{ config, pkgs, lib, ... }: let cfg = config.services.hedgedoc.settings; domain = "md.feal.no"; port = 3000; host = "0.0.0.0"; in { services.hedgedoc = { enable = true; settings = { inherit domain port host; protocolUseSSL = true; db = { dialect = "sqlite"; storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite"; }; email = false; oauth2 = let authServerUrl = config.services.kanidm.serverSettings.origin; in { baseURL = "${authServerUrl}/oauth2"; tokenURL = "${authServerUrl}/oauth2/token"; authorizationURL = "${authServerUrl}/ui/oauth2"; userProfileURL = "${authServerUrl}/oauth2/openid/hedgedoc/userinfo"; clientID = "hedgedoc"; scope = "openid email profile"; userProfileUsernameAttr = "name"; userProfileEmailAttr = "email"; userProfileDisplayNameAttr = "displayname"; providerName = "KaniDM"; # rolesClaim = "roles"; # accessRole = "hedgedoc_users"; }; }; }; #networking.firewall.allowedTCPPorts = [ port ]; services.nginx.virtualHosts.${domain} = { locations."/" = { proxyPass = "http://${host}:${toString port}/"; }; locations."/socket.io/" = { proxyPass = "http://${host}:${toString port}/"; proxyWebsockets = true; }; }; }