From e277cce3bced6e1aae41745fa63d28e2d62350c7 Mon Sep 17 00:00:00 2001 From: Jack O'Sullivan Date: Mon, 8 Jan 2024 21:40:20 +0000 Subject: [PATCH] nixos/object: Add HedgeDoc --- .../vms/shill/containers/middleman/vhosts.nix | 5 ++++ .../colony/vms/shill/containers/object.nix | 28 ++++++++++++++++++- nixos/modules/tmproot.nix | 9 ++++++ secrets/object/hedgedoc.env.age | 14 ++++++++++ 4 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 secrets/object/hedgedoc.env.age diff --git a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix index ced28a3..27a96ac 100644 --- a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix +++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix @@ -376,6 +376,11 @@ in locations."/".proxyPass = "http://localhost:8989"; useACMEHost = pubDomain; }; + + "md.${pubDomain}" = { + locations."/".proxyPass = "http://object-ctr.${domain}:3000"; + useACMEHost = pubDomain; + }; }; minio = diff --git a/nixos/boxes/colony/vms/shill/containers/object.nix b/nixos/boxes/colony/vms/shill/containers/object.nix index 7d6e0fc..d3139da 100644 --- a/nixos/boxes/colony/vms/shill/containers/object.nix +++ b/nixos/boxes/colony/vms/shill/containers/object.nix @@ -48,11 +48,17 @@ in group = config.my.user.config.group; }; "object/atticd.env" = {}; + "object/hedgedoc.env" = {}; }; }; firewall = { - tcp.allowed = [ 9000 9001 config.services.sharry.config.bind.port 8069 ]; + tcp.allowed = [ + 9000 9001 + config.services.sharry.config.bind.port + 8069 + config.services.hedgedoc.settings.port + ]; }; user.homeConfig = { @@ -194,6 +200,26 @@ in }; }; }; + + hedgedoc = { + enable = true; + environmentFile = config.age.secrets."object/hedgedoc.env".path; + settings = { + domain = "md.${pubDomain}"; + protocolUseSSL = true; + db = { + dialect = "postgresql"; + username = "hedgedoc"; + database = "hedgedoc"; + host = "colony-psql"; + }; + host = "::"; + allowAnonymous = false; + allowAnonymousEdits = true; + email = true; + allowEmailRegister = false; + }; + }; }; } (mkIf config.my.build.isDevVM { diff --git a/nixos/modules/tmproot.nix b/nixos/modules/tmproot.nix index fcef861..6ae8641 100644 --- a/nixos/modules/tmproot.nix +++ b/nixos/modules/tmproot.nix @@ -483,6 +483,15 @@ in (mkIf config.my.librespeed.backend.enable { my.tmproot.persistence.config.directories = [ "/var/lib/librespeed-go" ]; }) + (mkIf config.services.hedgedoc.enable { + my.tmproot.persistence.config.directories = [ + { + directory = "/var/lib/hedgedoc"; + user = "hedgedoc"; + group = "hedgedoc"; + } + ]; + }) ])) ]); diff --git a/secrets/object/hedgedoc.env.age b/secrets/object/hedgedoc.env.age new file mode 100644 index 0000000..91386b7 --- /dev/null +++ b/secrets/object/hedgedoc.env.age @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGhrYnR2ZyA3MjM3 +dytZeGQ1VmFtdmtEdFlQWG9zMzZLY3psY1NBaVloeUh2VG4xbVVrCjdua1BHajdT +WEpvdTRoTVdTUGpqTzhQWXpEMkxEVzBwQkwwZ21qNkdMVkEKLT4gWDI1NTE5IG9x +d0ViazRzcG1qSDNFR29GcFJtMWxabWRqdnBjQUZBWklyNUZvdjBmMlkKcWhDUGxu +YTZUbEhtMW5pajdpQXYrdEp4NllXRkQ0NWRhc2p5Y1Vub2VjTQotPiBMSTgtZ3Jl +YXNlIHQ3Ngo3enhCRVhiV3N0TlkzdHNMMHJTZ3F5ckc0UUlUa3hCVEZQdTUxaW9p +R2hJRmlxWTZPU2VVbEpvZDZpKzN2NXh0CndxRVM4ZkEKLS0tIHMyTEZJUVRGWlB0 +bS9hbjduWWJuVW5KVXpnYlRkMFdCK052RkUvSEdMV1kK4fjaE0yBZXu55Kn1j/yG +PRwEhA9QyNbas21qCikGh8RxCUfoobhlKHpYxyvOMenhv0+8gb3ceXzSUR/3a98Y +orARTVFlOvVZolCwoyC86kUExIBubJxO3EpH2UxrvQoCOrAf5XdD+qzt/G71wpYk +jGUknUWUyPbj9HWoVo2aRmC//bCnena9DUVicAXbDwqr5/KCHHFlkT9UI5Vqvgfw +rPpyZ+De +-----END AGE ENCRYPTED FILE-----