5 files changed, 300 insertions, 0 deletions
diff --git a/virtual/modules/websites/default.nix b/virtual/modules/websites/default.nix
index 06f51ff..4d5ae23 100644
--- a/virtual/modules/websites/default.nix
+++ b/virtual/modules/websites/default.nix
@@ -99,6 +99,7 @@ in
    ./tools/mastodon
    ./tools/mediagoblin
    ./tools/diaspora
+    ./tools/ether
    # built using:
    # sed -e "s/services\.httpd/services\.httpdProd/g" .nix-defexpr/channels/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix
    # Removed allGranted
@@ -179,6 +180,7 @@ in
    services.myWebsites.tools.mastodon.enable = true;
    services.myWebsites.tools.mediagoblin.enable = true;
    services.myWebsites.tools.diaspora.enable = true;
+    services.myWebsites.tools.etherpad-lite.enable = true;
    services.myWebsites.Chloe.production.enable = cfg.production.enable;
    services.myWebsites.Ludivine.production.enable = cfg.production.enable;
diff --git a/virtual/modules/websites/tools/ether/default.nix b/virtual/modules/websites/tools/ether/default.nix
new file mode 100644
index 0000000..5ee3433
--- /dev/null
+++ b/virtual/modules/websites/tools/ether/default.nix
@@ -0,0 +1,89 @@
+{ lib, pkgs, config, myconfig, mylibs, ... }:
+let
+  etherpad = pkgs.callPackage ./etherpad_lite.nix {
+    inherit (mylibs) fetchedGithub;
+    env = myconfig.env.tools.etherpad-lite;
+  };
+  cfg = config.services.myWebsites.tools.etherpad-lite;
+in {
+  options.services.myWebsites.tools.etherpad-lite = {
+    enable = lib.mkEnableOption "enable etherpad's website";
+  };
+  config = lib.mkIf cfg.enable {
+    systemd.services.etherpad-lite = {
+      description = "Etherpad-lite";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" "postgresql.service" ];
+      wants = [ "postgresql.service" ];
+      environment.NODE_ENV = "production";
+      environment.HOME = etherpad.webappDir;
+      path = [ pkgs.nodejs ];
+      script = ''
+        exec ${pkgs.nodejs}/bin/node ${etherpad.webappDir}/src/node/server.js \
+          --settings ${etherpad.config}
+      '';
+      serviceConfig = {
+        DynamicUser = true;
+        User = "etherpad-lite";
+        Group = "etherpad-lite";
+        WorkingDirectory = etherpad.webappDir;
+        PrivateTmp = true;
+        NoNewPrivileges = true;
+        PrivateDevices = true;
+        ProtectHome = true;
+        ProtectControlGroups = true;
+        ProtectKernelModules = true;
+        Restart = "always";
+        Type = "simple";
+        TimeoutSec = 60;
+      };
+    };
+    services.myWebsites.tools.modules = [
+      "headers" "proxy" "proxy_http" "proxy_wstunnel"
+    ];
+    security.acme.certs."eldiron".extraDomains."ether.immae.eu" = null;
+    services.myWebsites.tools.vhostConfs.etherpad-lite = {
+      certName    = "eldiron";
+      hosts       = [ "ether.immae.eu" ];
+      root        = null;
+      extraConfig = [ ''
+        Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
+        RequestHeader set X-Forwarded-Proto "https"
+        RewriteEngine On
+        RewriteMap  redirects "txt:${pkgs.writeText "redirects.txt" myconfig.env.tools.etherpad-lite.redirects}"
+        RewriteCond %{QUERY_STRING}         "!noredirect"
+        RewriteCond %{REQUEST_URI}          "^(.*)$"
+        RewriteCond ''${redirects:$1|Unknown} "!Unknown"
+        RewriteRule "^(.*)$"                ''${redirects:$1}  [L,NE,R=301,QSD]
+        RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
+        RewriteCond %{QUERY_STRING} transport=websocket    [NC]
