From 378c79f93e70a44aea552ccc454b611d8abe9698 Mon Sep 17 00:00:00 2001 From: Lukas <3-lukas@users.noreply.gitlab.infra4future.de> Date: Wed, 2 Jun 2021 19:08:54 +0000 Subject: [PATCH] hainich:add hedgedoc for i4f --- hosts/hainich/configuration.nix | 5 +- .../{codimd.nix => hedgedoc_hacc.nix} | 0 hosts/hainich/services/hedgedoc_i4f.nix | 76 +++++++++++++++++++ 3 files changed, 80 insertions(+), 1 deletion(-) rename hosts/hainich/services/{codimd.nix => hedgedoc_hacc.nix} (100%) create mode 100644 hosts/hainich/services/hedgedoc_i4f.nix diff --git a/hosts/hainich/configuration.nix b/hosts/hainich/configuration.nix index 081ca6b..fec746a 100644 --- a/hosts/hainich/configuration.nix +++ b/hosts/hainich/configuration.nix @@ -7,7 +7,8 @@ ./hardware.nix ./services/murmur.nix ./services/mail.nix - ./services/codimd.nix + ./services/hedgedoc_hacc.nix + ./services/hedgedoc_i4f.nix ../../common # ./wireguard.nix ./services/nginx.nix @@ -115,6 +116,8 @@ "/run/florinori" "/var/lib/containers/codimd/var/lib/codimd" "/var/lib/containers/codimd/var/backup/postgresql" + "/var/lib/containers/hedgedoc-i4f/var/lib/codimd" + "/var/lib/containers/hedgedoc-i4f/var/backup/postgresql" "/var/lib/containers/lantifa/var/lib/mediawiki" "/var/lib/containers/lantifa/var/backup/mysql" "/var/lib/murmur" diff --git a/hosts/hainich/services/codimd.nix b/hosts/hainich/services/hedgedoc_hacc.nix similarity index 100% rename from hosts/hainich/services/codimd.nix rename to hosts/hainich/services/hedgedoc_hacc.nix diff --git a/hosts/hainich/services/hedgedoc_i4f.nix b/hosts/hainich/services/hedgedoc_i4f.nix new file mode 100644 index 0000000..dfe7da7 --- /dev/null +++ b/hosts/hainich/services/hedgedoc_i4f.nix @@ -0,0 +1,76 @@ +{ config, lib, pkgs, ... }: + +{ + containers.pad-i4f = { + privateNetwork = true; + hostAddress = "192.168.100.1"; + localAddress = "192.168.100.41"; + autoStart = true; + config = { config, lib, pkgs, ... }: { + networking.firewall.enable = false; + services.coredns = { + enable = true; + config = '' + .:53 { + forward . 1.1.1.1 + } + ''; + }; + services.hedgedoc = { + enable = true; + configuration = { + allowAnonymous = true; + allowFreeURL = true; + allowGravatar = false; + allowOrigin = [ "localhost" "pad.infra4future.de" "fff-muc.de" ]; + dbURL = "postgres://hedgedoc:hedgedoc@localhost:5432/hedgedoc"; + defaultPermission = "freely"; + domain = "pad.infra4future.de"; + host = "0.0.0.0"; + protocolUseSSL = true; + hsts.preload = false; + email = false; + }; + }; + services.postgresql = { + enable = true; + authentication = '' + local all all trust + host hedgedoc hedgedoc 127.0.0.1/32 trust + ''; + ensureDatabases = [ "hedgedoc" ]; + ensureUsers = [{ + name = "hedgedoc"; + ensurePermissions = { + "DATABASE hedgedoc" = "ALL PRIVILEGES"; + }; + }]; + }; + services.postgresqlBackup = { + enable = true; + databases = [ "hedgedoc" ]; + startAt = "*-*-* 23:45:00"; + }; + }; + }; + + services.nginx.virtualHosts."pad.infra4future.de" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://192.168.100.41:3000"; + extraConfig = '' + proxy_pass_request_headers on; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + add_header Access-Control-Allow-Origin "*"; + proxy_buffering off; + ''; + }; + }; +}