80 lines
2.2 KiB
Nix
80 lines
2.2 KiB
Nix
{ config, ... }:
|
|
|
|
let
|
|
svc_domain = "hedgedoc.${config.mine.shared.settings.domain}";
|
|
|
|
stateDir = config.mine.zfsMounts."rpool/safe/svcs/hedgedoc";
|
|
|
|
hedgedoc_user = config.users.users.hedgedoc.name;
|
|
in {
|
|
services.hedgedoc = {
|
|
enable = true;
|
|
settings = {
|
|
# only change default port, because 3000 is used by other service
|
|
port = 6864;
|
|
domain = svc_domain;
|
|
protocolUseSSL = true;
|
|
debug = true;
|
|
uploadsPath = stateDir + "/uploads";
|
|
|
|
db = {
|
|
dialect = "postgresql";
|
|
host = "/run/postgresql";
|
|
};
|
|
|
|
# disable annonymous notes, but allow annonymous edits
|
|
allowAnonymous = false;
|
|
allowAnonymousEdits = true;
|
|
defaultPermission = "private"; # only owner can view and edit
|
|
|
|
# disable email login and register
|
|
email = false;
|
|
allowEmailRegister = false;
|
|
|
|
# setup ldap
|
|
# https://github.com/lldap/lldap/blob/main/example_configs/hedgedoc.md
|
|
ldap = let
|
|
lconfig = config.mine.shared.settings.ldap;
|
|
in {
|
|
url = lconfig.url;
|
|
bindDn = lconfig.bind_dn;
|
|
searchBase = lconfig.search_base;
|
|
searchFilter = lconfig.user_filter "{{username}}";
|
|
useridField = lconfig.attr.uid;
|
|
};
|
|
};
|
|
};
|
|
|
|
# add state directory to ReadWritePaths
|
|
systemd.services.hedgedoc.serviceConfig.ReadWritePaths = [ stateDir ];
|
|
systemd.services.hedgedoc.serviceConfig.EnvironmentFile = config.age.secrets.lldap-bind-user-pass-hedgedoc-env.path;
|
|
|
|
# setup postgresql
|
|
services.postgresql = {
|
|
ensureDatabases = [ hedgedoc_user ];
|
|
ensureUsers = [{
|
|
name = hedgedoc_user;
|
|
ensureDBOwnership = true;
|
|
}];
|
|
};
|
|
|
|
services.nginx.virtualHosts."${svc_domain}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/".proxyPass = "http://localhost:${builtins.toString config.services.hedgedoc.settings.port}";
|
|
};
|
|
|
|
mine.shared.meta.hedgedoc = {
|
|
name = "Hedgedoc";
|
|
description = "We host our own Hedgedoc for writing small documents, and sharing with others. Login using your credentials.";
|
|
url = "https://${svc_domain}";
|
|
|
|
package = let
|
|
pkg = config.services.hedgedoc.package;
|
|
in {
|
|
name = pkg.pname;
|
|
version = pkg.version;
|
|
meta = pkg.meta;
|
|
};
|
|
};
|
|
}
|