aboutsummaryrefslogtreecommitdiff
path: root/nixops
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2019-04-20 15:50:00 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2019-04-20 15:50:00 +0200
commite905cd0bda71f359597ecb1f4554d3edb27e2ccb (patch)
tree400a78ec5a07f45a224177c5d87a6cfc7863259c /nixops
parentb9c11a4dfd5afab304503fd61efe773b5a0da6a7 (diff)
downloadNix-e905cd0bda71f359597ecb1f4554d3edb27e2ccb.tar.gz
Nix-e905cd0bda71f359597ecb1f4554d3edb27e2ccb.tar.zst
Nix-e905cd0bda71f359597ecb1f4554d3edb27e2ccb.zip
Move missing passwords in etherpad to secure location
Related issue: https://git.immae.eu/mantisbt/view.php?id=122
Diffstat (limited to 'nixops')
-rw-r--r--nixops/modules/websites/tools/ether/default.nix6
-rw-r--r--nixops/modules/websites/tools/ether/etherpad_lite.nix214
2 files changed, 116 insertions, 104 deletions
diff --git a/nixops/modules/websites/tools/ether/default.nix b/nixops/modules/websites/tools/ether/default.nix
index 6d845ac..7fdcb57 100644
--- a/nixops/modules/websites/tools/ether/default.nix
+++ b/nixops/modules/websites/tools/ether/default.nix
@@ -16,8 +16,8 @@ in {
16 systemd.services.etherpad-lite = { 16 systemd.services.etherpad-lite = {
17 description = "Etherpad-lite"; 17 description = "Etherpad-lite";
18 wantedBy = [ "multi-user.target" ]; 18 wantedBy = [ "multi-user.target" ];
19 after = [ "network.target" "postgresql.service" "tools-etherpad-key.service" ]; 19 after = [ "network.target" "postgresql.service" "tools-etherpad-key.service" "tools-etherpad-apikey-key.service" "tools-etherpad-sessionkey-key.service" ];
20 wants = [ "postgresql.service" "tools-etherpad-key.service" ]; 20 wants = [ "postgresql.service" "tools-etherpad-key.service" "tools-etherpad-apikey-key.service" "tools-etherpad-sessionkey-key.service" ];
21 21
22 environment.NODE_ENV = "production"; 22 environment.NODE_ENV = "production";
23 environment.HOME = etherpad.webappDir; 23 environment.HOME = etherpad.webappDir;
@@ -44,7 +44,7 @@ in {
44 Restart = "always"; 44 Restart = "always";
45 Type = "simple"; 45 Type = "simple";
46 TimeoutSec = 60; 46 TimeoutSec = 60;
47 ExecStartPre = "+${pkgs.coreutils}/bin/chown etherpad-lite:etherpad-lite /run/keys/webapps/tools-etherpad"; 47 ExecStartPre = "+${pkgs.coreutils}/bin/chown etherpad-lite:etherpad-lite /run/keys/webapps/tools-etherpad /run/keys/webapps/tools-etherpad-sessionkey /run/keys/webapps/tools-etherpad-apikey";
48 }; 48 };
49 }; 49 };
50 50
diff --git a/nixops/modules/websites/tools/ether/etherpad_lite.nix b/nixops/modules/websites/tools/ether/etherpad_lite.nix
index bc62262..689156e 100644
--- a/nixops/modules/websites/tools/ether/etherpad_lite.nix
+++ b/nixops/modules/websites/tools/ether/etherpad_lite.nix
@@ -30,109 +30,121 @@ let
30 "ep_subscript_and_superscript" 30 "ep_subscript_and_superscript"
31 "ep_timesliderdiff" 31 "ep_timesliderdiff"
32 ]; 32 ];
33 keys.tools-etherpad = { 33 keys = {
34 destDir = "/run/keys/webapps"; 34 tools-etherpad-apikey = {
35 permissions = "0400"; 35 destDir = "/run/keys/webapps";
36 text = 36 permissions = "0400";
37 # Make sure we’re not rebuilding whole libreoffice just because of a 37 text = env.api_key;
38 # dependency 38 };
39 let libreoffice = (import <nixpkgs> {}).libreoffice-fresh; 39 tools-etherpad-sessionkey = {