+        RewriteRule /(.*)           ws://localhost:${etherpad.listenPort}/$1 [P,L]
+        <IfModule mod_proxy.c>
+          ProxyVia On
+          ProxyRequests Off
+          ProxyPreserveHost On
+          ProxyPass         / http://localhost:${etherpad.listenPort}/
+          ProxyPassReverse  / http://localhost:${etherpad.listenPort}/
+          ProxyPass         /socket.io ws://localhost:${etherpad.listenPort}/socket.io
+          ProxyPassReverse  /socket.io ws://localhost:${etherpad.listenPort}/socket.io
+          <Proxy *>
+            Options FollowSymLinks MultiViews
+            AllowOverride None
+            Require all granted
+          </Proxy>
+        </IfModule>
+      '' ];
+    };
+  };
+}
diff --git a/virtual/modules/websites/tools/ether/etherpad-lite.json b/virtual/modules/websites/tools/ether/etherpad-lite.json
new file mode 100644
index 0000000..81369c4
--- /dev/null
+++ b/virtual/modules/websites/tools/ether/etherpad-lite.json
@@ -0,0 +1,15 @@
+{
+  "tag": "1.7.0",
+  "meta": {
+    "name": "etherpad-lite",
+    "url": "https://github.com/ether/etherpad-lite",
+    "branch": "refs/tags/1.7.0"
+  },
+  "github": {
+    "owner": "ether",
+    "repo": "etherpad-lite",
+    "rev": "96ac381afb9ea731dad48968f15d77dc6488bd0d",
+    "sha256": "03k6bwlm9ch9kssy9jipfg8ij7rpbzd89xq4mvg4grg1q6ivnzk9",
+    "fetchSubmodules": true
+  }
+}
diff --git a/virtual/modules/websites/tools/ether/etherpad_lite.nix b/virtual/modules/websites/tools/ether/etherpad_lite.nix
new file mode 100644
index 0000000..f5f05b7
--- /dev/null
+++ b/virtual/modules/websites/tools/ether/etherpad_lite.nix
@@ -0,0 +1,183 @@
+{ env, fetchedGithub, fetchurl, stdenv, writeText, pkgs, cacert }:
+let
+  listenPort = "18001";
+  sessionkey = writeText "SESSIONKEY.txt" env.session_key;
+  apikey = writeText "APIKEY.txt" env.api_key;
+  jquery = fetchurl {
+    url = https://code.jquery.com/jquery-1.9.1.js;
+    sha256 = "0h4dk67yc9d0kadqxb6b33585f3x3559p6qmp70l00qwq030vn3v";
+  };
+  etherpad_modules = [
+    "ep_aa_file_menu_toolbar"
+    "ep_adminpads"
+    "ep_align"
+    "ep_bookmark"
+    "ep_clear_formatting"
+    "ep_colors"
+    "ep_copy_paste_select_all"
+    "ep_cursortrace"
+    "ep_embedmedia"
+    "ep_font_family"
+    "ep_font_size"
+    "ep_headings2"
+    "ep_ldapauth"
+    "ep_line_height"
+    "ep_markdown"
+    "ep_previewimages"
+    "ep_ruler"
+    "ep_scrollto"
+    "ep_set_title_on_pad"
+    "ep_subscript_and_superscript"
+    "ep_timesliderdiff"
+    ];
+  config =
+    # Make sure we’re not rebuilding whole libreoffice just because of a
+    # dependency
+    let libreoffice = (import <nixpkgs> {}).libreoffice-fresh;
+    in
+    writeText "settings.json" ''
+      {
+        "title": "Etherpad",
+        "favicon": "favicon.ico",
+        "ip": "127.0.0.1",
+        "port" : ${listenPort},
+        "showSettingsInAdminPage" : false,
+        "dbType" : "postgres",
+        "dbSettings" : {
+          "user"    : "${env.postgresql.user}",
+          "host"    : "${env.postgresql.socket}",
+          "password": "${env.postgresql.password}",
+          "database": "${env.postgresql.database}",
+          "charset" : "utf8mb4"
+        },
+        "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
+        "padOptions": {
+          "noColors": false,
+          "showControls": true,
+          "showChat": true,
+          "showLineNumbers": true,
+          "useMonospaceFont": false,
+          "userName": false,
+          "userColor": false,
+          "rtl": false,
+          "alwaysShowChat": false,
+          "chatAndUsers": false,
