2023-04-22 16:49:04 +02:00
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
let
|
|
|
|
cfg = config.services.hedgedoc.settings;
|
|
|
|
domain = "md.feal.no";
|
|
|
|
port = 3000;
|
|
|
|
host = "0.0.0.0";
|
|
|
|
in {
|
2023-04-26 12:07:36 +02:00
|
|
|
# Contains CMD_SESSION_SECRET and CMD_OAUTH2_CLIENT_SECRET
|
|
|
|
sops.secrets."hedgedoc/env" = {
|
|
|
|
restartUnits = [ "hedgedoc.service" ];
|
|
|
|
};
|
|
|
|
|
2023-04-22 16:49:04 +02:00
|
|
|
services.hedgedoc = {
|
|
|
|
enable = true;
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
inherit domain port host;
|
|
|
|
protocolUseSSL = true;
|
|
|
|
db = {
|
|
|
|
dialect = "sqlite";
|
|
|
|
storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
|
|
|
|
};
|
2023-04-26 12:07:36 +02:00
|
|
|
environmentFile = config.sops.secrets."hedgedoc/env".path;
|
|
|
|
|
2023-04-22 16:49:04 +02:00
|
|
|
email = false;
|
|
|
|
oauth2 = let
|
|
|
|
authServerUrl = config.services.kanidm.serverSettings.origin;
|
|
|
|
in {
|
|
|
|
baseURL = "${authServerUrl}/oauth2";
|
|
|
|
tokenURL = "${authServerUrl}/oauth2/token";
|
|
|
|
authorizationURL = "${authServerUrl}/ui/oauth2";
|
|
|
|
userProfileURL = "${authServerUrl}/oauth2/openid/hedgedoc/userinfo";
|
|
|
|
|
|
|
|
clientID = "hedgedoc";
|
2023-04-26 12:32:47 +02:00
|
|
|
clientSecret = "";
|
2023-04-22 16:49:04 +02:00
|
|
|
scope = "openid email profile";
|
|
|
|
userProfileUsernameAttr = "name";
|
|
|
|
userProfileEmailAttr = "email";
|
|
|
|
userProfileDisplayNameAttr = "displayname";
|
|
|
|
|
|
|
|
providerName = "KaniDM";
|
|
|
|
};
|
|
|
|
|
|
|
|
};
|
|
|
|
};
|
|
|
|
services.nginx.virtualHosts.${domain} = {
|
|
|
|
locations."/" = {
|
|
|
|
proxyPass = "http://${host}:${toString port}/";
|
|
|
|
};
|
|
|
|
|
|
|
|
locations."/socket.io/" = {
|
|
|
|
proxyPass = "http://${host}:${toString port}/";
|
|
|
|
proxyWebsockets = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|