40 in 40 destDir = "/run/keys/webapps";
41 '' 41 permissions = "0400";
42 { 42 text = env.session_key;
43 "title": "Etherpad", 43 };
44 "favicon": "favicon.ico", 44 tools-etherpad = {
45 destDir = "/run/keys/webapps";
46 permissions = "0400";
47 text =
48 # Make sure we’re not rebuilding whole libreoffice just because of a
49 # dependency
50 let libreoffice = (import <nixpkgs> {}).libreoffice-fresh;
51 in
52 ''
53 {
54 "title": "Etherpad",
55 "favicon": "favicon.ico",
45 56
46 "ip": "127.0.0.1", 57 "ip": "127.0.0.1",
47 "port" : ${env.listenPort}, 58 "port" : ${env.listenPort},
48 "showSettingsInAdminPage" : false, 59 "showSettingsInAdminPage" : false,
49 "dbType" : "postgres", 60 "dbType" : "postgres",
50 "dbSettings" : { 61 "dbSettings" : {
51 "user" : "${env.postgresql.user}", 62 "user" : "${env.postgresql.user}",
52 "host" : "${env.postgresql.socket}", 63 "host" : "${env.postgresql.socket}",
53 "password": "${env.postgresql.password}", 64 "password": "${env.postgresql.password}",
54 "database": "${env.postgresql.database}", 65 "database": "${env.postgresql.database}",
55 "charset" : "utf8mb4" 66 "charset" : "utf8mb4"
56 }, 67 },
57 68
58 "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n", 69 "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
59 "padOptions": { 70 "padOptions": {
60 "noColors": false, 71 "noColors": false,
61 "showControls": true, 72 "showControls": true,
62 "showChat": true, 73 "showChat": true,
63 "showLineNumbers": true, 74 "showLineNumbers": true,
64 "useMonospaceFont": false, 75 "useMonospaceFont": false,
65 "userName": false, 76 "userName": false,
66 "userColor": false, 77 "userColor": false,
67 "rtl": false, 78 "rtl": false,
68 "alwaysShowChat": false, 79 "alwaysShowChat": false,
69 "chatAndUsers": false, 80 "chatAndUsers": false,
70 "lang": "en-gb" 81 "lang": "en-gb"
71 }, 82 },
72 83
73 "suppressErrorsInPadText" : false, 84 "suppressErrorsInPadText" : false,
74 "requireSession" : false, 85 "requireSession" : false,
75 "editOnly" : false, 86 "editOnly" : false,
76 "sessionNoPassword" : false, 87 "sessionNoPassword" : false,
77 "minify" : true, 88 "minify" : true,
78 "maxAge" : 21600, 89 "maxAge" : 21600,
79 "abiword" : null, 90 "abiword" : null,
80 "soffice" : "${libreoffice}/bin/soffice", 91 "soffice" : "${libreoffice}/bin/soffice",
81 "tidyHtml" : "${pkgs.html-tidy}/bin/tidy", 92 "tidyHtml" : "${pkgs.html-tidy}/bin/tidy",
82 "allowUnknownFileEnds" : true, 93 "allowUnknownFileEnds" : true,
83 "requireAuthentication" : false, 94 "requireAuthentication" : false,
84 "requireAuthorization" : false, 95 "requireAuthorization" : false,
85 "trustProxy" : false, 96 "trustProxy" : false,
86 "disableIPlogging" : false, 97 "disableIPlogging" : false,
87 "automaticReconnectionTimeout" : 0, 98 "automaticReconnectionTimeout" : 0,
88 "scrollWhenFocusLineIsOutOfViewport": { 99 "scrollWhenFocusLineIsOutOfViewport": {
89 "percentage": { 100 "percentage": {
90 "editionAboveViewport": 0, 101 "editionAboveViewport": 0,
91 "editionBelowViewport": 0 102 "editionBelowViewport": 0
103 },
104 "duration": 0,
105 "scrollWhenCaretIsInTheLastLineOfViewport": false,
106 "percentageToScrollWhenUserPressesArrowUp": 0
92 }, 107 },
93 "duration": 0, 108 "users": {
94 "scrollWhenCaretIsInTheLastLineOfViewport": false, 109 "ldapauth": {
