From bf3b7671904b8a8bf4da4eba30564140387499f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Thu, 9 May 2019 10:17:59 +0200 Subject: Cleanup etherpad-lite module --- nixops/modules/websites/default.nix | 2 +- nixops/modules/websites/tools/ether.nix | 209 +++++++++++++++++++++ nixops/modules/websites/tools/ether/default.nix | 98 ---------- .../modules/websites/tools/ether/etherpad_lite.nix | 126 ------------- 4 files changed, 210 insertions(+), 225 deletions(-) create mode 100644 nixops/modules/websites/tools/ether.nix delete mode 100644 nixops/modules/websites/tools/ether/default.nix delete mode 100644 nixops/modules/websites/tools/ether/etherpad_lite.nix (limited to 'nixops') diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix index 06face1..e40c8f4 100644 --- a/nixops/modules/websites/default.nix +++ b/nixops/modules/websites/default.nix @@ -129,7 +129,7 @@ in ./tools/mastodon.nix ./tools/mediagoblin.nix ./tools/diaspora.nix - ./tools/ether + ./tools/ether.nix ./tools/peertube # built using: # sed -e "s/services\.httpd/services\.httpdProd/g" .nix-defexpr/channels/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix diff --git a/nixops/modules/websites/tools/ether.nix b/nixops/modules/websites/tools/ether.nix new file mode 100644 index 0000000..1c952af --- /dev/null +++ b/nixops/modules/websites/tools/ether.nix @@ -0,0 +1,209 @@ +{ lib, pkgs, config, myconfig, mylibs, ... }: +let + etherpad = pkgs.webapps.etherpad-lite.withModules + (builtins.attrValues pkgs.webapps.etherpad-lite-modules); + env = myconfig.env.tools.etherpad-lite; + varDir = etherpad.varDir; + cfg = config.services.myWebsites.tools.etherpad-lite; + # Make sure we’re not rebuilding whole libreoffice just because of a + # dependency + libreoffice = (import { overlays = []; }).libreoffice-fresh; +in { + options.services.myWebsites.tools.etherpad-lite = { + enable = lib.mkEnableOption "enable etherpad's website"; + }; + + config = lib.mkIf cfg.enable { + mySecrets.keys = [ + { + dest = "webapps/tools-etherpad-apikey"; + permissions = "0400"; + text = env.api_key; + } + { + dest = "webapps/tools-etherpad-sessionkey"; + permissions = "0400"; + text = env.session_key; + } + { + dest = "webapps/tools-etherpad"; + permissions = "0400"; + text = '' + { + "title": "Etherpad", + "favicon": "favicon.ico", + + "ip": "127.0.0.1", + "port" : ${env.listenPort}, + "showSettingsInAdminPage" : false, + "dbType" : "postgres", + "dbSettings" : { + "user" : "${env.postgresql.user}", + "host" : "${env.postgresql.socket}", + "password": "${env.postgresql.password}", + "database": "${env.postgresql.database}", + "charset" : "utf8mb4" + }, + + "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n", + "padOptions": { + "noColors": false, + "showControls": true, + "showChat": true, + "showLineNumbers": true, + "useMonospaceFont": false, + "userName": false, + "userColor": false, + "rtl": false, + "alwaysShowChat": false, + "chatAndUsers": false, + "lang": "en-gb" + }, + + "suppressErrorsInPadText" : false, + "requireSession" : false, + "editOnly" : false, + "sessionNoPassword" : false, + "minify" : true, + "maxAge" : 21600, + "abiword" : null, + "soffice" : "${libreoffice}/bin/soffice", + "tidyHtml" : "${pkgs.html-tidy}/bin/tidy", + "allowUnknownFileEnds" : true, + "requireAuthentication" : false, + "requireAuthorization" : false, + "trustProxy" : false, + "disableIPlogging" : false, + "automaticReconnectionTimeout" : 0, + "scrollWhenFocusLineIsOutOfViewport": { + "percentage": { + "editionAboveViewport": 0, + "editionBelowViewport": 0 + }, + "duration": 