+          "lang": "en-gb"
+        },
+        "suppressErrorsInPadText" : false,
+        "requireSession" : false,
+        "editOnly" : false,
+        "sessionNoPassword" : false,
+        "minify" : true,
+        "maxAge" : 21600,
+        "abiword" : null,
+        "soffice" : "${libreoffice}/bin/soffice",
+        "tidyHtml" : "${pkgs.html-tidy}/bin/tidy",
+        "allowUnknownFileEnds" : true,
+        "requireAuthentication" : false,
+        "requireAuthorization" : false,
+        "trustProxy" : false,
+        "disableIPlogging" : false,
+        "automaticReconnectionTimeout" : 0,
+        "scrollWhenFocusLineIsOutOfViewport": {
+          "percentage": {
+            "editionAboveViewport": 0,
+            "editionBelowViewport": 0
+          },
+          "duration": 0,
+          "scrollWhenCaretIsInTheLastLineOfViewport": false,
+          "percentageToScrollWhenUserPressesArrowUp": 0
+        },
+        "users": {
+          "ldapauth": {
+            "url": "ldaps://${env.ldap.host}",
+            "accountBase": "${env.ldap.base}",
+            "accountPattern": "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))",
+            "displayNameAttribute": "cn",
+            "searchDN": "cn=etherpad,ou=services,dc=immae,dc=eu",
+            "searchPWD": "${env.ldap.password}",
+            "groupSearchBase": "${env.ldap.base}",
+            "groupAttribute": "member",
+            "groupAttributeIsDN": true,
+            "searchScope": "sub",
+            "groupSearch": "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)",
+            "anonymousReadonly": false
+          }
+        },
+        "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
+        "loadTest": false,
+        "indentationOnNewLine": false,
+        "toolbar": {
+          "left": [
+            ["bold", "italic", "underline", "strikethrough"],
+            ["orderedlist", "unorderedlist", "indent", "outdent"],
+            ["undo", "redo"],
+            ["clearauthorship"]
+          ],
+          "right": [
+            ["importexport", "timeslider", "savedrevision"],
+            ["settings", "embed"],
+            ["showusers"]
+          ],
+          "timeslider": [
+            ["timeslider_export", "timeslider_returnToPad"]
+          ]
+        },
+        "loglevel": "INFO",
+        "logconfig" : { "appenders": [ { "type": "console" } ] }
+      }
+    '';
+  webappDir = stdenv.mkDerivation (fetchedGithub ./etherpad-lite.json // rec {
+    __noChroot = true;
+    patches = [ ./libreoffice_patch.diff ];
+    buildPhase = ''
+      export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
+      export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
+      export HOME=$PWD
+      touch src/.ep_initialized
+      cp -v src/static/custom/js.template src/static/custom/index.js
+      cp -v src/static/custom/js.template src/static/custom/pad.js
+      cp -v src/static/custom/js.template src/static/custom/timeslider.js
+      cp -v src/static/custom/css.template src/static/custom/index.css
+      cp -v src/static/custom/css.template src/static/custom/pad.css
+      cp -v src/static/custom/css.template src/static/custom/timeslider.css
+      sed -i 's/var\/dirty.db/\/var\/lib\/etherpad-lite\/dirty.db/g' \
+        settings.json.template
+      mkdir -v node_modules
+      ln -s ../src node_modules/ep_etherpad-lite
+      node bin/doc/generate doc/index.md --format=html \
+        --template=doc/template.html > documentation.html
+      cd src
+      npm install
+      cd ..
