haccfiles/services/hedgedoc-hacc.nix

114 lines
3.5 KiB
Nix
Raw Normal View History

2021-08-07 17:38:40 +00:00
{ config, lib, pkgs, profiles, modules, evalConfig, sources, ... }:
{
2021-08-07 18:27:04 +00:00
containers.pad-hacc = {
2021-08-07 17:38:40 +00:00
privateNetwork = true;
hostAddress = "192.168.100.1";
localAddress = "192.168.100.5";
autoStart = true;
bindMounts = {
"/persist" = {
hostPath = "/persist/containers/pad-hacc";
isReadOnly = false;
};
};
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
imports = [
((import sources.nix-hexchen) {}).profiles.nopersist
];
nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
services.hedgedoc = {
enable = true;
configuration = {
allowAnonymous = true;
allowFreeURL = true;
allowGravatar = false;
allowOrigin = [ "localhost" "pad.hacc.space" "fff-muc.de" ];
db = {
host = "/run/postgresql";
2022-01-27 20:20:25 +00:00
username = "codimd";
dialect = "postgres";
database = "codimd";
};
2021-08-07 17:38:40 +00:00
defaultPermission = "limited";
domain = "pad.hacc.space";
host = "0.0.0.0";
protocolUseSSL = true;
hsts.preload = false;
email = false;
oauth2 = {
authorizationURL = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/auth";
tokenURL = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/token";
clientID = "hedgedoc";
clientSecret = "1a730af1-4d6e-4c1d-8f7e-72375c9b8d62";
};
};
};
systemd.services.hedgedoc.environment = {
"CMD_LOGLEVEL" = "warn";
2021-08-07 17:38:40 +00:00
"CMD_OAUTH2_USER_PROFILE_URL" = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/userinfo";
"CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR" = "name";
"CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR" = "display-name";
"CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR" = "email";
"CMD_OAUTH2_PROVIDERNAME" = "Infra4Future";
};
services.postgresql = {
enable = true;
2021-08-07 18:27:04 +00:00
ensureDatabases = [ "codimd" ];
2021-08-07 17:38:40 +00:00
ensureUsers = [{
2021-08-07 18:27:04 +00:00
name = "codimd";
2021-08-07 17:38:40 +00:00
ensurePermissions = {
2021-08-07 18:27:04 +00:00
"DATABASE codimd" = "ALL PRIVILEGES";
2021-08-07 17:38:40 +00:00
};
}];
authentication = ''
local all all trust
2022-01-27 20:20:25 +00:00
host codimd codimd 127.0.0.1/32 trust
'';
2022-01-27 20:20:25 +00:00
package = pkgs.postgresql_11;
2021-08-07 17:38:40 +00:00
};
services.postgresqlBackup = {
enable = true;
2021-08-07 18:27:04 +00:00
databases = [ "codimd" ];
2021-08-07 17:38:40 +00:00
startAt = "*-*-* 23:45:00";
2021-08-07 18:27:04 +00:00
location = "/persist/backups/postgres";
2021-08-07 17:38:40 +00:00
};
})).config.system.build.toplevel;
};
services.nginx.virtualHosts."pad.hacc.earth" = {
enableACME = true;
forceSSL = true;
globalRedirect = "pad.hacc.space";
};
services.nginx.virtualHosts."pad.hacc.space" = {
forceSSL = true;
enableACME = true;
locations."/" = {
2021-08-07 18:27:04 +00:00
proxyPass = "http://${config.containers.pad-hacc.localAddress}:3000";
2021-08-07 17:38:40 +00:00
extraConfig = ''
add_header Access-Control-Allow-Origin "*";
proxy_buffering off;
'';
};
};
}