95 "percentageToScrollWhenUserPressesArrowUp": 0 110 "url": "ldaps://${env.ldap.host}",
96 }, 111 "accountBase": "${env.ldap.base}",
97 "users": { 112 "accountPattern": "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))",
98 "ldapauth": { 113 "displayNameAttribute": "cn",
99 "url": "ldaps://${env.ldap.host}", 114 "searchDN": "cn=etherpad,ou=services,dc=immae,dc=eu",
100 "accountBase": "${env.ldap.base}", 115 "searchPWD": "${env.ldap.password}",
101 "accountPattern": "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))", 116 "groupSearchBase": "${env.ldap.base}",
102 "displayNameAttribute": "cn", 117 "groupAttribute": "member",
103 "searchDN": "cn=etherpad,ou=services,dc=immae,dc=eu", 118 "groupAttributeIsDN": true,
104 "searchPWD": "${env.ldap.password}", 119 "searchScope": "sub",
105 "groupSearchBase": "${env.ldap.base}", 120 "groupSearch": "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)",
106 "groupAttribute": "member", 121 "anonymousReadonly": false
107 "groupAttributeIsDN": true, 122 }
108 "searchScope": "sub", 123 },
109 "groupSearch": "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)", 124 "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
110 "anonymousReadonly": false 125 "loadTest": false,
111 } 126 "indentationOnNewLine": false,
112 }, 127 "toolbar": {
113 "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"], 128 "left": [
114 "loadTest": false, 129 ["bold", "italic", "underline", "strikethrough"],
115 "indentationOnNewLine": false, 130 ["orderedlist", "unorderedlist", "indent", "outdent"],
116 "toolbar": { 131 ["undo", "redo"],
117 "left": [ 132 ["clearauthorship"]
118 ["bold", "italic", "underline", "strikethrough"], 133 ],
119 ["orderedlist", "unorderedlist", "indent", "outdent"], 134 "right": [
120 ["undo", "redo"], 135 ["importexport", "timeslider", "savedrevision"],
121 ["clearauthorship"] 136 ["settings", "embed"],
122 ], 137 ["showusers"]
123 "right": [ 138 ],
124 ["importexport", "timeslider", "savedrevision"], 139 "timeslider": [
125 ["settings", "embed"], 140 ["timeslider_export", "timeslider_returnToPad"]
126 ["showusers"] 141 ]
127 ], 142 },
128 "timeslider": [ 143 "loglevel": "INFO",
129 ["timeslider_export", "timeslider_returnToPad"] 144 "logconfig" : { "appenders": [ { "type": "console" } ] }
130 ] 145 }
131 }, 146 '';
132 "loglevel": "INFO", 147 };
133 "logconfig" : { "appenders": [ { "type": "console" } ] }
134 }
135 '';
136 }; 148 };
137 webappDir = stdenv.mkDerivation (fetchedGithub ./etherpad-lite.json // rec { 149 webappDir = stdenv.mkDerivation (fetchedGithub ./etherpad-lite.json // rec {
138 __noChroot = true; 150 __noChroot = true;
@@ -170,8 +182,8 @@ let
170 install -t $out/src/ -vDm 644 src/.ep_initialized 182 install -t $out/src/ -vDm 644 src/.ep_initialized
171 cp -a node_modules $out/ 183 cp -a node_modules $out/
172 cp -a src/* $out/src/ 184 cp -a src/* $out/src/
173 ln -sf ${sessionkey} $out/SESSIONKEY.txt 185 ln -sf /run/keys/webapps/tools-etherpad-sessionkey $out/SESSIONKEY.txt
174 ln -sf ${apikey} $out/APIKEY.txt 186 ln -sf /run/keys/webapps/tools-etherpad-apikey $out/APIKEY.txt
175 cp ${jquery} $out/src/static/js/jquery.js 187 cp ${jquery} $out/src/static/js/jquery.js
176 188
177 mkdir $out/doc 189 mkdir $out/doc