aboutsummaryrefslogtreecommitdiff
path: root/nixops/modules/websites/tools/ether
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2019-01-25 23:15:08 +0100
committerIsmaël Bouya <ismael.bouya@normalesup.org>2019-01-25 23:15:08 +0100
commit01f21083a897b86bf148f1d2bb9c8edca4d3786a (patch)
tree784f04e9b6ef99a49e572c84e4b7ab40b5eb5fde /nixops/modules/websites/tools/ether
parentbfe3c9c9df0c5112bc8806483292b55ed0f7e02d (diff)
downloadNix-01f21083a897b86bf148f1d2bb9c8edca4d3786a.tar.gz
Nix-01f21083a897b86bf148f1d2bb9c8edca4d3786a.tar.zst
Nix-01f21083a897b86bf148f1d2bb9c8edca4d3786a.zip
Rename virtual folder to nixops
Fixes https://git.immae.eu/mantisbt/view.php?id=82
Diffstat (limited to 'nixops/modules/websites/tools/ether')
-rw-r--r--nixops/modules/websites/tools/ether/default.nix89
-rw-r--r--nixops/modules/websites/tools/ether/etherpad-lite.json15
-rw-r--r--nixops/modules/websites/tools/ether/etherpad_lite.nix183
-rw-r--r--nixops/modules/websites/tools/ether/libreoffice_patch.diff11
4 files changed, 298 insertions, 0 deletions
diff --git a/nixops/modules/websites/tools/ether/default.nix b/nixops/modules/websites/tools/ether/default.nix
new file mode 100644
index 0000000..5ee3433
--- /dev/null
+++ b/nixops/modules/websites/tools/ether/default.nix
@@ -0,0 +1,89 @@
1{ lib, pkgs, config, myconfig, mylibs, ... }:
2let
3 etherpad = pkgs.callPackage ./etherpad_lite.nix {
4 inherit (mylibs) fetchedGithub;
5 env = myconfig.env.tools.etherpad-lite;
6 };
7
8 cfg = config.services.myWebsites.tools.etherpad-lite;
9in {
10 options.services.myWebsites.tools.etherpad-lite = {
11 enable = lib.mkEnableOption "enable etherpad's website";
12 };
13
14 config = lib.mkIf cfg.enable {
15 systemd.services.etherpad-lite = {
16 description = "Etherpad-lite";
17 wantedBy = [ "multi-user.target" ];
18 after = [ "network.target" "postgresql.service" ];
19 wants = [ "postgresql.service" ];
20
21 environment.NODE_ENV = "production";
22 environment.HOME = etherpad.webappDir;
23
24 path = [ pkgs.nodejs ];
25
26 script = ''
27 exec ${pkgs.nodejs}/bin/node ${etherpad.webappDir}/src/node/server.js \
28 --settings ${etherpad.config}
29 '';
30
31 serviceConfig = {
32 DynamicUser = true;
33 User = "etherpad-lite";
34 Group = "etherpad-lite";
35 WorkingDirectory = etherpad.webappDir;
36 PrivateTmp = true;
37 NoNewPrivileges = true;
38 PrivateDevices = true;
39 ProtectHome = true;
40 ProtectControlGroups = true;
41 ProtectKernelModules = true;
42 Restart = "always";
43 Type = "simple";
44 TimeoutSec = 60;
45 };
46 };
47
48 services.myWebsites.tools.modules = [
49 "headers" "proxy" "proxy_http" "proxy_wstunnel"
50 ];
51 security.acme.certs."eldiron".extraDomains."ether.immae.eu" = null;
52 services.myWebsites.tools.vhostConfs.etherpad-lite = {
53 certName = "eldiron";
54 hosts = [ "ether.immae.eu" ];
55 root = null;
56 extraConfig = [ ''
57 Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
58 RequestHeader set X-Forwarded-Proto "https"
59
60 RewriteEngine On
61
62 RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" myconfig.env.tools.etherpad-lite.redirects}"
63 RewriteCond %{QUERY_STRING} "!noredirect"
64 RewriteCond %{REQUEST_URI} "^(.*)$"
65 RewriteCond ''${redirects:$1|Unknown} "!Unknown"
66 RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD]
67
68 RewriteCond %{REQUEST_URI} ^/socket.io [NC]
69 RewriteCond %{QUERY_STRING} transport=websocket [NC]
70 RewriteRule /(.*) ws://localhost:${etherpad.listenPort}/$1 [P,L]
71
72 <IfModule mod_proxy.c>
73 ProxyVia On
74 ProxyRequests Off
75 ProxyPreserveHost On
76 ProxyPass / http://localhost:${etherpad.listenPort}/
77 ProxyPassReverse / http://localhost:${etherpad.listenPort}/
