "${env.ldap.base}",
+              "searchPWD": "${env.ldap.password}",
-            "accountPattern": "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))",
+              "groupSearchBase": "${env.ldap.base}",
-            "displayNameAttribute": "cn",
+              "groupAttribute": "member",
-            "searchDN": "cn=etherpad,ou=services,dc=immae,dc=eu",
+              "groupAttributeIsDN": true,
-            "searchPWD": "${env.ldap.password}",
+              "searchScope": "sub",
-            "groupSearchBase": "${env.ldap.base}",
+              "groupSearch": "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)",
-            "groupAttribute": "member",
+              "anonymousReadonly": false
-            "groupAttributeIsDN": true,
+            }
-            "searchScope": "sub",
+          },
-            "groupSearch": "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)",
+          "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
-            "anonymousReadonly": false
+          "loadTest": false,
-          }
+          "indentationOnNewLine": false,
-        },
+          "toolbar": {
-        "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
+            "left": [
-        "loadTest": false,
+              ["bold", "italic", "underline", "strikethrough"],
-        "indentationOnNewLine": false,
+              ["orderedlist", "unorderedlist", "indent", "outdent"],
-        "toolbar": {
+              ["undo", "redo"],
-          "left": [
+              ["clearauthorship"]
-            ["bold", "italic", "underline", "strikethrough"],
+            ],
-            ["orderedlist", "unorderedlist", "indent", "outdent"],
+            "right": [
-            ["undo", "redo"],
+              ["importexport", "timeslider", "savedrevision"],
-            ["clearauthorship"]
+              ["settings", "embed"],
-          ],
+              ["showusers"]
-          "right": [
+            ],
-            ["importexport", "timeslider", "savedrevision"],
+            "timeslider": [
-            ["settings", "embed"],
+              ["timeslider_export", "timeslider_returnToPad"]
-            ["showusers"]
+            ]
-          ],
+          },
-          "timeslider": [
+          "loglevel": "INFO",
-            ["timeslider_export", "timeslider_returnToPad"]
+          "logconfig" : { "appenders": [ { "type": "console" } ] }
-          ]
+        }
-        },
+      '';
-        "loglevel": "INFO",
+  };
-        "logconfig" : { "appenders": [ { "type": "console" } ] }
-      }
-    '';
  webappDir = stdenv.mkDerivation (fetchedGithub ./etherpad-lite.json // rec {
    __noChroot = true;
    patches = [ ./libreoffice_patch.diff ];
@@ -179,5 +183,5 @@ let
  });
 in
  {
-    inherit webappDir config listenPort;
+    inherit webappDir keys listenPort;
  }
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-04-16 13:46:47 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-04-16 13:49:24 +0200
commit	51900e3488284b0711083819a5ecb1b0f280a913 (patch)
tree	2367f6ac79eb9198d4890cf51add27b37cd7b6b0 /nixops/modules/websites/tools/ether/etherpad_lite.nix
parent	3b45d5f2afc3a48809d0353a3133025525247331 (diff)
download	Nix-51900e3488284b0711083819a5ecb1b0f280a913.tar.gz Nix-51900e3488284b0711083819a5ecb1b0f280a913.tar.zst Nix-51900e3488284b0711083819a5ecb1b0f280a913.zip

diff --git a/nixops/modules/websites/tools/ether/etherpad_lite.nix b/nixops/modules/websites/tools/ether/etherpad_lite.nix index 02071f1..bc62262 100644 --- a/nixops/modules/websites/tools/ether/etherpad_lite.nix +++ b/nixops/modules/websites/tools/ether/etherpad_lite.nix
@@ -30,106 +30,110 @@ let
30	"ep_subscript_and_superscript"	30	"ep_subscript_and_superscript"
31	"ep_timesliderdiff"	31	"ep_timesliderdiff"
32	];	32	];
33	config =	33	keys.tools-etherpad = {
34	# Make sure we’re not rebuilding whole libreoffice just because of a	34	destDir = "/run/keys/webapps";
35	# dependency	35	permissions = "0400";
36	let libreoffice = (import <nixpkgs> {}).libreoffice-fresh;	36	text =
37	in	37	# Make sure we’re not rebuilding whole libreoffice just because of a
38	writeText "settings.json" ''	38	# dependency
39	{	39	let libreoffice = (import <nixpkgs> {}).libreoffice-fresh;
40	"title": "Etherpad",	40	in
41	"favicon": "favicon.ico",	41	''
		42	{
		43	"title": "Etherpad",
		44	"favicon": "favicon.ico",
42		45
43	"ip": "127.0.0.1",	46	"ip": "127.0.0.1",
44	"port" : ${env.listenPort},	47	"port" : ${env.listenPort},
45	"showSettingsInAdminPage" : false,	48	"showSettingsInAdminPage" : false,
46	"dbType" : "postgres",	49	"dbType" : "postgres",
47	"dbSettings" : {	50	"dbSettings" : {
48	"user" : "${env.postgresql.user}",	51	"user" : "${env.postgresql.user}",
49	"host" : "${env.postgresql.socket}",	52	"host" : "${env.postgresql.socket}",
50	"password": "${env.postgresql.password}",	53	"password": "${env.postgresql.password}",
51	"database": "${env.postgresql.database}",	54	"database": "${env.postgresql.database}",
52	"charset" : "utf8mb4"	55	"charset" : "utf8mb4"
