nixos-config/machines/renge/services/hedgedoc.nix

65 lines
1.6 KiB
Nix
Raw Permalink Normal View History

# SPDX-FileCopyrightText: 2021-2023 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
2021-03-10 15:40:55 +01:00
{ config, lib, pkgs, ... }:
let
cfg = config.services.hedgedoc;
in
{
services.postgresql = {
enable = true;
ensureDatabases = [ "hedgedoc" ];
ensureUsers = lib.singleton {
2022-03-23 17:27:55 +01:00
name = "hedgedoc";
Upgrade to 23.11 Flake lock file updates: • Updated input 'bang-evaluator': 'git+https://git.sbruder.de/simon/bangs?ref=refs/heads/master&rev=7fc3d5019c907566abbad8f84ba9555a5786bd01' (2021-08-01) → 'git+https://git.sbruder.de/simon/bangs?ref=refs/heads/master&rev=a06c68c44862f74757a203e2df41ea83c33722d9' (2023-12-02) • Updated input 'home-manager': 'github:nix-community/home-manager/04bac349d585c9df38d78e0285b780a140dc74a4' (2023-11-12) → 'github:nix-community/home-manager/aeb2232d7a32530d3448318790534d196bf9427a' (2023-11-24) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/9a4725afa67db35cdf7be89f30527d745194cafa' (2023-11-19) → 'github:nix-community/home-manager/4a8545f5e737a6338814a4676dc8e18c7f43fc57' (2023-12-01) • Updated input 'nix-pre-commit-hooks': 'github:cachix/pre-commit-hooks.nix/e558068cba67b23b4fbc5537173dbb43748a17e8' (2023-11-15) → 'github:cachix/pre-commit-hooks.nix/e5ee5c5f3844550c01d2131096c7271cec5e9b78' (2023-11-25) • Updated input 'nixos-hardware': 'github:nixos/nixos-hardware/1721da31f9b30cbf4460c4ec5068b3b6174a4694' (2023-11-18) → 'github:nixos/nixos-hardware/8772491ed75f150f02552c60694e1beff9f46013' (2023-11-29) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/9fb122519e9cd465d532f736a98c1e1eb541ef6f' (2023-11-16) → 'github:nixos/nixpkgs/5de0b32be6e85dc1a9404c75131316e4ffbc634c' (2023-12-01) • Updated input 'nixpkgs-overlay': 'git+https://git.sbruder.de/simon/nixpkgs-overlay?ref=refs/heads/master&rev=c8a17806a75733dec2ecdd8f0021c70d1f9dfc43' (2023-10-04) → 'git+https://git.sbruder.de/simon/nixpkgs-overlay?ref=refs/heads/master&rev=37f80d1593ab856372cc0da199f49565f3b05c71' (2023-12-02) • Updated input 'nixpkgs-overlay/poetry2nix': 'github:nix-community/poetry2nix/093383b3d7fdd36846a7d84e128ca11865800538' (2023-09-22) → 'github:nix-community/poetry2nix/7acb78166a659d6afe9b043bb6fe5cb5e86bb75e' (2023-12-01) • Updated input 'nixpkgs-overlay/poetry2nix/nix-github-actions': 'github:nix-community/nix-github-actions/165b1650b753316aa7f1787f3005a8d2da0f5301' (2023-07-09) → 'github:nix-community/nix-github-actions/4bb5e752616262457bc7ca5882192a564c0472d2' (2023-11-03) • Added input 'nixpkgs-overlay/poetry2nix/systems': 'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09) • Added input 'nixpkgs-overlay/poetry2nix/treefmt-nix': 'github:numtide/treefmt-nix/e82f32aa7f06bbbd56d7b12186d555223dc399d1' (2023-11-12) • Added input 'nixpkgs-overlay/poetry2nix/treefmt-nix/nixpkgs': follows 'nixpkgs-overlay/poetry2nix/nixpkgs' • Updated input 'nixpkgs-unstable': 'github:nixos/nixpkgs/c757e9bd77b16ca2e03c89bf8bc9ecb28e0c06ad' (2023-11-17) → 'github:nixos/nixpkgs/e92039b55bcd58469325ded85d4f58dd5a4eaf58' (2023-11-29) • Updated input 'sops-nix': 'github:Mic92/sops-nix/49a87c6c827ccd21c225531e30745a9a6464775c' (2023-11-19) → 'github:Mic92/sops-nix/e19071f9958c8da4f4347d3d78790d97e98ba22f' (2023-12-02) • Updated input 'sops-nix/nixpkgs-stable': 'github:NixOS/nixpkgs/decdf666c833a325cb4417041a90681499e06a41' (2023-11-18) → 'github:NixOS/nixpkgs/dfb95385d21475da10b63da74ae96d89ab352431' (2023-11-25)
2023-12-02 18:54:23 +01:00
ensureDBOwnership = true;
2021-03-10 15:40:55 +01:00
};
};
services.hedgedoc = {
enable = true;
settings = {
2021-03-10 15:40:55 +01:00
