Simon Bruder
f945341668
This applies the REUSE specification to the repository, so the licensing information can be tracked for every file individually.
65 lines
1.6 KiB
Nix
65 lines
1.6 KiB
Nix
# SPDX-FileCopyrightText: 2021-2023 Simon Bruder <simon@sbruder.de>
|
|
#
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
{ config, lib, pkgs, ... }:
|
|
let
|
|
cfg = config.services.hedgedoc;
|
|
in
|
|
{
|
|
services.postgresql = {
|
|
enable = true;
|
|
ensureDatabases = [ "hedgedoc" ];
|
|
ensureUsers = lib.singleton {
|
|
name = "hedgedoc";
|
|
ensureDBOwnership = true;
|
|
};
|
|
};
|
|
|
|
services.hedgedoc = {
|
|
enable = true;
|
|
settings = {
|
|
host = "127.0.0.1";
|
|
port = 3001;
|
|
db = {
|
|
dialect = "postgres";
|
|
host = "/run/postgresql";
|
|
user = "hedgedoc";
|
|
database = "hedgedoc";
|
|
};
|
|
domain = "pad.sbruder.de";
|
|
protocolUseSSL = true;
|
|
csp.enable = true;
|
|
imageUploadType = "filesystem";
|
|
};
|
|
};
|
|
|
|
systemd.services.hedgedoc = {
|
|
after = [ "postgresql.service" ];
|
|
preStart = toString (pkgs.writeShellScript "hedgedoc-generate-session-secret" ''
|
|
if [ ! -f /var/lib/hedgedoc/session_secret_env ]; then
|
|
echo "CMD_SESSION_SECRET=$(${pkgs.pwgen}/bin/pwgen -s 32 1)" > /var/lib/hedgedoc/session_secret_env
|
|
fi
|
|
'');
|
|
serviceConfig = {
|
|
Environment = [
|
|
"CMD_LOGLEVEL=warn"
|
|
];
|
|
EnvironmentFile = [
|
|
"-/var/lib/hedgedoc/session_secret_env" # - ensures that it will not fail on first start
|
|
];
|
|
};
|
|
};
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"d ${cfg.settings.uploadsPath} 0700 hedgedoc hedgedoc - -"
|
|
];
|
|
|
|
services.nginx.virtualHosts."pad.sbruder.de" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations."/".proxyPass = "http://${cfg.settings.host}:${toString cfg.settings.port}";
|
|
};
|
|
}
|