server-configs/machines/gerd/services/hedgedoc.nix

{ config, ... }:

let
  domain = "hedgedoc.fricloud.dk";
  stateDir = config.mine.zfsMounts."rpool/safe/svcs/hedgedoc";
in {
  services.hedgedoc = {
    enable = true;
    settings = {
      # only change default port, because 3000 is used by other service
      port = 6864;
      domain = domain;
      protocolUseSSL = true;
      debug = true;
      uploadsPath = stateDir + "/uploads";
      db.dialect = "sqlite";
      db.storage = stateDir + "/db.sqlite";

      # disable annonymous notes, but allow annonymous edits
      allowAnonymous = false;
      allowAnonymousEdits = true;
      defaultPermission = "private"; # only owner can view and edit

      # disable email login and register
      email = false;
      allowEmailRegister = false;

      # setup ldap
      # https://github.com/lldap/lldap/blob/main/example_configs/hedgedoc.md
      ldap = {
        url = "ldap://localhost:3890";
        bindDn = "uid=bind_user,ou=people,dc=fricloud,dc=dk";
        searchBase = "ou=people,dc=fricloud,dc=dk";
        searchFilter = "(&(memberOf=cn=base_member,ou=groups,dc=fricloud,dc=dk)(uid={{username}}))";
        useridField = "uid";
      };
    };
  };

  # add state directory to ReadWritePaths
  systemd.services.hedgedoc.serviceConfig.ReadWritePaths = [ stateDir ];
  systemd.services.hedgedoc.serviceConfig.EnvironmentFile = config.age.secrets.lldap-bind-user-pass-hedgedoc-env.path;

  services.nginx.virtualHosts."${domain}" = {
    forceSSL = true;
    enableACME = true;
    locations."/".proxyPass = "http://localhost:${builtins.toString config.services.hedgedoc.settings.port}";
  };
}
gerd.hedgedoc: added hedgedoc with ldap support 2024-08-11 11:39:24 +00:00			`{ config, ... }:`

			`let`
			`domain = "hedgedoc.fricloud.dk";`
			`stateDir = config.mine.zfsMounts."rpool/safe/svcs/hedgedoc";`
			`in {`
			`services.hedgedoc = {`
			`enable = true;`
			`settings = {`
			`# only change default port, because 3000 is used by other service`
			`port = 6864;`
			`domain = domain;`
			`protocolUseSSL = true;`
			`debug = true;`
			`uploadsPath = stateDir + "/uploads";`
			`db.dialect = "sqlite";`
			`db.storage = stateDir + "/db.sqlite";`

			`# disable annonymous notes, but allow annonymous edits`
			`allowAnonymous = false;`
			`allowAnonymousEdits = true;`
			`defaultPermission = "private"; # only owner can view and edit`

			`# disable email login and register`
			`email = false;`
			`allowEmailRegister = false;`

			`# setup ldap`
			`# https://github.com/lldap/lldap/blob/main/example_configs/hedgedoc.md`
			`ldap = {`
			`url = "ldap://localhost:3890";`
			`bindDn = "uid=bind_user,ou=people,dc=fricloud,dc=dk";`
			`searchBase = "ou=people,dc=fricloud,dc=dk";`
			`searchFilter = "(&(memberOf=cn=base_member,ou=groups,dc=fricloud,dc=dk)(uid={{username}}))";`
			`useridField = "uid";`
			`};`
			`};`
			`};`

			`# add state directory to ReadWritePaths`
			`systemd.services.hedgedoc.serviceConfig.ReadWritePaths = [ stateDir ];`
			`systemd.services.hedgedoc.serviceConfig.EnvironmentFile = config.age.secrets.lldap-bind-user-pass-hedgedoc-env.path;`

			`services.nginx.virtualHosts."${domain}" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations."/".proxyPass = "http://localhost:${builtins.toString config.services.hedgedoc.settings.port}";`
			`};`
			`}`