{ config, lib, ... }: let host = "pads.dgnum.eu"; port = 3007; in { services = { hedgedoc = { enable = true; environmentFile = config.age.secrets."hedgedoc-environment_file".path; settings = { inherit port; domain = host; host = "127.0.0.1"; allowOrigin = [ host ]; db = { dialect = "postgres"; host = "/run/postgresql"; }; }; }; nginx.virtualHosts.${host} = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://127.0.0.1:${builtins.toString port}"; proxyWebsockets = true; }; }; postgresql = { enable = true; ensureDatabases = [ "hedgedoc" ]; ensureUsers = [{ name = "hedgedoc"; ensurePermissions = { "DATABASE hedgedoc" = "ALL PRIVILEGES"; }; }]; }; }; systemd.services.hedgedoc.serviceConfig.StateDirectory = lib.mkForce [ "hedgedoc" "hedgedoc/uploads" ]; }