From c2d7adfcd07afa799d7b62368281245f81037711 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom@hubrecht.ovh>
Date: Thu, 5 Oct 2023 09:52:13 +0200
Subject: [PATCH] feat(compute01): Deploy hedgedoc on pads.dgnum.eu

---
 machines/compute01/_configuration.nix         |   1 +
 machines/compute01/hedgedoc.nix               |  51 ++++++++++++++++++
 .../secrets/hedgedoc-environment_file         | Bin 0 -> 1265 bytes
 machines/compute01/secrets/secrets.nix        |   1 +
 4 files changed, 53 insertions(+)
 create mode 100644 machines/compute01/hedgedoc.nix
 create mode 100644 machines/compute01/secrets/hedgedoc-environment_file

diff --git a/machines/compute01/_configuration.nix b/machines/compute01/_configuration.nix
index c1c30aa..1c0f049 100644
--- a/machines/compute01/_configuration.nix
+++ b/machines/compute01/_configuration.nix
@@ -10,6 +10,7 @@ lib.extra.mkConfig {
   enabledServices = [
     # List of services to enable
     "ds-fr"
+    "hedgedoc"
     "kanidm"
     "mastodon"
     "nextcloud"
diff --git a/machines/compute01/hedgedoc.nix b/machines/compute01/hedgedoc.nix
new file mode 100644
index 0000000..d37a728
--- /dev/null
+++ b/machines/compute01/hedgedoc.nix
@@ -0,0 +1,51 @@
+{ config, lib, ... }:
+
+let
+  host = "pads.dgnum.eu";
+  port = 3007;
+in {
+  services = {
+    hedgedoc = {
+      enable = true;
+
+      environmentFile = config.age.secrets."hedgedoc-environment_file".path;
+
+      settings = {
+        inherit port;
+
+        domain = host;
+        host = "127.0.0.1";
+        allowOrigin = [ host ];
+
+        db = {
+          dialect = "postgres";
+          host = "/run/postgresql";
+        };
+      };
+    };
+
+    nginx.virtualHosts.${host} = {
+      forceSSL = true;
+      enableACME = true;
+
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${builtins.toString port}";
+        proxyWebsockets = true;
+      };
+    };
+
+    postgresql = {
+      enable = true;
+
+      ensureDatabases = [ "hedgedoc" ];
+
+      ensureUsers = [{
+        name = "hedgedoc";
+        ensurePermissions = { "DATABASE hedgedoc" = "ALL PRIVILEGES"; };
+      }];
+    };
+  };
+
+  systemd.services.hedgedoc.serviceConfig.StateDirectory =
+    lib.mkForce [ "hedgedoc" "hedgedoc/uploads" ];
+}
diff --git a/machines/compute01/secrets/hedgedoc-environment_file b/machines/compute01/secrets/hedgedoc-environment_file
new file mode 100644
index 0000000000000000000000000000000000000000..992dca858aa6b33c6c797d8baf5615e66abc5575
GIT binary patch
literal 1265
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSHaVhi)N>|A74RSKB
zFtRk&*Y}9X4$3a}@lSRNGRg=}Dk^q1@C)$B$}#XZGRgAIu;2>F$;dHqu5va@E(nRr
zH*zg?$*IVX@-q(5E{rra^S1QyGp$N2O!YK(^F_BU%QGS^z)>OG)6m=}$fDB8x2ilO
zDb={p*wEjwu-MhNGC!z1r_v>{A~L(M#I-E9!hp*(IXk(~#l$?>N#88OC@dhc#3HaP
zEhV?e(9J?WztT6)CA%=qr6jGY$OPTCz?>i_%Rq(9v>@ZOq$<OVAj9mG5bd&5FN5%q
zta9zblyr-N^5SGKPqU0L56561M++`L*NXCp6u%(js#3QQQ;Tp9OA|)}a|?q4lfZ%u
zU$e?ECl7-p%My!<ifnY-inQ~*^#c{M9n%c`D$^?p-JCtV%2V>)5<Lsc3!U`?oJ>8;
zv_tcv^n*-`wOt%TLOr?MjNJYFvh;o2oihX6G6VCHDoWFn3?eQ3vm6VI3`70A-J;wq
z(#y=fz2UYM6(=fW7lk|f1ad`IBpId{BnC$M=a)rz8&rj)Tl$(M6$ECPRrm#$h8h=V
zCMRb21e<20W;$o)MMY-%n(4cSCRT=Knq>GCgcWlICMKGiL?xD6r1=;ad6t;vIOh3!
zmnN55=I4YP8XE<9IJsnag?c2L8M_*2`?%$0x~G;^r3O1E8iyuFI=Yr{rF!KX7nt~Y
znp9=vmjpV7S(=BNWoDS9rF$9~q^Ib+mziq&r<D1Z`V>b7mpkQVrDpmTCKeSsmUyRm
zB)aMca5<$%YC9&Ex+Q1(Bs%9?m}Z#;g%%l?1{q}-gc}#7x`ewql{xzrni>a{yXN}3
zMP?Rc8wW-uR(eMzW}EvKhj3{d2W91X85BiC1cl{<7yD$D`c@VBIGUCPr&#*9d72fc
zI#*cu_(WzEg@zgyx)tWRWmR}Y7P=+-gnNYsW&3a?M;V#9<W%@sWEcDRl_!^EN2D8t
z2BOEUepz{7a-f2RnOS*|XO_Qbx}}G+e};)^LAk%PmybzQWxi#BnNOmHXK;C_er`^3
zx-VCHX=<=`u%ot5WTJLzgimf(mYGqpWnfC4i&IKwN=UJBT7|b|KtXzOssXxf20@nQ
z0gehe&Jm6-K3<U?K_OM{7GB!MLGD4x25y-F#-^3phM}Pq`QEvu;ijf$js{$Xk!}`7
zA*tnNRmR%dxyjmjCZ(p47O8=bVVOoDjy~CC6=umr1)eF9&XFM7@&jFT(~D9Qi&MFx
zqDoxSD^seBof9qds=SLG-BNPB{FA)0ssc^2Qq0q`oinQP)46nYbrrOOGOB!C+<eW$
zoGb&3LW2WC3IfUk(v8ymN~<DVOp1eYDoVV3a`H0_Lb(pMEM!(?c(rqxWkZ8LpX=2Q
zgUwTSolo}Zc_H&VH}$gOA_2*LqP>%i<XU&{-1)jU=JhuYrWc`-h0~Nc<<x(%a#T&5
zv(!X4k;kR#S>E=g;hcpYdvEUct@2zi5T;l6j5&Yr64P%I9M>j2Jh3%%XQb^4@%D@9
E0Irs!Q2+n{

literal 0
HcmV?d00001

diff --git a/machines/compute01/secrets/secrets.nix b/machines/compute01/secrets/secrets.nix
index d71021e..f1888c5 100644
--- a/machines/compute01/secrets/secrets.nix
+++ b/machines/compute01/secrets/secrets.nix
@@ -5,6 +5,7 @@ in
 
 lib.setDefault { inherit publicKeys; } [
   "ds_fr-secret_file"
+  "hedgedoc-environment_file"
   "mastodon-extra_env_file"
   "nextcloud-adminpass_file"
   "nextcloud-s3_secret_file"