host = "127.0.0.1";
port = 3001;
db = {
dialect = "postgres";
host = "/run/postgresql";
2022-03-23 17:27:55 +01:00
user = "hedgedoc";
2021-03-10 15:40:55 +01:00
database = "hedgedoc";
};
domain = "pad.sbruder.de";
protocolUseSSL = true;
csp.enable = true;
imageUploadType = "filesystem";
};
};
systemd.services.hedgedoc = {
2021-03-30 16:13:20 +02:00
after = [ "postgresql.service" ];
2021-03-10 15:40:55 +01:00
preStart = toString (pkgs.writeShellScript "hedgedoc-generate-session-secret" ''
Upgrade to 23.11 Flake lock file updates: • Updated input 'bang-evaluator': 'git+https://git.sbruder.de/simon/bangs?ref=refs/heads/master&rev=7fc3d5019c907566abbad8f84ba9555a5786bd01' (2021-08-01) → 'git+https://git.sbruder.de/simon/bangs?ref=refs/heads/master&rev=a06c68c44862f74757a203e2df41ea83c33722d9' (2023-12-02) • Updated input 'home-manager': 'github:nix-community/home-manager/04bac349d585c9df38d78e0285b780a140dc74a4' (2023-11-12) → 'github:nix-community/home-manager/aeb2232d7a32530d3448318790534d196bf9427a' (2023-11-24) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/9a4725afa67db35cdf7be89f30527d745194cafa' (2023-11-19) → 'github:nix-community/home-manager/4a8545f5e737a6338814a4676dc8e18c7f43fc57' (2023-12-01) • Updated input 'nix-pre-commit-hooks': 'github:cachix/pre-commit-hooks.nix/e558068cba67b23b4fbc5537173dbb43748a17e8' (2023-11-15) → 'github:cachix/pre-commit-hooks.nix/e5ee5c5f3844550c01d2131096c7271cec5e9b78' (2023-11-25) • Updated input 'nixos-hardware': 'github:nixos/nixos-hardware/1721da31f9b30cbf4460c4ec5068b3b6174a4694' (2023-11-18) → 'github:nixos/nixos-hardware/8772491ed75f150f02552c60694e1beff9f46013' (2023-11-29) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/9fb122519e9cd465d532f736a98c1e1eb541ef6f' (2023-11-16) → 'github:nixos/nixpkgs/5de0b32be6e85dc1a9404c75131316e4ffbc634c' (2023-12-01) • Updated input 'nixpkgs-overlay': 'git+https://git.sbruder.de/simon/nixpkgs-overlay?ref=refs/heads/master&rev=c8a17806a75733dec2ecdd8f0021c70d1f9dfc43' (2023-10-04) → 'git+https://git.sbruder.de/simon/nixpkgs-overlay?ref=refs/heads/master&rev=37f80d1593ab856372cc0da199f49565f3b05c71' (2023-12-02) • Updated input 'nixpkgs-overlay/poetry2nix': 'github:nix-community/poetry2nix/093383b3d7fdd36846a7d84e128ca11865800538' (2023-09-22) → 'github:nix-community/poetry2nix/7acb78166a659d6afe9b043bb6fe5cb5e86bb75e' (2023-12-01) • Updated input 'nixpkgs-overlay/poetry2nix/nix-github-actions': 'github:nix-community/nix-github-actions/165b1650b753316aa7f1787f3005a8d2da0f5301' (2023-07-09) → 'github:nix-community/nix-github-actions/4bb5e752616262457bc7ca5882192a564c0472d2' (2023-11-03) • Added input 'nixpkgs-overlay/poetry2nix/systems': 'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09) • Added input 'nixpkgs-overlay/poetry2nix/treefmt-nix': 'github:numtide/treefmt-nix/e82f32aa7f06bbbd56d7b12186d555223dc399d1' (2023-11-12) • Added input 'nixpkgs-overlay/poetry2nix/treefmt-nix/nixpkgs': follows 'nixpkgs-overlay/poetry2nix/nixpkgs' • Updated input 'nixpkgs-unstable': 'github:nixos/nixpkgs/c757e9bd77b16ca2e03c89bf8bc9ecb28e0c06ad' (2023-11-17) → 'github:nixos/nixpkgs/e92039b55bcd58469325ded85d4f58dd5a4eaf58' (2023-11-29) • Updated input 'sops-nix': 'github:Mic92/sops-nix/49a87c6c827ccd21c225531e30745a9a6464775c' (2023-11-19) → 'github:Mic92/sops-nix/e19071f9958c8da4f4347d3d78790d97e98ba22f' (2023-12-02) • Updated input 'sops-nix/nixpkgs-stable': 'github:NixOS/nixpkgs/decdf666c833a325cb4417041a90681499e06a41' (2023-11-18) → 'github:NixOS/nixpkgs/dfb95385d21475da10b63da74ae96d89ab352431' (2023-11-25)
2023-12-02 18:54:23 +01:00
if [ ! -f /var/lib/hedgedoc/session_secret_env ]; then