78 ProxyPass /socket.io ws://localhost:${etherpad.listenPort}/socket.io
79 ProxyPassReverse /socket.io ws://localhost:${etherpad.listenPort}/socket.io
80 <Proxy *>
81 Options FollowSymLinks MultiViews
82 AllowOverride None
83 Require all granted
84 </Proxy>
85 </IfModule>
86 '' ];
87 };
88 };
89}
diff --git a/nixops/modules/websites/tools/ether/etherpad-lite.json b/nixops/modules/websites/tools/ether/etherpad-lite.json
new file mode 100644
index 0000000..81369c4
--- /dev/null
+++ b/nixops/modules/websites/tools/ether/etherpad-lite.json
@@ -0,0 +1,15 @@
1{
2 "tag": "1.7.0",
3 "meta": {
4 "name": "etherpad-lite",
5 "url": "https://github.com/ether/etherpad-lite",
6 "branch": "refs/tags/1.7.0"
7 },
8 "github": {
9 "owner": "ether",
10 "repo": "etherpad-lite",
11 "rev": "96ac381afb9ea731dad48968f15d77dc6488bd0d",
12 "sha256": "03k6bwlm9ch9kssy9jipfg8ij7rpbzd89xq4mvg4grg1q6ivnzk9",
13 "fetchSubmodules": true
14 }
15}
diff --git a/nixops/modules/websites/tools/ether/etherpad_lite.nix b/nixops/modules/websites/tools/ether/etherpad_lite.nix
new file mode 100644
index 0000000..02071f1
--- /dev/null
+++ b/nixops/modules/websites/tools/ether/etherpad_lite.nix
@@ -0,0 +1,183 @@
1{ env, fetchedGithub, fetchurl, stdenv, writeText, pkgs, cacert }:
2let
3 listenPort = env.listenPort;
4 sessionkey = writeText "SESSIONKEY.txt" env.session_key;
5 apikey = writeText "APIKEY.txt" env.api_key;
6 jquery = fetchurl {
7 url = https://code.jquery.com/jquery-1.9.1.js;
8 sha256 = "0h4dk67yc9d0kadqxb6b33585f3x3559p6qmp70l00qwq030vn3v";
9 };
10 etherpad_modules = [
11 "ep_aa_file_menu_toolbar"
12 "ep_adminpads"
13 "ep_align"
14 "ep_bookmark"
15 "ep_clear_formatting"
16 "ep_colors"
17 "ep_copy_paste_select_all"
18 "ep_cursortrace"
19 "ep_embedmedia"
20 "ep_font_family"
21 "ep_font_size"
22 "ep_headings2"
23 "ep_ldapauth"
24 "ep_line_height"
25 "ep_markdown"
26 "ep_previewimages"
27 "ep_ruler"
28 "ep_scrollto"
29 "ep_set_title_on_pad"
30 "ep_subscript_and_superscript"
31 "ep_timesliderdiff"
32 ];
33 config =
34 # Make sure we’re not rebuilding whole libreoffice just because of a
35 # dependency
36 let libreoffice = (import <nixpkgs> {}).libreoffice-fresh;
37 in
38 writeText "settings.json" ''
39 {
40 "title": "Etherpad",
41 "favicon": "favicon.ico",
42
43 "ip": "127.0.0.1",
44 "port" : ${env.listenPort},
45 "showSettingsInAdminPage" : false,
46 "dbType" : "postgres",
47 "dbSettings" : {
48 "user" : "${env.postgresql.user}",
49 "host" : "${env.postgresql.socket}",
50 "password": "${env.postgresql.password}",
51 "database": "${env.postgresql.database}",
52 "charset" : "utf8mb4"
53 },
54
55 "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
56 "padOptions": {
57 "noColors": false,
58 "showControls": true,
59 "showChat": true,
60 "showLineNumbers": true,
61 "useMonospaceFont": false,
62 "userName": false,
63 "userColor": false,
64 "rtl": false,
65 "alwaysShowChat": false,
66 "chatAndUsers": false,
67 "lang": "en-gb"
68 },
69
70 "suppressErrorsInPadText" : false,
71 "requireSession" : false,
72 "editOnly" : false,
73 "sessionNoPassword" : false,
74 "minify" : true,
75 "maxAge" : 21600,
76 "abiword" : null,
77 "soffice" : "${libreoffice}/bin/soffice",
78 "tidyHtml" : "${pkgs.html-tidy}/bin/tidy",
79 "allowUnknownFileEnds" : true,
80 "requireAuthentication" : false,
81 "requireAuthorization" : false,
82 "trustProxy" : false,
83 "disableIPlogging" : false,
84 "automaticReconnectionTimeout" : 0,
85 "scrollWhenFocusLineIsOutOfViewport": {
86 "percentage": {
87 "editionAboveViewport": 0,
88 "editionBelowViewport": 0
89 },
90 "duration": 0,
91 "scrollWhenCaretIsInTheLastLineOfViewport": false,
