From c2d7adfcd07afa799d7b62368281245f81037711 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Thu, 5 Oct 2023 09:52:13 +0200 Subject: [PATCH] feat(compute01): Deploy hedgedoc on pads.dgnum.eu --- machines/compute01/_configuration.nix | 1 + machines/compute01/hedgedoc.nix | 51 ++++++++++++++++++ .../secrets/hedgedoc-environment_file | Bin 0 -> 1265 bytes machines/compute01/secrets/secrets.nix | 1 + 4 files changed, 53 insertions(+) create mode 100644 machines/compute01/hedgedoc.nix create mode 100644 machines/compute01/secrets/hedgedoc-environment_file diff --git a/machines/compute01/_configuration.nix b/machines/compute01/_configuration.nix index c1c30aa..1c0f049 100644 --- a/machines/compute01/_configuration.nix +++ b/machines/compute01/_configuration.nix @@ -10,6 +10,7 @@ lib.extra.mkConfig { enabledServices = [ # List of services to enable "ds-fr" + "hedgedoc" "kanidm" "mastodon" "nextcloud" diff --git a/machines/compute01/hedgedoc.nix b/machines/compute01/hedgedoc.nix new file mode 100644 index 0000000..d37a728 --- /dev/null +++ b/machines/compute01/hedgedoc.nix @@ -0,0 +1,51 @@ +{ config, lib, ... }: + +let + host = "pads.dgnum.eu"; + port = 3007; +in { + services = { + hedgedoc = { + enable = true; + + environmentFile = config.age.secrets."hedgedoc-environment_file".path; + + settings = { + inherit port; + + domain = host; + host = "127.0.0.1"; + allowOrigin = [ host ]; + + db = { + dialect = "postgres"; + host = "/run/postgresql"; + }; + }; + }; + + nginx.virtualHosts.${host} = { + forceSSL = true; + enableACME = true; + + locations."/" = { + proxyPass = "http://127.0.0.1:${builtins.toString port}"; + proxyWebsockets = true; + }; + }; + + postgresql = { + enable = true; + + ensureDatabases = [ "hedgedoc" ]; + + ensureUsers = [{ + name = "hedgedoc"; + ensurePermissions = { "DATABASE hedgedoc" = "ALL PRIVILEGES"; }; + }]; + }; + }; + + systemd.services.hedgedoc.serviceConfig.StateDirectory = + lib.mkForce [ "hedgedoc" "hedgedoc/uploads" ]; +} diff --git a/machines/compute01/secrets/hedgedoc-environment_file b/machines/compute01/secrets/hedgedoc-environment_file new file mode 100644 index 0000000000000000000000000000000000000000..992dca858aa6b33c6c797d8baf5615e66abc5575 GIT binary patch literal 1265 zcmZA0zw6_49LI6-5WW{gZV^3@qYB~>dik9ugF>1#-z5DcZPKP~ic6ZL`Puwzel&yJ zpy=Q&iZ{6^p13)P$k*cpH#ZScaCA8iZ@)nozb+2nzu>`}*Yj=r-q1^(@{}LLEWMqT zKGI;&@U1~r1w+rpDGFl;N1;#*e~_rgnCNhpLJ(;a8*v3@&e*_%#jdP)RGUjtf=+QV zQUeB>CqaVpJx@FNa+~3kT1dKVs}Xa!uqb-U0*&hJ!jng$dR2?$&3?`e)-pB%26Gy# zeY@OwL_uIPtf(gHDKpySB-ou57sp9+=un7qVy6(ukuyf<4ZfP&M@DbpK9jeVqsVlylDGxn7)YCR z?Z(v%qOZjz#jGWk8`8&9cnSNh|6)z)TZKAWc+3{ zo&K+tl|6{dH4k*i>UNlm+PXE%n#~mLmp-e~yIhaxPFvI_QH72jfCUwJAs?n&D^zJ@ zV%jG&Bm0YuY$Q&B`7R))d=)}P0Glq(2!z_vVGCXuml%B8_#|^I)6k)WJgDP5K9uxZ3K25iF zJW{JA1QSM-DrmXc7^`Gmfv8sd5^z+ra9JSAbmj3K1ArBkrim3|k&00#S%v6;wPG4E zfSfH(U-qjpm&t3bbBs4WZt7RJMVeN3^Z`TDtszG<*=Hqw7LZil&Ugio+f&BoG_VYi|KBI2c$q>}|jyifFuIbvG5pZs;y6V&6^KdG1#pdR0RWc69kA3BTb4 zpjeWz?9UnH^3-#~LB()RP$w8O%`TfB>NQ2t910bd$lyz_rF#N~4-TA?HDxj0ceIcBpwE10 zI2;aOBj{B@R7a~ZJIBq1zRc&%+{gD?-ERc4GLr77fFui06Z-Mp&#t}x%wHE@vUlzv zFHC;>0R85Z?|*i{hmT+R=ivSN>gP9Z{_x`6kMUdYJ-E1da`){gPtTrxY~C#Hy>|W9 z8-G7{*5CW|J~_0X7y3u(clX!V3+dq>57b`%`o`+^JCCkq55J(EzI^ukM}PkGZFph5 L`PEDB|Kk4(u9l-w literal 0 HcmV?d00001 diff --git a/machines/compute01/secrets/secrets.nix b/machines/compute01/secrets/secrets.nix index d71021e..f1888c5 100644 --- a/machines/compute01/secrets/secrets.nix +++ b/machines/compute01/secrets/secrets.nix @@ -5,6 +5,7 @@ in lib.setDefault { inherit publicKeys; } [ "ds_fr-secret_file" + "hedgedoc-environment_file" "mastodon-extra_env_file" "nextcloud-adminpass_file" "nextcloud-s3_secret_file"