From 4288c2f2431fb782b0d512b1b3749187f2374b6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Wed, 22 May 2019 20:01:33 +0200 Subject: Move websites/tools to modules --- modules/private/websites/tools/ether/default.nix | 175 +++++++++++++++++++++++ 1 file changed, 175 insertions(+) create mode 100644 modules/private/websites/tools/ether/default.nix (limited to 'modules/private/websites/tools/ether') diff --git a/modules/private/websites/tools/ether/default.nix b/modules/private/websites/tools/ether/default.nix new file mode 100644 index 0000000..ebcbf61 --- /dev/null +++ b/modules/private/websites/tools/ether/default.nix @@ -0,0 +1,175 @@ +{ lib, pkgs, config, myconfig, ... }: +let + env = myconfig.env.tools.etherpad-lite; + cfg = config.myServices.websites.tools.etherpad-lite; + # Make sure we’re not rebuilding whole libreoffice just because of a + # dependency + libreoffice = (import { overlays = []; }).libreoffice-fresh; + ecfg = config.services.etherpad-lite; +in { + options.myServices.websites.tools.etherpad-lite = { + enable = lib.mkEnableOption "enable etherpad's website"; + }; + + config = lib.mkIf cfg.enable { + secrets.keys = [ + { + dest = "webapps/tools-etherpad-apikey"; + permissions = "0400"; + text = env.api_key; + } + { + dest = "webapps/tools-etherpad-sessionkey"; + permissions = "0400"; + text = env.session_key; + } + { + dest = "webapps/tools-etherpad"; + permissions = "0400"; + text = '' + { + "title": "Etherpad", + "favicon": "favicon.ico", + + "ip": "", + "port" : "${ecfg.sockets.node}", + "showSettingsInAdminPage" : false, + "dbType" : "postgres", + "dbSettings" : { + "user" : "${env.postgresql.user}", + "host" : "${env.postgresql.socket}", + "password": "${env.postgresql.password}", + "database": "${env.postgresql.database}", + "charset" : "utf8mb4" + }, + + "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n", + "padOptions": { + "noColors": false, + "showControls": true, + "showChat": true, + "showLineNumbers": true, + "useMonospaceFont": false, + "userName": false, + "userColor": false, + "rtl": false, + "alwaysShowChat": false, + "chatAndUsers": false, + "lang": "en-gb" + }, + + "suppressErrorsInPadText" : false, + "requireSession" : false, + "editOnly" : false, + "sessionNoPassword" : false, + "minify" : true, + "maxAge" : 21600, + "abiword" : null, + "soffice" : "${libreoffice}/bin/soffice", + "tidyHtml" : "${pkgs.html-tidy}/bin/tidy", + "allowUnknownFileEnds" : true, + "requireAuthentication" : false, + "requireAuthorization" : false, + "trustProxy" : false, + "disableIPlogging" : false, + "automaticReconnectionTimeout" : 0, + "scrollWhenFocusLineIsOutOfViewport": { + "percentage": { + "editionAboveViewport": 0, + "editionBelowViewport": 0 + }, + "duration": 0, + "scrollWhenCaretIsInTheLastLineOfViewport": false, + "percentageToScrollWhenUserPressesArrowUp": 0 + }, + "users": { + "ldapauth": { + "url": "ldaps://${env.ldap.host}", + "accountBase": "${env.ldap.base}", + "accountPattern": "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))", + "displayNameAttribute": "cn", + "searchDN": "cn=etherpad,ou=services,dc=immae,dc=eu", + "searchPWD": "${env.ldap.password}", + "groupSearchBase": "${env.ldap.base}", + "groupAttribute": "member", + "groupAttributeIsDN": true, + "searchScope": "sub", + "groupSearch": "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)", + "anonymousReadonly": false + } + }, + "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"], + "loadTest": false, + "indentationOnNewLine": false, + "toolbar": { + "left": [ + ["bold", "italic", "underline", "strikethrough"], + ["orderedlist", "unorderedlist", "indent", "outdent"], + ["undo", "redo"], + ["clearauthorship"] + ], + "right": [ + ["importexport", "timeslider", "savedrevision"], + ["settings", "embed"], + ["showusers"] + ], + "timeslider": [ + ["timeslider_export", "timeslider_returnToPad"] + ] + }, + "loglevel": "INFO", + "logconfig" : { "appenders": [ { "type": "console" } ] } + } + ''; + } + ]; + services.etherpad-lite = { + enable = true; + modules = builtins.attrValues pkgs.webapps.etherpad-lite-modules; + sessionKeyFile = "/var/secrets/webapps/tools-etherpad-sessionkey"; + apiKeyFile = "/var/secrets/webapps/tools-etherpad-apikey"; + configFile = "/var/secrets/webapps/tools-etherpad"; + }; + + systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys"; + + services.websites.tools.modules = [ + "headers" "proxy" "proxy_http" "proxy_wstunnel" + ]; + services.websites.tools.vhostConfs.etherpad-lite = { + certName = "eldiron"; + addToCerts = true; + hosts = [ "ether.immae.eu" ]; + root = null; + extraConfig = [ '' + Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;" + RequestHeader set X-Forwarded-Proto "https" + + RewriteEngine On + + RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" myconfig.env.tools.etherpad-lite.redirects}" + RewriteCond %{QUERY_STRING} "!noredirect" + RewriteCond %{REQUEST_URI} "^(.*)$" + RewriteCond ''${redirects:$1|Unknown} "!Unknown" + RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD] + + RewriteCond %{REQUEST_URI} ^/socket.io [NC] + RewriteCond %{QUERY_STRING} transport=websocket [NC] + RewriteRule /(.*) unix://${ecfg.sockets.node}|ws://ether.immae.eu/$1 [P,NE,QSA,L] + + + ProxyVia On + ProxyRequests Off + ProxyPreserveHost On + ProxyPass / unix://${ecfg.sockets.node}|http://ether.immae.eu/ + ProxyPassReverse / unix://${ecfg.sockets.node}|http://ether.immae.eu/ + + Options FollowSymLinks MultiViews + AllowOverride None + Require all granted + + + '' ]; + }; + }; +} -- cgit v1.2.3