tsuki: set up hedgedoc

the dynmap subdomain was also renamed from "dyn" to "map" in this commit
2023-03-07 23:14:10 +01:00
parent 1d99bbfd46
commit dd6c99226e
4 changed files with 97 additions and 1 deletions
--- a/hosts/tsuki/configuration.nix
+++ b/hosts/tsuki/configuration.nix
@@ -8,6 +8,7 @@
    ./services/gitea
    ./services/grafana
    ./services/headscale.nix
+    ./services/hedgedoc.nix
    ./services/hydra.nix
    # ./services/jitsi.nix
    ./services/jupyter.nix
--- a/hosts/tsuki/services/hedgedoc.nix
+++ b/hosts/tsuki/services/hedgedoc.nix
@@ -0,0 +1,51 @@
+{ pkgs, lib, config, options, ... }:
+{
+  config = {
+    # Contains CMD_SESSION_SECRET and CMD_OAUTH2_CLIENT_SECRET
+    sops.secrets."hedgedoc/env" = {
+      restartUnits = [ "hedgedoc.service" ];
+    };
+
+    services.hedgedoc = {
+      enable = true;
+      workDir = "${config.machineVars.dataDrives.default}/var/hedgedoc";
+      environmentFile = config.sops.secrets."hedgedoc/env".path;
+      settings = {
+        domain = "docs.nani.wtf";
+        dbURL = "postgres://hedgedoc:@localhost/hedgedoc";
+        email = false;
+        allowAnonymous = false;
+        allowAnonymousEdits = true;
+        protocolUseSSL = true;
+
+        oauth2 = let 
+          authServerUrl = config.services.kanidm.serverSettings.origin;
+        in {
+          baseURL = "${authServerUrl}/oauth2";
+          tokenURL = "${authServerUrl}/oauth2/token";
+          authorizationURL = "${authServerUrl}/ui/oauth2";
+          userProfileURL = "${authServerUrl}/oauth2/openid/hedgedoc/userinfo";
+
+          clientID = "hedgedoc";
+
+          scope = "openid email profile";
+          userProfileUsernameAttr = "name";
+          userProfileEmailAttr = "email";
+          userProfileDisplayNameAttr = "displayname";
+
+          providerName = "KaniDM";
+        };
+      };
+    };
+
+    services.postgresql = {
+      ensureDatabases = [ "hedgedoc" ];
+      ensureUsers = [{
+        name = "hedgedoc";
+        ensurePermissions = {
+          "DATABASE \"hedgedoc\"" = "ALL PRIVILEGES";
+        };
+      }];
+    };
+  };
+}
--- a/hosts/tsuki/services/nginx/default.nix
+++ b/hosts/tsuki/services/nginx/default.nix
@@ -107,7 +107,8 @@
      (proxy ["py"] "http://localhost:${s ports.jupyterhub}" {
        locations."/".proxyWebsockets = true;
      })
-      (proxy ["dyn"] "http://localhost:${s ports.minecraft.dynmap}" {})
+      (proxy ["docs"] "http://localhost:${s config.services.hedgedoc.settings.port}" {})
+      (proxy ["map"] "http://localhost:${s ports.minecraft.dynmap}" {})
      (proxy ["osu"] "http://localhost:${s ports.osuchan}" {})
      (proxy ["auth"] "https://localhost:8300" {
        extraConfig = ''