server-configs/machines/gerd/services/hedgedoc.nix

{ config, ... }:

let
  domain = "hedgedoc.fricloud.dk";
  stateDir = config.mine.zfsMounts."rpool/safe/svcs/hedgedoc";
in {
  services.hedgedoc = {
    enable = true;
    settings = {
      # only change default port, because 3000 is used by other service
      port = 6864;
      domain = domain;
      protocolUseSSL = true;
      debug = true;
      uploadsPath = stateDir + "/uploads";
      db.dialect = "sqlite";
      db.storage = stateDir + "/db.sqlite";

      # disable annonymous notes, but allow annonymous edits
      allowAnonymous = false;
      allowAnonymousEdits = true;
      defaultPermission = "private"; # only owner can view and edit

      # disable email login and register
      email = false;
      allowEmailRegister = false;

      # setup ldap
      # https://github.com/lldap/lldap/blob/main/example_configs/hedgedoc.md
      ldap = {
        url = config.mine.settings.ldap.url;
        bindDn = config.mine.settings.ldap.bind_dn;
        searchBase = config.mine.settings.ldap.search_base;
        searchFilter = "(&${config.mine.settings.ldap.user_filter}(|(${config.mine.settings.ldap.attr.uid}={{username}})(${config.mine.settings.ldap.attr.email}={{username}})))";
        useridField = config.mine.settings.ldap.attr.uid;
      };
    };
  };

  # add state directory to ReadWritePaths
  systemd.services.hedgedoc.serviceConfig.ReadWritePaths = [ stateDir ];
  systemd.services.hedgedoc.serviceConfig.EnvironmentFile = config.age.secrets.lldap-bind-user-pass-hedgedoc-env.path;

  services.nginx.virtualHosts."${domain}" = {
    forceSSL = true;
    enableACME = true;
    locations."/".proxyPass = "http://localhost:${builtins.toString config.services.hedgedoc.settings.port}";
  };
}
gerd.hedgedoc: added hedgedoc with ldap support 2024-08-11 11:39:24 +00:00			`{ config, ... }:`

			`let`
			`domain = "hedgedoc.fricloud.dk";`
			`stateDir = config.mine.zfsMounts."rpool/safe/svcs/hedgedoc";`
			`in {`
			`services.hedgedoc = {`
			`enable = true;`
			`settings = {`
			`# only change default port, because 3000 is used by other service`
			`port = 6864;`
			`domain = domain;`
			`protocolUseSSL = true;`
			`debug = true;`
			`uploadsPath = stateDir + "/uploads";`
			`db.dialect = "sqlite";`
			`db.storage = stateDir + "/db.sqlite";`

			`# disable annonymous notes, but allow annonymous edits`
			`allowAnonymous = false;`
			`allowAnonymousEdits = true;`
			`defaultPermission = "private"; # only owner can view and edit`

			`# disable email login and register`
			`email = false;`
			`allowEmailRegister = false;`

			`# setup ldap`
			`# https://github.com/lldap/lldap/blob/main/example_configs/hedgedoc.md`
			`ldap = {`
gerd.lldap: utilise settings module for LDAP 2024-08-11 12:21:45 +00:00			`url = config.mine.settings.ldap.url;`
			`bindDn = config.mine.settings.ldap.bind_dn;`
			`searchBase = config.mine.settings.ldap.search_base;`
			`searchFilter = "(&${config.mine.settings.ldap.user_filter}(\|(${config.mine.settings.ldap.attr.uid}={{username}})(${config.mine.settings.ldap.attr.email}={{username}})))";`
			`useridField = config.mine.settings.ldap.attr.uid;`
gerd.hedgedoc: added hedgedoc with ldap support 2024-08-11 11:39:24 +00:00			`};`
			`};`
			`};`

			`# add state directory to ReadWritePaths`
			`systemd.services.hedgedoc.serviceConfig.ReadWritePaths = [ stateDir ];`
			`systemd.services.hedgedoc.serviceConfig.EnvironmentFile = config.age.secrets.lldap-bind-user-pass-hedgedoc-env.path;`

			`services.nginx.virtualHosts."${domain}" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations."/".proxyPass = "http://localhost:${builtins.toString config.services.hedgedoc.settings.port}";`
			`};`
			`}`