diff --git a/hosts/Infini-DL360/default.nix b/hosts/Infini-DL360/default.nix index f5b916f..8edc91b 100644 --- a/hosts/Infini-DL360/default.nix +++ b/hosts/Infini-DL360/default.nix @@ -10,6 +10,7 @@ ./factorio.nix ./forgejo.nix ./freshrss.nix + ./hedgedoc.nix ./hydra.nix ./jellyfin.nix ./jupyter.nix diff --git a/hosts/Infini-DL360/hedgedoc.nix b/hosts/Infini-DL360/hedgedoc.nix new file mode 100644 index 0000000..d4c37be --- /dev/null +++ b/hosts/Infini-DL360/hedgedoc.nix @@ -0,0 +1,32 @@ +{ config, common, ... }: +let + cfg = config.services.hedgedoc; + domain = common.subdomain "md"; +in +{ + services.hedgedoc = { + enable = true; + environmentFile = config.secrets."hedgedoc"; + settings = { + inherit domain; + protocolUseSSL = true; + port = 3003; + + db = { dialect = "sqlite"; storage = "/srv/hedgedoc/db.sqlite"; }; + uploadsPath = "/srv/hedgedoc/uploads"; + + allowFreeURL = true; + requireFreeURLAuthentication = true; + }; + }; + + services.nginx.virtualHosts.${domain} = common.nginx.ssl // { + locations."/" = { + proxyPass = "http://${cfg.settings.host}:${toString cfg.settings.port}"; + }; + }; + + systemd.services.hedgedoc.serviceConfig = { + ReadWritePaths = [ "-/srv/hedgedoc" ]; + }; +} diff --git a/secrets/default.nix b/secrets/default.nix index cf02df5..973de6d 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -47,6 +47,9 @@ in (mkIf config.services.hydra.enable { inherit (secrets) hydra; }) + (mkIf config.services.hedgedoc.enable { + "hedgedoc" = withOwnerGroup "hedgedoc" secrets."hedgedoc"; + }) ]; }; } diff --git a/secrets/hedgedoc.age b/secrets/hedgedoc.age new file mode 100644 index 0000000..2b3fdc2 Binary files /dev/null and b/secrets/hedgedoc.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 911f5c7..76f7d8b 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -36,4 +36,5 @@ in "cloudflare.age".publicKeys = allKeys; "smtp-password.age".publicKeys = allKeys; "hydra.age".publicKeys = allKeys; + "hedgedoc.age".publicKeys = allKeys; }