0, + "scrollWhenCaretIsInTheLastLineOfViewport": false, + "percentageToScrollWhenUserPressesArrowUp": 0 + }, + "users": { + "ldapauth": { + "url": "ldaps://${env.ldap.host}", + "accountBase": "${env.ldap.base}", + "accountPattern": "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))", + "displayNameAttribute": "cn", + "searchDN": "cn=etherpad,ou=services,dc=immae,dc=eu", + "searchPWD": "${env.ldap.password}", + "groupSearchBase": "${env.ldap.base}", + "groupAttribute": "member", + "groupAttributeIsDN": true, + "searchScope": "sub", + "groupSearch": "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)", + "anonymousReadonly": false + } + }, + "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"], + "loadTest": false, + "indentationOnNewLine": false, + "toolbar": { + "left": [ + ["bold", "italic", "underline", "strikethrough"], + ["orderedlist", "unorderedlist", "indent", "outdent"], + ["undo", "redo"], + ["clearauthorship"] + ], + "right": [ + ["importexport", "timeslider", "savedrevision"], + ["settings", "embed"], + ["showusers"] + ], + "timeslider": [ + ["timeslider_export", "timeslider_returnToPad"] + ] + }, + "loglevel": "INFO", + "logconfig" : { "appenders": [ { "type": "console" } ] } + } + ''; + } + ]; + systemd.services.etherpad-lite = { + description = "Etherpad-lite"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "postgresql.service" ]; + wants = [ "postgresql.service" ]; + + environment.NODE_ENV = "production"; + environment.HOME = etherpad; + + path = [ pkgs.nodejs ]; + + script = '' + exec ${pkgs.nodejs}/bin/node ${etherpad}/src/node/server.js \ + --sessionkey /var/secrets/webapps/tools-etherpad-sessionkey \ + --apikey /var/secrets/webapps/tools-etherpad-apikey \ + --settings /var/secrets/webapps/tools-etherpad + ''; + + serviceConfig = { + DynamicUser = true; + User = "etherpad-lite"; + Group = "etherpad-lite"; + SupplementaryGroups = "keys"; + WorkingDirectory = etherpad; + PrivateTmp = true; + NoNewPrivileges = true; + PrivateDevices = true; + ProtectHome = true; + ProtectControlGroups = true; + ProtectKernelModules = true; + Restart = "always"; + Type = "simple"; + TimeoutSec = 60; + # Use ReadWritePaths= instead if varDir is outside of /var/lib + StateDirectory="etherpad-lite"; + ExecStartPre = [ + "+${pkgs.coreutils}/bin/install -d -m 0755 -o etherpad-lite -g etherpad-lite ${varDir}/ep_initialized" + "+${pkgs.coreutils}/bin/chown -R etherpad-lite:etherpad-lite ${varDir} /var/secrets/webapps/tools-etherpad /var/secrets/webapps/tools-etherpad-sessionkey /var/secrets/webapps/tools-etherpad-apikey" + ]; + }; + }; + + services.myWebsites.tools.modules = [ + "headers" "proxy" "proxy_http" "proxy_wstunnel" + ]; + security.acme.certs."eldiron".extraDomains."ether.immae.eu" = null; + services.myWebsites.tools.vhostConfs.etherpad-lite = { + certName = "eldiron"; + hosts = [ "ether.immae.eu" ]; + root = null; + extraConfig = [ '' + Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;" + RequestHeader set X-Forwarded-Proto "https" + + RewriteEngine On + + RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" myconfig.env.tools.etherpad-lite.redirects}" + RewriteCond %{QUERY_STRING} "!noredirect" + RewriteCond %{REQUEST_URI} "^(.*)$" + RewriteCond ''${redirects:$1|Unknown} "!Unknown" + RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD] + + RewriteCond %{REQUEST_URI} ^/socket.io [NC] + RewriteCond %{QUERY_STRING} transport=websocket [NC] + RewriteRule /(.