92 "percentageToScrollWhenUserPressesArrowUp": 0
93 },
94 "users": {
95 "ldapauth": {
96 "url": "ldaps://${env.ldap.host}",
97 "accountBase": "${env.ldap.base}",
98 "accountPattern": "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))",
99 "displayNameAttribute": "cn",
100 "searchDN": "cn=etherpad,ou=services,dc=immae,dc=eu",
101 "searchPWD": "${env.ldap.password}",
102 "groupSearchBase": "${env.ldap.base}",
103 "groupAttribute": "member",
104 "groupAttributeIsDN": true,
105 "searchScope": "sub",
106 "groupSearch": "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)",
107 "anonymousReadonly": false
108 }
109 },
110 "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
111 "loadTest": false,
112 "indentationOnNewLine": false,
113 "toolbar": {
114 "left": [
115 ["bold", "italic", "underline", "strikethrough"],
116 ["orderedlist", "unorderedlist", "indent", "outdent"],
117 ["undo", "redo"],
118 ["clearauthorship"]
119 ],
120 "right": [
121 ["importexport", "timeslider", "savedrevision"],
122 ["settings", "embed"],
123 ["showusers"]
124 ],
125 "timeslider": [
126 ["timeslider_export", "timeslider_returnToPad"]
127 ]
128 },
129 "loglevel": "INFO",
130 "logconfig" : { "appenders": [ { "type": "console" } ] }
131 }
132 '';
133 webappDir = stdenv.mkDerivation (fetchedGithub ./etherpad-lite.json // rec {
134 __noChroot = true;
135 patches = [ ./libreoffice_patch.diff ];
136 buildPhase = ''
137 export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
138 export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
139 export HOME=$PWD
140
141 touch src/.ep_initialized
142 cp -v src/static/custom/js.template src/static/custom/index.js
143 cp -v src/static/custom/js.template src/static/custom/pad.js
144 cp -v src/static/custom/js.template src/static/custom/timeslider.js
145 cp -v src/static/custom/css.template src/static/custom/index.css
146 cp -v src/static/custom/css.template src/static/custom/pad.css
147 cp -v src/static/custom/css.template src/static/custom/timeslider.css
148
149 sed -i 's/var\/dirty.db/\/var\/lib\/etherpad-lite\/dirty.db/g' \
150 settings.json.template
151
152 mkdir -v node_modules
153 ln -s ../src node_modules/ep_etherpad-lite
154
155 node bin/doc/generate doc/index.md --format=html \
156 --template=doc/template.html > documentation.html
157
158 cd src
159 npm install
160 cd ..
161 ${builtins.concatStringsSep "\n"
162 (map (n: "npm install ${n}; touch node_modules/${n}/.ep_initialized") etherpad_modules)}
163 '';
164 installPhase = ''
165 mkdir -p $out
166 install -t $out/src/ -vDm 644 src/.ep_initialized
167 cp -a node_modules $out/
168 cp -a src/* $out/src/
169 ln -sf ${sessionkey} $out/SESSIONKEY.txt
170 ln -sf ${apikey} $out/APIKEY.txt
171 cp ${jquery} $out/src/static/js/jquery.js
172
173 mkdir $out/doc
174 install -t "$out/doc/" \
175 -vDm 644 {CHANGELOG,CONTRIBUTING,README}.md \
176 -vDm 644 documentation.html
177 '';
178 buildInputs = [ pkgs.nodejs pkgs.python ];
179 });
180in
181 {
182 inherit webappDir config listenPort;
183 }
diff --git a/nixops/modules/websites/tools/ether/libreoffice_patch.diff b/nixops/modules/websites/tools/ether/libreoffice_patch.diff
new file mode 100644
index 0000000..d9e3dfc
--- /dev/null
+++ b/nixops/modules/websites/tools/ether/libreoffice_patch.diff
@@ -0,0 +1,11 @@
1--- a/src/node/utils/LibreOffice.js 2018-06-18 09:54:15.087161212 +0200
2+++ b/src/node/utils/LibreOffice.js 2018-06-18 10:33:27.534055021 +0200
3@@ -63,6 +63,7 @@
4 '--invisible',
5 '--nologo',
6 '--nolockcheck',
7+ '-env:UserInstallation=file:///tmp/',
8 '--convert-to', task.type,
9 task.srcFile,
10 '--outdir', tmpDir
11