forked from hacc/haccfiles
stuebinm
3b928c6712
this should redirect visitors to pad.hacc.earth back to pad.hacc.space. (this was requested in the matrix room, to make it easier to communicate to people that pads moved yet again).
91 lines
2.9 KiB
Nix
91 lines
2.9 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
{
|
|
containers.codimd = {
|
|
privateNetwork = true;
|
|
hostAddress = "192.168.100.1";
|
|
localAddress = "192.168.100.3";
|
|
autoStart = true;
|
|
config = { config, lib, pkgs, ... }: {
|
|
networking.firewall.enable = false;
|
|
services.coredns = {
|
|
enable = true;
|
|
config = ''
|
|
.:53 {
|
|
forward . 1.1.1.1
|
|
}
|
|
'';
|
|
};
|
|
services.hedgedoc = {
|
|
enable = true;
|
|
configuration = {
|
|
allowAnonymous = true;
|
|
allowFreeURL = true;
|
|
allowGravatar = false;
|
|
allowOrigin = [ "localhost" "pad.hacc.space" "fff-muc.de" ];
|
|
dbURL = "postgres://codimd:codimd@localhost:5432/codimd";
|
|
defaultPermission = "limited";
|
|
domain = "pad.hacc.space";
|
|
host = "0.0.0.0";
|
|
protocolUseSSL = true;
|
|
hsts.preload = false;
|
|
email = false;
|
|
oauth2 = {
|
|
authorizationURL = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/auth";
|
|
tokenURL = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/token";
|
|
clientID = "codimd";
|
|
clientSecret = "1a730af1-4d6e-4c1d-8f7e-72375c9b8d62";
|
|
};
|
|
};
|
|
};
|
|
systemd.services.hedgedoc.environment = {
|
|
"CMD_OAUTH2_USER_PROFILE_URL" = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/userinfo";
|
|
"CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR" = "name";
|
|
"CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR" = "display-name";
|
|
"CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR" = "email";
|
|
"CMD_OAUTH2_PROVIDERNAME" = "Infra4Future";
|
|
};
|
|
services.postgresql = {
|
|
enable = true;
|
|
ensureDatabases = [ "codimd" ];
|
|
ensureUsers = [{
|
|
name = "codimd";
|
|
ensurePermissions = {
|
|
"DATABASE codimd" = "ALL PRIVILEGES";
|
|
};
|
|
}];
|
|
};
|
|
services.postgresqlBackup = {
|
|
enable = true;
|
|
databases = [ "codimd" ];
|
|
startAt = "*-*-* 23:45:00";
|
|
};
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."pad.hacc.space" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
proxyPass = "http://192.168.100.3:3000";
|
|
extraConfig = ''
|
|
proxy_pass_request_headers on;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $http_host;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $http_connection;
|
|
add_header Access-Control-Allow-Origin "*";
|
|
proxy_buffering off;
|
|
'';
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."pad.hacc.earth" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/".return = "301 https://pac.hacc.space$request_uri";
|
|
};
|
|
}
|