feat(compute01): Deploy hedgedoc on pads.dgnum.eu

machines/compute01/_configuration.nix

@@ -10,6 +10,7 @@ lib.extra.mkConfig {
   enabledServices = [
     # List of services to enable
     "ds-fr"
+    "hedgedoc"
     "kanidm"
     "mastodon"
     "nextcloud"

machines/compute01/hedgedoc.nix

@@ -0,0 +1,51 @@
+{ config, lib, ... }:
+
+let
+  host = "pads.dgnum.eu";
+  port = 3007;
+in {
+  services = {
+    hedgedoc = {
+      enable = true;
+
+      environmentFile = config.age.secrets."hedgedoc-environment_file".path;
+
+      settings = {
+        inherit port;
+
+        domain = host;
+        host = "127.0.0.1";
+        allowOrigin = [ host ];
+
+        db = {
+          dialect = "postgres";
+          host = "/run/postgresql";
+        };
+      };
+    };
+
+    nginx.virtualHosts.${host} = {
+      forceSSL = true;
+      enableACME = true;
+
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${builtins.toString port}";
+        proxyWebsockets = true;
+      };
+    };
+
+    postgresql = {
+      enable = true;
+
+      ensureDatabases = [ "hedgedoc" ];
+
+      ensureUsers = [{
+        name = "hedgedoc";
+        ensurePermissions = { "DATABASE hedgedoc" = "ALL PRIVILEGES"; };
+      }];
+    };
+  };
+
+  systemd.services.hedgedoc.serviceConfig.StateDirectory =
+    lib.mkForce [ "hedgedoc" "hedgedoc/uploads" ];
+}

machines/compute01/secrets/secrets.nix

@@ -5,6 +5,7 @@ in
 
 lib.setDefault { inherit publicKeys; } [
   "ds_fr-secret_file"
+  "hedgedoc-environment_file"
   "mastodon-extra_env_file"
   "nextcloud-adminpass_file"
   "nextcloud-s3_secret_file"