+      ${builtins.concatStringsSep "\n"
+        (map (n: "npm install ${n}; touch node_modules/${n}/.ep_initialized") etherpad_modules)}
+      '';
+    installPhase = ''
+      mkdir -p $out
+      install -t $out/src/ -vDm 644 src/.ep_initialized
+      cp -a node_modules $out/
+      cp -a src/* $out/src/
+      ln -sf ${sessionkey} $out/SESSIONKEY.txt
+      ln -sf ${apikey} $out/APIKEY.txt
+      cp ${jquery} $out/src/static/js/jquery.js
+      mkdir $out/doc
+      install -t "$out/doc/" \
+        -vDm 644 {CHANGELOG,CONTRIBUTING,README}.md \
+        -vDm 644 documentation.html
+    '';
+    buildInputs = [ pkgs.nodejs pkgs.python ];
+  });
+in
+  {
+    inherit webappDir config listenPort;
+  }
diff --git a/virtual/modules/websites/tools/ether/libreoffice_patch.diff b/virtual/modules/websites/tools/ether/libreoffice_patch.diff
new file mode 100644
index 0000000..d9e3dfc
--- /dev/null
+++ b/virtual/modules/websites/tools/ether/libreoffice_patch.diff
@@ -0,0 +1,11 @@
+--- a/src/node/utils/LibreOffice.js      2018-06-18 09:54:15.087161212 +0200
+++ b/src/node/utils/LibreOffice.js    2018-06-18 10:33:27.534055021 +0200
+@@ -63,6 +63,7 @@
+         '--invisible',
+         '--nologo',
+         '--nolockcheck',
+        '-env:UserInstallation=file:///tmp/',
+         '--convert-to', task.type,
+         task.srcFile,
+         '--outdir', tmpDir

diff --git a/virtual/modules/websites/default.nix b/virtual/modules/websites/default.nix index 06f51ff..4d5ae23 100644 --- a/virtual/modules/websites/default.nix +++ b/virtual/modules/websites/default.nix
@@ -99,6 +99,7 @@ in
99	./tools/mastodon	99	./tools/mastodon
100	./tools/mediagoblin	100	./tools/mediagoblin
101	./tools/diaspora	101	./tools/diaspora
		102	./tools/ether
102	# built using:	103	# built using:
103	# sed -e "s/services\.httpd/services\.httpdProd/g" .nix-defexpr/channels/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix	104	# sed -e "s/services\.httpd/services\.httpdProd/g" .nix-defexpr/channels/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix
104	# Removed allGranted	105	# Removed allGranted
@@ -179,6 +180,7 @@ in
179	services.myWebsites.tools.mastodon.enable = true;	180	services.myWebsites.tools.mastodon.enable = true;
180	services.myWebsites.tools.mediagoblin.enable = true;	181	services.myWebsites.tools.mediagoblin.enable = true;
181	services.myWebsites.tools.diaspora.enable = true;	182	services.myWebsites.tools.diaspora.enable = true;
		183	services.myWebsites.tools.etherpad-lite.enable = true;
182		184
183	services.myWebsites.Chloe.production.enable = cfg.production.enable;	185	services.myWebsites.Chloe.production.enable = cfg.production.enable;
184	services.myWebsites.Ludivine.production.enable = cfg.production.enable;	186	services.myWebsites.Ludivine.production.enable = cfg.production.enable;


diff --git a/virtual/modules/websites/tools/ether/default.nix b/virtual/modules/websites/tools/ether/default.nix new file mode 100644 index 0000000..5ee3433 --- /dev/null +++ b/virtual/modules/websites/tools/ether/default.nix
@@ -0,0 +1,89 @@
		1	{ lib, pkgs, config, myconfig, mylibs, ... }:
		2	let
		3	etherpad = pkgs.callPackage ./etherpad_lite.nix {
		4	inherit (mylibs) fetchedGithub;
		5	env = myconfig.env.tools.etherpad-lite;
		6	};
		7
		8	cfg = config.services.myWebsites.tools.etherpad-lite;
