Merge branch 'infra4future-pad' into 'main'
added hainich/hedgedoc-i4f See merge request hacc/infra/haccfiles!66
This commit is contained in:
commit
f78a59d6f7
|
@ -7,7 +7,7 @@
|
|||
./hardware.nix
|
||||
./services/murmur.nix
|
||||
./services/mail.nix
|
||||
./services/codimd.nix
|
||||
./services/hedgedoc.nix
|
||||
../../common
|
||||
# ./wireguard.nix
|
||||
./services/nginx.nix
|
||||
|
@ -115,6 +115,8 @@
|
|||
"/run/florinori"
|
||||
"/var/lib/containers/codimd/var/lib/codimd"
|
||||
"/var/lib/containers/codimd/var/backup/postgresql"
|
||||
"/var/lib/containers/hedgedoc-i4f/var/lib/codimd"
|
||||
"/var/lib/containers/hedgedoc-i4f/var/backup/postgresql"
|
||||
"/var/lib/containers/lantifa/var/lib/mediawiki"
|
||||
"/var/lib/containers/lantifa/var/backup/mysql"
|
||||
"/var/lib/murmur"
|
||||
|
|
|
@ -1,91 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
containers.codimd = {
|
||||
privateNetwork = true;
|
||||
hostAddress = "192.168.100.1";
|
||||
localAddress = "192.168.100.3";
|
||||
autoStart = true;
|
||||
config = { config, lib, pkgs, ... }: {
|
||||
networking.firewall.enable = false;
|
||||
services.coredns = {
|
||||
enable = true;
|
||||
config = ''
|
||||
.:53 {
|
||||
forward . 1.1.1.1
|
||||
}
|
||||
'';
|
||||
};
|
||||
services.hedgedoc = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
allowAnonymous = true;
|
||||
allowFreeURL = true;
|
||||
allowGravatar = false;
|
||||
allowOrigin = [ "localhost" "pad.hacc.space" "fff-muc.de" ];
|
||||
dbURL = "postgres://codimd:codimd@localhost:5432/codimd";
|
||||
defaultPermission = "limited";
|
||||
domain = "pad.hacc.space";
|
||||
host = "0.0.0.0";
|
||||
protocolUseSSL = true;
|
||||
hsts.preload = false;
|
||||
email = false;
|
||||
oauth2 = {
|
||||
authorizationURL = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/auth";
|
||||
tokenURL = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/token";
|
||||
clientID = "codimd";
|
||||
clientSecret = "1a730af1-4d6e-4c1d-8f7e-72375c9b8d62";
|
||||
};
|
||||
};
|
||||
};
|
||||
systemd.services.hedgedoc.environment = {
|
||||
"CMD_OAUTH2_USER_PROFILE_URL" = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/userinfo";
|
||||
"CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR" = "name";
|
||||
"CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR" = "display-name";
|
||||
"CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR" = "email";
|
||||
"CMD_OAUTH2_PROVIDERNAME" = "Infra4Future";
|
||||
};
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
ensureDatabases = [ "codimd" ];
|
||||
ensureUsers = [{
|
||||
name = "codimd";
|
||||
ensurePermissions = {
|
||||
"DATABASE codimd" = "ALL PRIVILEGES";
|
||||
};
|
||||
}];
|
||||
};
|
||||
services.postgresqlBackup = {
|
||||
enable = true;
|
||||
databases = [ "codimd" ];
|
||||
startAt = "*-*-* 23:45:00";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."pad.hacc.earth" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
globalRedirect = "pad.hacc.space";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."pad.hacc.space" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://192.168.100.3:3000";
|
||||
extraConfig = ''
|
||||
proxy_pass_request_headers on;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $http_host;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $http_connection;
|
||||
add_header Access-Control-Allow-Origin "*";
|
||||
proxy_buffering off;
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
122
hosts/hainich/services/hedgedoc.nix
Normal file
122
hosts/hainich/services/hedgedoc.nix
Normal file
|
@ -0,0 +1,122 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