echo "CMD_SESSION_SECRET=$(${pkgs.pwgen}/bin/pwgen -s 32 1)" > /var/lib/hedgedoc/session_secret_env
2021-03-10 15:40:55 +01:00
fi
'');
serviceConfig = {
Environment = [
"CMD_LOGLEVEL=warn"
];
EnvironmentFile = [
Upgrade to 23.11 Flake lock file updates: • Updated input 'bang-evaluator': 'git+https://git.sbruder.de/simon/bangs?ref=refs/heads/master&rev=7fc3d5019c907566abbad8f84ba9555a5786bd01' (2021-08-01) → 'git+https://git.sbruder.de/simon/bangs?ref=refs/heads/master&rev=a06c68c44862f74757a203e2df41ea83c33722d9' (2023-12-02) • Updated input 'home-manager': 'github:nix-community/home-manager/04bac349d585c9df38d78e0285b780a140dc74a4' (2023-11-12) → 'github:nix-community/home-manager/aeb2232d7a32530d3448318790534d196bf9427a' (2023-11-24) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/9a4725afa67db35cdf7be89f30527d745194cafa' (2023-11-19) → 'github:nix-community/home-manager/4a8545f5e737a6338814a4676dc8e18c7f43fc57' (2023-12-01) • Updated input 'nix-pre-commit-hooks': 'github:cachix/pre-commit-hooks.nix/e558068cba67b23b4fbc5537173dbb43748a17e8' (2023-11-15) → 'github:cachix/pre-commit-hooks.nix/e5ee5c5f3844550c01d2131096c7271cec5e9b78' (2023-11-25) • Updated input 'nixos-hardware': 'github:nixos/nixos-hardware/1721da31f9b30cbf4460c4ec5068b3b6174a4694' (2023-11-18) → 'github:nixos/nixos-hardware/8772491ed75f150f02552c60694e1beff9f46013' (2023-11-29) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/9fb122519e9cd465d532f736a98c1e1eb541ef6f' (2023-11-16) → 'github:nixos/nixpkgs/5de0b32be6e85dc1a9404c75131316e4ffbc634c' (2023-12-01) • Updated input 'nixpkgs-overlay': 'git+https://git.sbruder.de/simon/nixpkgs-overlay?ref=refs/heads/master&rev=c8a17806a75733dec2ecdd8f0021c70d1f9dfc43' (2023-10-04) → 'git+https://git.sbruder.de/simon/nixpkgs-overlay?ref=refs/heads/master&rev=37f80d1593ab856372cc0da199f49565f3b05c71' (2023-12-02) • Updated input 'nixpkgs-overlay/poetry2nix': 'github:nix-community/poetry2nix/093383b3d7fdd36846a7d84e128ca11865800538' (2023-09-22) → 'github:nix-community/poetry2nix/7acb78166a659d6afe9b043bb6fe5cb5e86bb75e' (2023-12-01) • Updated input 'nixpkgs-overlay/poetry2nix/nix-github-actions': 'github:nix-community/nix-github-actions/165b1650b753316aa7f1787f3005a8d2da0f5301' (2023-07-09) → 'github:nix-community/nix-github-actions/4bb5e752616262457bc7ca5882192a564c0472d2' (2023-11-03) • Added input 'nixpkgs-overlay/poetry2nix/systems': 'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09) • Added input 'nixpkgs-overlay/poetry2nix/treefmt-nix': 'github:numtide/treefmt-nix/e82f32aa7f06bbbd56d7b12186d555223dc399d1' (2023-11-12) • Added input 'nixpkgs-overlay/poetry2nix/treefmt-nix/nixpkgs': follows 'nixpkgs-overlay/poetry2nix/nixpkgs' • Updated input 'nixpkgs-unstable': 'github:nixos/nixpkgs/c757e9bd77b16ca2e03c89bf8bc9ecb28e0c06ad' (2023-11-17) → 'github:nixos/nixpkgs/e92039b55bcd58469325ded85d4f58dd5a4eaf58' (2023-11-29) • Updated input 'sops-nix': 'github:Mic92/sops-nix/49a87c6c827ccd21c225531e30745a9a6464775c' (2023-11-19) → 'github:Mic92/sops-nix/e19071f9958c8da4f4347d3d78790d97e98ba22f' (2023-12-02) • Updated input 'sops-nix/nixpkgs-stable': 'github:NixOS/nixpkgs/decdf666c833a325cb4417041a90681499e06a41' (2023-11-18) → 'github:NixOS/nixpkgs/dfb95385d21475da10b63da74ae96d89ab352431' (2023-11-25)
2023-12-02 18:54:23 +01:00
"-/var/lib/hedgedoc/session_secret_env" # - ensures that it will not fail on first start
2021-03-10 15:40:55 +01:00
];
};
};
systemd.tmpfiles.rules = [
"d ${cfg.settings.uploadsPath} 0700 hedgedoc hedgedoc - -"
2021-03-10 15:40:55 +01:00
];
services.nginx.virtualHosts."pad.sbruder.de" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${cfg.settings.host}:${toString cfg.settings.port}";
2021-03-10 15:40:55 +01:00
};
}