		9	in {
		10	options.services.myWebsites.tools.etherpad-lite = {
		11	enable = lib.mkEnableOption "enable etherpad's website";
		12	};
		13
		14	config = lib.mkIf cfg.enable {
		15	systemd.services.etherpad-lite = {
		16	description = "Etherpad-lite";
		17	wantedBy = [ "multi-user.target" ];
		18	after = [ "network.target" "postgresql.service" ];
		19	wants = [ "postgresql.service" ];
		20
		21	environment.NODE_ENV = "production";
		22	environment.HOME = etherpad.webappDir;
		23
		24	path = [ pkgs.nodejs ];
		25
		26	script = ''
		27	exec ${pkgs.nodejs}/bin/node ${etherpad.webappDir}/src/node/server.js \
		28	--settings ${etherpad.config}
		29	'';
		30
		31	serviceConfig = {
		32	DynamicUser = true;
		33	User = "etherpad-lite";
		34	Group = "etherpad-lite";
		35	WorkingDirectory = etherpad.webappDir;
		36	PrivateTmp = true;
		37	NoNewPrivileges = true;
		38	PrivateDevices = true;
		39	ProtectHome = true;
		40	ProtectControlGroups = true;
		41	ProtectKernelModules = true;
		42	Restart = "always";
		43	Type = "simple";
		44	TimeoutSec = 60;
		45	};
		46	};
		47
		48	services.myWebsites.tools.modules = [
		49	"headers" "proxy" "proxy_http" "proxy_wstunnel"
		50	];
		51	security.acme.certs."eldiron".extraDomains."ether.immae.eu" = null;
		52	services.myWebsites.tools.vhostConfs.etherpad-lite = {
		53	certName = "eldiron";
		54	hosts = [ "ether.immae.eu" ];
		55	root = null;
		56	extraConfig = [ ''
		57	Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
		58	RequestHeader set X-Forwarded-Proto "https"
		59
		60	RewriteEngine On
		61
		62	RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" myconfig.env.tools.etherpad-lite.redirects}"
		63	RewriteCond %{QUERY_STRING} "!noredirect"
		64	RewriteCond %{REQUEST_URI} "^(.*)$"
		65	RewriteCond ''${redirects:$1\|Unknown} "!Unknown"
		66	RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD]
		67
		68	RewriteCond %{REQUEST_URI} ^/socket.io [NC]
		69	RewriteCond %{QUERY_STRING} transport=websocket [NC]
		70	RewriteRule /(.*) ws://localhost:${etherpad.listenPort}/$1 [P,L]
		71
		72	<IfModule mod_proxy.c>
		73	ProxyVia On
		74	ProxyRequests Off
		75	ProxyPreserveHost On
		76	ProxyPass / http://localhost:${etherpad.listenPort}/
		77	ProxyPassReverse / http://localhost:${etherpad.listenPort}/
		78	ProxyPass /socket.io ws://localhost:${etherpad.listenPort}/socket.io
		79	ProxyPassReverse /socket.io ws://localhost:${etherpad.listenPort}/socket.io
		80	<Proxy *>
		81	Options FollowSymLinks MultiViews
		82	AllowOverride None
		83	Require all granted
		84	</Proxy>
		85	</IfModule>
		86	'' ];
		87	};
		88	};
		89	}


diff --git a/virtual/modules/websites/tools/ether/etherpad-lite.json b/virtual/modules/websites/tools/ether/etherpad-lite.json new file mode 100644 index 0000000..81369c4 --- /dev/null +++ b/virtual/modules/websites/tools/ether/etherpad-lite.json
@@ -0,0 +1,15 @@
		1	{
		2	"tag": "1.7.0",
		3	"meta": {
		4	"name": "etherpad-lite",
		5	"url": "https://github.com/ether/etherpad-lite",
		6	"branch": "refs/tags/1.7.0"
		7	},
		8	"github": {
		9	"owner": "ether",
		10	"repo": "etherpad-lite",
		11	"rev": "96ac381afb9ea731dad48968f15d77dc6488bd0d",
		12	"sha256": "03k6bwlm9ch9kssy9jipfg8ij7rpbzd89xq4mvg4grg1q6ivnzk9",
		13	"fetchSubmodules": true
		14	}
		15	}