*) ws://localhost:${env.listenPort}/$1 [P,L] + + + ProxyVia On + ProxyRequests Off + ProxyPreserveHost On + ProxyPass / http://localhost:${env.listenPort}/ + ProxyPassReverse / http://localhost:${env.listenPort}/ + + Options FollowSymLinks MultiViews + AllowOverride None + Require all granted + + + '' ]; + }; + }; +} diff --git a/nixops/modules/websites/tools/ether/default.nix b/nixops/modules/websites/tools/ether/default.nix deleted file mode 100644 index c4685a4..0000000 --- a/nixops/modules/websites/tools/ether/default.nix +++ /dev/null @@ -1,98 +0,0 @@ -{ lib, pkgs, config, myconfig, mylibs, ... }: -let - etherpad = pkgs.callPackage ./etherpad_lite.nix { - inherit (pkgs.webapps) etherpad-lite etherpad-lite-modules; - env = myconfig.env.tools.etherpad-lite; - }; - - varDir = etherpad.webappDir.varDir; - cfg = config.services.myWebsites.tools.etherpad-lite; -in { - options.services.myWebsites.tools.etherpad-lite = { - enable = lib.mkEnableOption "enable etherpad's website"; - }; - - config = lib.mkIf cfg.enable { - mySecrets.keys = etherpad.keys; - systemd.services.etherpad-lite = { - description = "Etherpad-lite"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "postgresql.service" ]; - wants = [ "postgresql.service" ]; - - environment.NODE_ENV = "production"; - environment.HOME = etherpad.webappDir; - - path = [ pkgs.nodejs ]; - - script = '' - exec ${pkgs.nodejs}/bin/node ${etherpad.webappDir}/src/node/server.js \ - --sessionkey /var/secrets/webapps/tools-etherpad-sessionkey \ - --apikey /var/secrets/webapps/tools-etherpad-apikey \ - --settings /var/secrets/webapps/tools-etherpad - ''; - - serviceConfig = { - DynamicUser = true; - User = "etherpad-lite"; - Group = "etherpad-lite"; - SupplementaryGroups = "keys"; - WorkingDirectory = etherpad.webappDir; - PrivateTmp = true; - NoNewPrivileges = true; - PrivateDevices = true; - ProtectHome = true; - ProtectControlGroups = true; - ProtectKernelModules = true; - Restart = "always"; - Type = "simple"; - TimeoutSec = 60; - # Use ReadWritePaths= instead if varDir is outside of /var/lib - StateDirectory="etherpad-lite"; - ExecStartPre = [ - "+${pkgs.coreutils}/bin/install -d -m 0755 -o etherpad-lite -g etherpad-lite ${varDir}/ep_initialized" - "+${pkgs.coreutils}/bin/chown -R etherpad-lite:etherpad-lite ${varDir} /var/secrets/webapps/tools-etherpad /var/secrets/webapps/tools-etherpad-sessionkey /var/secrets/webapps/tools-etherpad-apikey" - ]; - }; - }; - - services.myWebsites.tools.modules = [ - "headers" "proxy" "proxy_http" "proxy_wstunnel" - ]; - security.acme.certs."eldiron".extraDomains."ether.immae.eu" = null; - services.myWebsites.tools.vhostConfs.etherpad-lite = { - certName = "eldiron"; - hosts = [ "ether.immae.eu" ]; - root = null; - extraConfig = [ '' - Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;" - RequestHeader set X-Forwarded-Proto "https" - - RewriteEngine On - - RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" myconfig.env.tools.etherpad-lite.redirects}" - RewriteCond %{QUERY_STRING} "!noredirect" - RewriteCond %{REQUEST_URI} "^(.*)$" - RewriteCond ''${redirects:$1|Unknown} "!Unknown" - RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD] - - RewriteCond %{REQUEST_URI} ^/socket.io [NC] - RewriteCond %{QUERY_STRING} transport=websocket [NC] - RewriteRule /(.