nixos/object: Add HedgeDoc

2024-01-08 21:40:20 +00:00 · 2024-01-08 21:40:20 +00:00 · e277cce3bc
commit e277cce3bc
parent c9ce57e2c5
4 changed files with 55 additions and 1 deletions
--- a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
+++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
@ -376,6 +376,11 @@ in
        locations."/".proxyPass = "http://localhost:8989";
        useACMEHost = pubDomain;
      };
+
+      "md.${pubDomain}" = {
+        locations."/".proxyPass = "http://object-ctr.${domain}:3000";
+        useACMEHost = pubDomain;
+      };
    };

    minio =
--- a/nixos/boxes/colony/vms/shill/containers/object.nix
+++ b/nixos/boxes/colony/vms/shill/containers/object.nix
@ -48,11 +48,17 @@ in
                  group = config.my.user.config.group;
                };
                "object/atticd.env" = {};
+                "object/hedgedoc.env" = {};
              };
            };

            firewall = {
-              tcp.allowed = [ 9000 9001 config.services.sharry.config.bind.port 8069 ];
+              tcp.allowed = [
+                9000 9001
+                config.services.sharry.config.bind.port
+                8069
+                config.services.hedgedoc.settings.port
+              ];
            };

            user.homeConfig = {
@ -194,6 +200,26 @@ in
                };
              };
            };
+
+            hedgedoc = {
+              enable = true;
+              environmentFile = config.age.secrets."object/hedgedoc.env".path;
+              settings = {
+                domain = "md.${pubDomain}";
+                protocolUseSSL = true;
+                db = {
+                  dialect = "postgresql";
+                  username = "hedgedoc";
+                  database = "hedgedoc";
+                  host = "colony-psql";
+                };
+                host = "::";
+                allowAnonymous = false;
+                allowAnonymousEdits = true;
+                email = true;
+                allowEmailRegister = false;
+              };
+            };
          };
        }
        (mkIf config.my.build.isDevVM {
--- a/nixos/modules/tmproot.nix
+++ b/nixos/modules/tmproot.nix
@ -483,6 +483,15 @@ in
      (mkIf config.my.librespeed.backend.enable {
        my.tmproot.persistence.config.directories = [ "/var/lib/librespeed-go" ];
      })
+      (mkIf config.services.hedgedoc.enable {
+        my.tmproot.persistence.config.directories = [
+          {
+            directory = "/var/lib/hedgedoc";
+            user = "hedgedoc";
+            group = "hedgedoc";
+          }
+        ];
+      })
    ]))
  ]);

--- a/secrets/object/hedgedoc.env.age
+++ b/secrets/object/hedgedoc.env.age
@ -0,0 +1,14 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGhrYnR2ZyA3MjM3
+dytZeGQ1VmFtdmtEdFlQWG9zMzZLY3psY1NBaVloeUh2VG4xbVVrCjdua1BHajdT
+WEpvdTRoTVdTUGpqTzhQWXpEMkxEVzBwQkwwZ21qNkdMVkEKLT4gWDI1NTE5IG9x
+d0ViazRzcG1qSDNFR29GcFJtMWxabWRqdnBjQUZBWklyNUZvdjBmMlkKcWhDUGxu
+YTZUbEhtMW5pajdpQXYrdEp4NllXRkQ0NWRhc2p5Y1Vub2VjTQotPiBMSTgtZ3Jl
+YXNlIHQ3Ngo3enhCRVhiV3N0TlkzdHNMMHJTZ3F5ckc0UUlUa3hCVEZQdTUxaW9p
+R2hJRmlxWTZPU2VVbEpvZDZpKzN2NXh0CndxRVM4ZkEKLS0tIHMyTEZJUVRGWlB0
+bS9hbjduWWJuVW5KVXpnYlRkMFdCK052RkUvSEdMV1kK4fjaE0yBZXu55Kn1j/yG
+PRwEhA9QyNbas21qCikGh8RxCUfoobhlKHpYxyvOMenhv0+8gb3ceXzSUR/3a98Y
+orARTVFlOvVZolCwoyC86kUExIBubJxO3EpH2UxrvQoCOrAf5XdD+qzt/G71wpYk
+jGUknUWUyPbj9HWoVo2aRmC//bCnena9DUVicAXbDwqr5/KCHHFlkT9UI5Vqvgfw
+rPpyZ+De
+-----END AGE ENCRYPTED FILE-----