53	},	56	},
54		57
55	"defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",	58	"defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
56	"padOptions": {	59	"padOptions": {
57	"noColors": false,	60	"noColors": false,
58	"showControls": true,	61	"showControls": true,
59	"showChat": true,	62	"showChat": true,
60	"showLineNumbers": true,	63	"showLineNumbers": true,
61	"useMonospaceFont": false,	64	"useMonospaceFont": false,
62	"userName": false,	65	"userName": false,
63	"userColor": false,	66	"userColor": false,
64	"rtl": false,	67	"rtl": false,
65	"alwaysShowChat": false,	68	"alwaysShowChat": false,
66	"chatAndUsers": false,	69	"chatAndUsers": false,
67	"lang": "en-gb"	70	"lang": "en-gb"
68	},	71	},
69		72
70	"suppressErrorsInPadText" : false,	73	"suppressErrorsInPadText" : false,
71	"requireSession" : false,	74	"requireSession" : false,
72	"editOnly" : false,	75	"editOnly" : false,
73	"sessionNoPassword" : false,	76	"sessionNoPassword" : false,
74	"minify" : true,	77	"minify" : true,
75	"maxAge" : 21600,	78	"maxAge" : 21600,
76	"abiword" : null,	79	"abiword" : null,
77	"soffice" : "${libreoffice}/bin/soffice",	80	"soffice" : "${libreoffice}/bin/soffice",
78	"tidyHtml" : "${pkgs.html-tidy}/bin/tidy",	81	"tidyHtml" : "${pkgs.html-tidy}/bin/tidy",
79	"allowUnknownFileEnds" : true,	82	"allowUnknownFileEnds" : true,
80	"requireAuthentication" : false,	83	"requireAuthentication" : false,
81	"requireAuthorization" : false,	84	"requireAuthorization" : false,
82	"trustProxy" : false,	85	"trustProxy" : false,
83	"disableIPlogging" : false,	86	"disableIPlogging" : false,
84	"automaticReconnectionTimeout" : 0,	87	"automaticReconnectionTimeout" : 0,
85	"scrollWhenFocusLineIsOutOfViewport": {	88	"scrollWhenFocusLineIsOutOfViewport": {
86	"percentage": {	89	"percentage": {
87	"editionAboveViewport": 0,	90	"editionAboveViewport": 0,
88	"editionBelowViewport": 0	91	"editionBelowViewport": 0
		92	},
		93	"duration": 0,
		94	"scrollWhenCaretIsInTheLastLineOfViewport": false,
		95	"percentageToScrollWhenUserPressesArrowUp": 0
89	},	96	},
90	"duration": 0,	97	"users": {
91	"scrollWhenCaretIsInTheLastLineOfViewport": false,	98	"ldapauth": {
92	"percentageToScrollWhenUserPressesArrowUp": 0	99	"url": "ldaps://${env.ldap.host}",
93	},	100	"accountBase": "${env.ldap.base}",
94	"users": {	101	"accountPattern": "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))",
95	"ldapauth": {	102	"displayNameAttribute": "cn",
96	"url": "ldaps://${env.ldap.host}",	103	"searchDN": "cn=etherpad,ou=services,dc=immae,dc=eu",
97	"accountBase": "${env.ldap.base}",	104	"searchPWD": "${env.ldap.password}",
98	"accountPattern": "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))",	105	"groupSearchBase": "${env.ldap.base}",
99	"displayNameAttribute": "cn",	106	"groupAttribute": "member",
100	"searchDN": "cn=etherpad,ou=services,dc=immae,dc=eu",	107	"groupAttributeIsDN": true,
101	"searchPWD": "${env.ldap.password}",	108	"searchScope": "sub",
102	"groupSearchBase": "${env.ldap.base}",	109	"groupSearch": "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)",
103	"groupAttribute": "member",	110	"anonymousReadonly": false
104	"groupAttributeIsDN": true,	111	}
105	"searchScope": "sub",	112	},
106	"groupSearch": "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)",	113	"socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
107	"anonymousReadonly": false	114	"loadTest": false,
108	}	115	"indentationOnNewLine": false,
109	},	116	"toolbar": {
110	"socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],	117	"left": [
111	"loadTest": false,	118	["bold", "italic", "underline", "strikethrough"],
112	"indentationOnNewLine": false,	119	["orderedlist", "unorderedlist", "indent", "outdent"],
113	"toolbar": {	120	["undo", "redo"],
114	"left": [	121	["clearauthorship"]
115	["bold", "italic", "underline", "strikethrough"],	122	],
116	["orderedlist", "unorderedlist", "indent", "outdent"],	123	"right": [
117	["undo", "redo"],	124	["importexport", "timeslider", "savedrevision"],
118	["clearauthorship"]	125	["settings", "embed"],
119	],	126	["showusers"]
120	"right": [	127	],
121	["importexport", "timeslider", "savedrevision"],	128	"timeslider": [
122	["settings", "embed"],	129	["timeslider_export", "timeslider_returnToPad"]
123	["showusers"]	130	]
124	],	131	},
125	"timeslider": [	132	"loglevel": "INFO",
126	["timeslider_export", "timeslider_returnToPad"]	133	"logconfig" : { "appenders": [ { "type": "console" } ] }
127	]	134	}
128	},	135	'';
129	"loglevel": "INFO",	136	};
130	"logconfig" : { "appenders": [ { "type": "console" } ] }
131	}
132	'';
133	webappDir = stdenv.mkDerivation (fetchedGithub ./etherpad-lite.json // rec {	137	webappDir = stdenv.mkDerivation (fetchedGithub ./etherpad-lite.json // rec {
134	__noChroot = true;	138	__noChroot = true;
135	patches = [ ./libreoffice_patch.diff ];	139	patches = [ ./libreoffice_patch.diff ];
@@ -179,5 +183,5 @@ let
179	});	183	});
180	in	184	in
181	{	185	{
182	inherit webappDir config listenPort;	186	inherit webappDir keys listenPort;
183	}	187	}