diff --git a/virtual/modules/websites/tools/ether/etherpad_lite.nix b/virtual/modules/websites/tools/ether/etherpad_lite.nix new file mode 100644 index 0000000..f5f05b7 --- /dev/null +++ b/virtual/modules/websites/tools/ether/etherpad_lite.nix
@@ -0,0 +1,183 @@
		1	{ env, fetchedGithub, fetchurl, stdenv, writeText, pkgs, cacert }:
		2	let
		3	listenPort = "18001";
		4	sessionkey = writeText "SESSIONKEY.txt" env.session_key;
		5	apikey = writeText "APIKEY.txt" env.api_key;
		6	jquery = fetchurl {
		7	url = https://code.jquery.com/jquery-1.9.1.js;
		8	sha256 = "0h4dk67yc9d0kadqxb6b33585f3x3559p6qmp70l00qwq030vn3v";
		9	};
		10	etherpad_modules = [
		11	"ep_aa_file_menu_toolbar"
		12	"ep_adminpads"
		13	"ep_align"
		14	"ep_bookmark"
		15	"ep_clear_formatting"
		16	"ep_colors"
		17	"ep_copy_paste_select_all"
		18	"ep_cursortrace"
		19	"ep_embedmedia"
		20	"ep_font_family"
		21	"ep_font_size"
		22	"ep_headings2"
		23	"ep_ldapauth"
		24	"ep_line_height"
		25	"ep_markdown"
		26	"ep_previewimages"
		27	"ep_ruler"
		28	"ep_scrollto"
		29	"ep_set_title_on_pad"
		30	"ep_subscript_and_superscript"
		31	"ep_timesliderdiff"
		32	];
		33	config =
		34	# Make sure we’re not rebuilding whole libreoffice just because of a
		35	# dependency
		36	let libreoffice = (import <nixpkgs> {}).libreoffice-fresh;
		37	in
		38	writeText "settings.json" ''
		39	{
		40	"title": "Etherpad",
		41	"favicon": "favicon.ico",
		42
		43	"ip": "127.0.0.1",
		44	"port" : ${listenPort},
		45	"showSettingsInAdminPage" : false,
		46	"dbType" : "postgres",
		47	"dbSettings" : {
		48	"user" : "${env.postgresql.user}",
		49	"host" : "${env.postgresql.socket}",
		50	"password": "${env.postgresql.password}",
		51	"database": "${env.postgresql.database}",
		52	"charset" : "utf8mb4"
		53	},
		54
		55	"defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
		56	"padOptions": {
		57	"noColors": false,
		58	"showControls": true,
		59	"showChat": true,
		60	"showLineNumbers": true,
		61	"useMonospaceFont": false,
		62	"userName": false,
		63	"userColor": false,
		64	"rtl": false,
		65	"alwaysShowChat": false,
		66	"chatAndUsers": false,
		67	"lang": "en-gb"
		68	},
		69
		70	"suppressErrorsInPadText" : false,
		71	"requireSession" : false,
		72	"editOnly" : false,
		73	"sessionNoPassword" : false,
		74	"minify" : true,
		75	"maxAge" : 21600,
		76	"abiword" : null,
		77	"soffice" : "${libreoffice}/bin/soffice",
		78	"tidyHtml" : "${pkgs.html-tidy}/bin/tidy",
		79	"allowUnknownFileEnds" : true,
		80	"requireAuthentication" : false,
		81	"requireAuthorization" : false,
		82	"trustProxy" : false,
		83	"disableIPlogging" : false,
		84	"automaticReconnectionTimeout" : 0,
		85	"scrollWhenFocusLineIsOutOfViewport": {
		86	"percentage": {
		87	"editionAboveViewport": 0,
		88	"editionBelowViewport": 0
		89	},
		90	"duration": 0,
		91	"scrollWhenCaretIsInTheLastLineOfViewport": false,
		92	"percentageToScrollWhenUserPressesArrowUp": 0
		93	},
		94	"users": {
		95	"ldapauth": {
		96	"url": "ldaps://${env.ldap.host}",
		97	"accountBase": "${env.ldap.base}",
		98	"accountPattern": "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))",
		99	"displayNameAttribute": "cn",
		100	"searchDN": "cn=etherpad,ou=services,dc=immae,dc=eu",
		101	"searchPWD": "${env.ldap.password}",
		102	"groupSearchBase": "${env.ldap.base}",
		103	"groupAttribute": "member",
		104	"groupAttributeIsDN": true,