*) ws://localhost:${etherpad.listenPort}/$1 [P,L] - - - ProxyVia On - ProxyRequests Off - ProxyPreserveHost On - ProxyPass / http://localhost:${etherpad.listenPort}/ - ProxyPassReverse / http://localhost:${etherpad.listenPort}/ - - Options FollowSymLinks MultiViews - AllowOverride None - Require all granted - - - '' ]; - }; - }; -} diff --git a/nixops/modules/websites/tools/ether/etherpad_lite.nix b/nixops/modules/websites/tools/ether/etherpad_lite.nix deleted file mode 100644 index c6f3704..0000000 --- a/nixops/modules/websites/tools/ether/etherpad_lite.nix +++ /dev/null @@ -1,126 +0,0 @@ -{ env, etherpad-lite, etherpad-lite-modules, writeText, pkgs }: -let - listenPort = env.listenPort; - sessionkey = writeText "SESSIONKEY.txt" env.session_key; - apikey = writeText "APIKEY.txt" env.api_key; - keys = [ - { - dest = "webapps/tools-etherpad-apikey"; - permissions = "0400"; - text = env.api_key; - } - { - dest = "webapps/tools-etherpad-sessionkey"; - permissions = "0400"; - text = env.session_key; - } - { - dest = "webapps/tools-etherpad"; - permissions = "0400"; - text = - # Make sure we’re not rebuilding whole libreoffice just because of a - # dependency - let libreoffice = (import { overlays = []; }).libreoffice-fresh; - in - '' - { - "title": "Etherpad", - "favicon": "favicon.ico", - - "ip": "127.0.0.1", - "port" : ${env.listenPort}, - "showSettingsInAdminPage" : false, - "dbType" : "postgres", - "dbSettings" : { - "user" : "${env.postgresql.user}", - "host" : "${env.postgresql.socket}", - "password": "${env.postgresql.password}", - "database": "${env.postgresql.database}", - "charset" : "utf8mb4" - }, - - "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n", - "padOptions": { - "noColors": false, - "showControls": true, - "showChat": true, - "showLineNumbers": true, - "useMonospaceFont": false, - "userName": false, - "userColor": false, - "rtl": false, - "alwaysShowChat": false, - "chatAndUsers": false, - "lang": "en-gb" - }, - - "suppressErrorsInPadText" : false, - "requireSession" : false, - "editOnly" : false, - "sessionNoPassword" : false, - "minify" : true, - "maxAge" : 21600, - "abiword" : null, - "soffice" : "${libreoffice}/bin/soffice", - "tidyHtml" : "${pkgs.html-tidy}/bin/tidy", - "allowUnknownFileEnds" : true, - "requireAuthentication" : false, - "requireAuthorization" : false, - "trustProxy" : false, - "disableIPlogging" : false, - "automaticReconnectionTimeout" : 0, - "scrollWhenFocusLineIsOutOfViewport": { - "percentage": { - "editionAboveViewport": 0, - "editionBelowViewport": 0 - }, - "duration": 0, - "scrollWhenCaretIsInTheLastLineOfViewport": false, - "percentageToScrollWhenUserPressesArrowUp": 0 - }, - "users": { - "ldapauth": { - "url": "ldaps://${env.ldap.host}", - "accountBase": "${env.ldap.base}", - "accountPattern": "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))", - "displayNameAttribute": "cn", - "searchDN": "cn=etherpad,ou=services,dc=immae,dc=eu", - "searchPWD": "${env.ldap.password}", - "groupSearchBase": "${env.ldap.base}", - "groupAttribute": "member", - "groupAttributeIsDN": true, - "searchScope": "sub", - "groupSearch": "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)", - "anonymousReadonly": false - } - }, - "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"], - "loadTest": false, - "indentationOnNewLine": false, - "toolbar": { - "left": [ - ["bold", "italic", "underline", "strikethrough"], - ["orderedlist", "unorderedlist", "indent", "outdent"], - ["undo", "redo"], - ["clearauthorship"] - ], - "right": [ - ["importexport", "timeslider", "savedrevision"], - ["settings", "embed"], - ["showusers"] - ], - "timeslider": [ - ["timeslider_export", "timeslider_returnToPad"] - ] - }, - "loglevel": "INFO", - "logconfig" : { "appenders": [ { "type": "console" } ] } - } - ''; - } - ]; - webappDir = etherpad-lite.withModules (builtins.attrValues etherpad-lite-modules); -in - { - inherit webappDir keys listenPort; - } -- cgit v1.2.3