35 lines
1.4 KiB
Nix
35 lines
1.4 KiB
Nix
{ config, pkgs, lib, mkDomain, ... }:
|
|
{
|
|
# hedgedoc
|
|
# Realtime collaborative markdown notes on all platforms
|
|
|
|
services.hedgedoc = {
|
|
#enable = true; # FIXME: make it load
|
|
settings.host = "127.0.0.1";
|
|
settings.port = 44776;
|
|
settings.db.dialect = "sqlite";
|
|
settings.db.storage = "${config.services.hedgedoc.workDir}/db.hedgedoc.sqlite";
|
|
settings.domain = mkDomain "hedgedoc";
|
|
settings.allowAnonymous = true;
|
|
settings.allowEmailRegister = false; # default is true
|
|
settings.allowAnonymousEdits = false; # default is false
|
|
settings.protocolUseSSL = true; # https prefix
|
|
settings.useSSL = false; # nginx terminates ssl
|
|
#settings.csp = {TODO}; # content security policy
|
|
#settings.useCDN = true;
|
|
#settings.debug = true;
|
|
# there are also a metric fuckton of integration services, like github, twitter, minio, mattermost, dropbox etc.
|
|
# there are also auth options, like ldap, saml and oauth2
|
|
};
|
|
services.nginx.virtualHosts.${mkDomain "hedgedoc"} = lib.mkIf config.services.hedgedoc.enable {
|
|
forceSSL = true; # addSSL = true;
|
|
enableACME = true; #useACMEHost = acmeDomain;
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:${toString config.services.hedgedoc.settings.port}";
|
|
proxyWebsockets = true;
|
|
# TODO: proxy headers:
|
|
# https://docs.hedgedoc.org/guides/reverse-proxy/
|
|
};
|
|
};
|
|
}
|