oysteikt/nix-dotfiles
oysteikt
/
nix-dotfiles
2
1
Fork 0
Code Issues Pull Requests Activity

tsuki: set up hedgedoc 

the dynmap subdomain was also renamed from "dyn" to "map" in this commit
This commit is contained in:
Oystein Kristoffer Tveit 2023-03-07 23:14:10 +01:00
parent 1d99bbfd46
commit dd6c99226e
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146
4 changed files with 97 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/tsuki/configuration.nix
View File

@ -8,6 +8,7 @@
./services/gitea ./services/gitea
./services/grafana ./services/grafana
./services/headscale.nix ./services/headscale.nix
./services/hedgedoc.nix
./services/hydra.nix ./services/hydra.nix
# ./services/jitsi.nix # ./services/jitsi.nix
./services/jupyter.nix ./services/jupyter.nix

51
hosts/tsuki/services/hedgedoc.nix Normal file
View File

@ -0,0 +1,51 @@
{ pkgs, lib, config, options, ... }:
{
config = {
# Contains CMD_SESSION_SECRET and CMD_OAUTH2_CLIENT_SECRET
sops.secrets."hedgedoc/env" = {
restartUnits = [ "hedgedoc.service" ];
};
services.hedgedoc = {
enable = true;
workDir = "${config.machineVars.dataDrives.default}/var/hedgedoc";
environmentFile = config.sops.secrets."hedgedoc/env".path;
settings = {
domain = "docs.nani.wtf";
dbURL = "postgres://hedgedoc:@localhost/hedgedoc";
email = false;
allowAnonymous = false;
allowAnonymousEdits = true;
protocolUseSSL = true;
oauth2 = let
authServerUrl = config.services.kanidm.serverSettings.origin;
in {
baseURL = "${authServerUrl}/oauth2";
tokenURL = "${authServerUrl}/oauth2/token";
authorizationURL = "${authServerUrl}/ui/oauth2";
userProfileURL = "${authServerUrl}/oauth2/openid/hedgedoc/userinfo";
clientID = "hedgedoc";
scope = "openid email profile";
userProfileUsernameAttr = "name";
userProfileEmailAttr = "email";
userProfileDisplayNameAttr = "displayname";
providerName = "KaniDM";
};
};
};
services.postgresql = {
ensureDatabases = [ "hedgedoc" ];
ensureUsers = [{
name = "hedgedoc";
ensurePermissions = {
"DATABASE \"hedgedoc\"" = "ALL PRIVILEGES";
};
}];
};
};
}

3
hosts/tsuki/services/nginx/default.nix
View File

@ -107,7 +107,8 @@
(proxy ["py"] "http://localhost:${s ports.jupyterhub}" { (proxy ["py"] "http://localhost:${s ports.jupyterhub}" {
locations."/".proxyWebsockets = true; locations."/".proxyWebsockets = true;
}) })
(proxy ["dyn"] "http://localhost:${s ports.minecraft.dynmap}" {}) (proxy ["docs"] "http://localhost:${s config.services.hedgedoc.settings.port}" {})
(proxy ["map"] "http://localhost:${s ports.minecraft.dynmap}" {})
(proxy ["osu"] "http://localhost:${s ports.osuchan}" {}) (proxy ["osu"] "http://localhost:${s ports.osuchan}" {})
(proxy ["auth"] "https://localhost:8300" { (proxy ["auth"] "https://localhost:8300" {
extraConfig = '' extraConfig = ''