mkHedgedocContainer = {extraOptions, name}: {config, lib, pkgs, ...}: {
|
||||
imports = [ extraOptions ];
|
||||
networking.firewall.enable = false;
|
||||
services.coredns = {
|
||||
enable = true;
|
||||
config = ''
|
||||
.:53 {
|
||||
forward . 1.1.1.1
|
||||
}
|
||||
'';
|
||||
};
|
||||
services.hedgedoc = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
allowAnonymous = true;
|
||||
allowFreeURL = true;
|
||||
allowGravatar = false;
|
||||
allowOrigin = [ "localhost" ];
|
||||
dbURL = "postgres://${name}:${name}@localhost:5432/${name}";
|
||||
defaultPermission = "limited";
|
||||
#domain = "pad.infra4future.de";
|
||||
host = "0.0.0.0";
|
||||
protocolUseSSL = true;
|
||||
hsts.preload = false;
|
||||
email = false;
|
||||
oauth2 = {
|
||||
authorizationURL = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/auth";
|
||||
tokenURL = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/token";
|
||||
clientID = name;
|
||||
#clientSecret = "2984f185-f7ff-4837-8ba6-cdabb066f9b7";
|
||||
};
|
||||
};
|
||||
};
|
||||
systemd.services.hedgedoc.environment = {
|
||||
"CMD_OAUTH2_USER_PROFILE_URL" = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/userinfo";
|
||||
"CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR" = "name";
|
||||
"CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR" = "display-name";
|
||||
"CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR" = "email";
|
||||
"CMD_OAUTH2_PROVIDERNAME" = "Infra4Future";
|
||||
};
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
ensureDatabases = [ name ];
|
||||
ensureUsers = [{
|
||||
inherit name;
|
||||
ensurePermissions = {
|
||||
"DATABASE ${name}" = "ALL PRIVILEGES";
|
||||
};
|
||||
}];
|
||||
};
|
||||
services.postgresqlBackup = {
|
||||
enable = true;
|
||||
databases = [ name ];
|
||||
startAt = "*-*-* 23:45:00";
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
containers.hedgedoci4f = {
|
||||
privateNetwork = true;
|
||||
hostAddress = "192.168.100.1";
|
||||
localAddress = "192.168.100.41";
|
||||
autoStart = true;
|
||||
config = mkHedgedocContainer {
|
||||
name = "hedgedoc-i4f";
|
||||
extraOptions = {config, pkgs, ...}: {
|
||||
services.hedgedoc.configuration = {
|
||||
defaultPermission = pkgs.lib.mkForce "freely";
|
||||
allowOrigin = [ "pad.infra4future.de" "fff-muc.de" ];
|
||||
domain = "pad.infra4future.de";
|
||||
oauth2.clientSecret = "2984f185-f7ff-4837-8ba6-cdabb066f9b7";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
containers.codimd = {
|
||||
privateNetwork = true;
|
||||
hostAddress = "192.168.100.1";
|
||||
localAddress = "192.168.100.3";
|
||||
autoStart = true;
|
||||
config = mkHedgedocContainer {
|
||||
name = "codimd";
|
||||
extraOptions = {config, pkgs, ...}: {
|
||||
services.hedgedoc.configuration = {
|
||||
allowOrigin = [ "pad.hacc.space" "fff-muc.de" ];
|
||||
domain = "pad.hacc.space";
|
||||
oauth2.clientSecret = "1a730af1-4d6e-4c1d-8f7e-72375c9b8d62";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
services.nginx.virtualHosts =
|
||||
let mkHedgedocHost = addr: {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://192.168.100.3:3000";
|
||||
extraConfig = ''
|
||||
proxy_pass_request_headers on;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $http_host;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $http_connection;
|
||||
add_header Access-Control-Allow-Origin "*";
|
||||
proxy_buffering off;
|
||||
'';
|
||||
};
|
||||
};
|
||||
in {
|
||||
"pad.infra4future.de" = mkHedgedocHost "http://192.168.100.3:3000";
|
||||
"pad.hacc.space" = mkHedgedocHost "http://192.168.100.3:3000";
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue