infrastructure/machines/compute01/hedgedoc.nix

{ config, lib, ... }:

let
  host = "pads.dgnum.eu";
  port = 3007;
in
{
  services = {
    hedgedoc = {
      enable = true;

      environmentFile = config.age.secrets."hedgedoc-environment_file".path;

      settings = {
        inherit port;

        domain = host;
        host = "127.0.0.1";
        allowOrigin = [ host ];

        protocolUseSSL = true;

        allowFreeURL = true;

        db = {
          dialect = "postgres";
          host = "/run/postgresql";
        };
      };
    };

    nginx.virtualHosts.${host} = {
      forceSSL = true;
      enableACME = true;

      locations."/" = {
        proxyPass = "http://127.0.0.1:${builtins.toString port}";
        proxyWebsockets = true;
      };
    };

    postgresql = {
      enable = true;

      ensureDatabases = [ "hedgedoc" ];

      ensureUsers = [
        {
          name = "hedgedoc";
          ensureDBOwnership = true;
        }
      ];
    };
  };

  systemd.services.hedgedoc.serviceConfig.StateDirectory = lib.mkForce [
    "hedgedoc"
    "hedgedoc/uploads"
  ];

  dgn-backups.jobs.hedgedoc.settings.paths = [ "/var/lib/hedgedoc" ];
  dgn-backups.postgresDatabases = [ "hedgedoc" ];
}