43
secrets/default.yaml
View File

@ -1 +1,44 @@
headscale:
oauth_secret: ""
hedgedoc:
env: ENC[AES256_GCM,data:4i2I7S5hKp3mjROMwa3WQinbgmxXhKzSaWspzF12TIDm9g3Bgie0jfSxbDuPjJYq1mZ8oQ2Jzdi2N+Q4blOk9fZO3VREoU0qFrfqm8RqBw3a7hpisXzu9okYnzrW2JiVxNGWwZbuiCG1SzdMOMHq/ZqLEJdu7Pxm9cY9xBSZthap1DCFyr7dmjHt3AnEQemsDpxSaWKD2Dfs1gyA23rLAFBd,iv:lfB6uaXULUNme7cGyN+bKuXPsbgpjMrxrRy2L96HltY=,tag:uu37bZ4g/PA2mgzs3ioLCQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1c92j4w0gqh32hwssl5m2mfrggssxax9pge8qxwytv9lmrnfttcvqdrgsst
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzZE1zUHdoM1JDOEJZOUYw
WjhkUkkwcmExOGVScGZXZ0FEWTRJdFZpUGxRCjNVYW9SNnZRYnNZK1c0R1dPQnVn
UWRUVllYbGlBU2lhZWs0dTcvOVJWSkUKLS0tIEl6M3ZoVHFZWGNWa3UyZW1CTnRm
UE1YWkplaFBhV01CU0FDYTQ3NlkwVkUKMJyCfyh/vcj/VU7shtFF4YRRVaWdcMNh
rp9lZmRZpc9mARXYAj9RlkI/uuSzxshtqb5AGXKmSV0hncazxu75kg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-03-07T12:35:57Z"
mac: ENC[AES256_GCM,data:jKRXsFeyqRVkU4yGpVm4iOrXZV5mnWC7c63ifKmWJR/eMH1M5I7nKrrn7RA9DjZcwBnWyO5HcYk/NjjMP5HZbSmUMEafKBs3GpZDFziGG4eQSgZdca4MSNXwAqtQqYwtjsixww637uwSycwdf+9cphSBGhsdFOctaIsOuuheZEc=,iv:KDhnBg9+mZWyaKsiijITAkyvyx8eFsflBB0+jbY6aZQ=,tag:qJxf5RUb/5hzXI8pjGgLFw==,type:str]
pgp:
- created_at: "2023-03-07T12:32:53Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA0av/duuklWYARAAgK4M/JO/WnZviV8Ghm3RSSbTYJfeqpwVdBOg5dRwkXIn
weE3ROWeI5xhiNhW+HQirXAhAXKvnhU9mahHSqvrGCrbPJUZMLiIaa+X7f3Bufva
wbcHwLJQ6C6+JKmFbg+J4x6o1lQX3RsN+MbELxZ0WMs4giJ9rjlRfMxMjlcxXVpr
ga0Lfe6qUh0g9rUGFL11pitEHBVHDFTF3WBINCS8GYvbBfCIEMHtCDYsY6tw40V4
qz15+YOWQyMR16hNQB8ooLmtKTB9BEZclSqPyNWwyoS+fi4NsAGWAxEcg3nGxdF0
jkJWOK3rINaZCQhz4tk7+j1n2h1EyJjCQv2hfyMB2EbeVFswznPfU/EWI6WoHWT3
oLZNHqyfswKHTQ81m4FoH5wU0nR2bOBipD3RaUTPsdEj1Ek/eXDYH7xZDzNDqQBe
YlXiE3WmweMzC6AP3GTQ9Etl4Ktx8mvushEtOYJsParsohH0P5MeIRMPxQc6Vu7i
FlKvjptCrvQk0AXTLyqpAypp8ENAGKHbs3/3eJIZ/fZBXOhDYUGV2kBpCwDDGALo
Xy42geSMmPI3NoonghlVSkrVZx4Srkcb+RlJg2kKdmwOa2qMYMGo7W6XD48nHOot
sC4srxJH1IHBrPQ5AKDOG9iJxSzSTA7aKKxkJD4CKfjlftQBQrNSLZBhdYedYfTS
XAHFlx1zkYmxfESTcOh48HpwNuMV3koxbLUsfrzag4b7R43XjrxPxxAeh9jKzZrK
B2qBvjGv9TMoKaAnXj48HwW1/R9v54vTQ3bwkuMvxhf5f3NWv5qBZdsdxU1l
=VxGX
-----END PGP MESSAGE-----
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
unencrypted_suffix: _unencrypted
version: 3.7.3