config/profiles/web/services/hedgedoc.nix
2023-03-16 22:29:24 +01:00

35 lines
1.4 KiB
Nix

{ config, pkgs, lib, mkDomain, ... }:
{
# hedgedoc
# Realtime collaborative markdown notes on all platforms
services.hedgedoc = {
#enable = true; # FIXME: make it load
settings.host = "127.0.0.1";
settings.port = 44776;
settings.db.dialect = "sqlite";
settings.db.storage = "${config.services.hedgedoc.workDir}/db.hedgedoc.sqlite";
settings.domain = mkDomain "hedgedoc";
settings.allowAnonymous = true;
settings.allowEmailRegister = false; # default is true
settings.allowAnonymousEdits = false; # default is false
settings.protocolUseSSL = true; # https prefix
settings.useSSL = false; # nginx terminates ssl
#settings.csp = {TODO}; # content security policy
#settings.useCDN = true;
#settings.debug = true;
# there are also a metric fuckton of integration services, like github, twitter, minio, mattermost, dropbox etc.
# there are also auth options, like ldap, saml and oauth2
};
services.nginx.virtualHosts.${mkDomain "hedgedoc"} = lib.mkIf config.services.hedgedoc.enable {
forceSSL = true; # addSSL = true;
enableACME = true; #useACMEHost = acmeDomain;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.hedgedoc.settings.port}";
proxyWebsockets = true;
# TODO: proxy headers:
# https://docs.hedgedoc.org/guides/reverse-proxy/
};
};
}