		105	"searchScope": "sub",
		106	"groupSearch": "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)",
		107	"anonymousReadonly": false
		108	}
		109	},
		110	"socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
		111	"loadTest": false,
		112	"indentationOnNewLine": false,
		113	"toolbar": {
		114	"left": [
		115	["bold", "italic", "underline", "strikethrough"],
		116	["orderedlist", "unorderedlist", "indent", "outdent"],
		117	["undo", "redo"],
		118	["clearauthorship"]
		119	],
		120	"right": [
		121	["importexport", "timeslider", "savedrevision"],
		122	["settings", "embed"],
		123	["showusers"]
		124	],
		125	"timeslider": [
		126	["timeslider_export", "timeslider_returnToPad"]
		127	]
		128	},
		129	"loglevel": "INFO",
		130	"logconfig" : { "appenders": [ { "type": "console" } ] }
		131	}
		132	'';
		133	webappDir = stdenv.mkDerivation (fetchedGithub ./etherpad-lite.json // rec {
		134	__noChroot = true;
		135	patches = [ ./libreoffice_patch.diff ];
		136	buildPhase = ''
		137	export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
		138	export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
		139	export HOME=$PWD
		140
		141	touch src/.ep_initialized
		142	cp -v src/static/custom/js.template src/static/custom/index.js
		143	cp -v src/static/custom/js.template src/static/custom/pad.js
		144	cp -v src/static/custom/js.template src/static/custom/timeslider.js
		145	cp -v src/static/custom/css.template src/static/custom/index.css
		146	cp -v src/static/custom/css.template src/static/custom/pad.css
		147	cp -v src/static/custom/css.template src/static/custom/timeslider.css
		148
		149	sed -i 's/var\/dirty.db/\/var\/lib\/etherpad-lite\/dirty.db/g' \
		150	settings.json.template
		151
		152	mkdir -v node_modules
		153	ln -s ../src node_modules/ep_etherpad-lite
		154
		155	node bin/doc/generate doc/index.md --format=html \
		156	--template=doc/template.html > documentation.html
		157
		158	cd src
		159	npm install
		160	cd ..
		161	${builtins.concatStringsSep "\n"
		162	(map (n: "npm install ${n}; touch node_modules/${n}/.ep_initialized") etherpad_modules)}
		163	'';
		164	installPhase = ''
		165	mkdir -p $out
		166	install -t $out/src/ -vDm 644 src/.ep_initialized
		167	cp -a node_modules $out/
		168	cp -a src/* $out/src/
		169	ln -sf ${sessionkey} $out/SESSIONKEY.txt
		170	ln -sf ${apikey} $out/APIKEY.txt
		171	cp ${jquery} $out/src/static/js/jquery.js
		172
		173	mkdir $out/doc
		174	install -t "$out/doc/" \
		175	-vDm 644 {CHANGELOG,CONTRIBUTING,README}.md \
		176	-vDm 644 documentation.html
		177	'';
		178	buildInputs = [ pkgs.nodejs pkgs.python ];
		179	});
		180	in
		181	{
		182	inherit webappDir config listenPort;
		183	}


diff --git a/virtual/modules/websites/tools/ether/libreoffice_patch.diff b/virtual/modules/websites/tools/ether/libreoffice_patch.diff new file mode 100644 index 0000000..d9e3dfc --- /dev/null +++ b/virtual/modules/websites/tools/ether/libreoffice_patch.diff
@@ -0,0 +1,11 @@
		1	--- a/src/node/utils/LibreOffice.js 2018-06-18 09:54:15.087161212 +0200
		2	+++ b/src/node/utils/LibreOffice.js 2018-06-18 10:33:27.534055021 +0200
		3	@@ -63,6 +63,7 @@
		4	'--invisible',
		5	'--nologo',
		6	'--nolockcheck',
		7	+ '-env:UserInstallation=file:///tmp/',
		8	'--convert-to', task.type,
		9	task.srcFile,
		10	'--outdir', tmpDir
		11