From 98239c4cba6f5d859844709fbe5c2788ab782289 Mon Sep 17 00:00:00 2001
From: Infinidoge <infinidoge@inx.moe>
Date: Mon, 23 Sep 2024 13:27:04 -0400
Subject: [PATCH] Infini-DL360/hedgedoc: init

---
 hosts/Infini-DL360/default.nix  |   1 +
 hosts/Infini-DL360/hedgedoc.nix |  32 ++++++++++++++++++++++++++++++++
 secrets/default.nix             |   3 +++
 secrets/hedgedoc.age            | Bin 0 -> 2822 bytes
 secrets/secrets.nix             |   1 +
 5 files changed, 37 insertions(+)
 create mode 100644 hosts/Infini-DL360/hedgedoc.nix
 create mode 100644 secrets/hedgedoc.age

diff --git a/hosts/Infini-DL360/default.nix b/hosts/Infini-DL360/default.nix
index f5b916f..8edc91b 100644
--- a/hosts/Infini-DL360/default.nix
+++ b/hosts/Infini-DL360/default.nix
@@ -10,6 +10,7 @@
     ./factorio.nix
     ./forgejo.nix
     ./freshrss.nix
+    ./hedgedoc.nix
     ./hydra.nix
     ./jellyfin.nix
     ./jupyter.nix
diff --git a/hosts/Infini-DL360/hedgedoc.nix b/hosts/Infini-DL360/hedgedoc.nix
new file mode 100644
index 0000000..d4c37be
--- /dev/null
+++ b/hosts/Infini-DL360/hedgedoc.nix
@@ -0,0 +1,32 @@
+{ config, common, ... }:
+let
+  cfg = config.services.hedgedoc;
+  domain = common.subdomain "md";
+in
+{
+  services.hedgedoc = {
+    enable = true;
+    environmentFile = config.secrets."hedgedoc";
+    settings = {
+      inherit domain;
+      protocolUseSSL = true;
+      port = 3003;
+
+      db = { dialect = "sqlite"; storage = "/srv/hedgedoc/db.sqlite"; };
+      uploadsPath = "/srv/hedgedoc/uploads";
+
+      allowFreeURL = true;
+      requireFreeURLAuthentication = true;
+    };
+  };
+
+  services.nginx.virtualHosts.${domain} = common.nginx.ssl // {
+    locations."/" = {
+      proxyPass = "http://${cfg.settings.host}:${toString cfg.settings.port}";
+    };
+  };
+
+  systemd.services.hedgedoc.serviceConfig = {
+    ReadWritePaths = [ "-/srv/hedgedoc" ];
+  };
+}
diff --git a/secrets/default.nix b/secrets/default.nix
index cf02df5..973de6d 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -47,6 +47,9 @@ in
       (mkIf config.services.hydra.enable {
         inherit (secrets) hydra;
       })
+      (mkIf config.services.hedgedoc.enable {
+        "hedgedoc" = withOwnerGroup "hedgedoc" secrets."hedgedoc";
+      })
     ];
   };
 }
diff --git a/secrets/hedgedoc.age b/secrets/hedgedoc.age
new file mode 100644
index 0000000000000000000000000000000000000000..2b3fdc22cab061b1129c707a872f5122a2c32ece
GIT binary patch
literal 2822
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH4%9b@bX4#TFgL7n
zEyyv=%ZsQq$&aXVj4<`c3Mk6X^-MJK^-oLp@H9_~@=q?x_2hE*cJ(nW^Q{Ui2=lOv
z3~>rH@hS35bM{C}PV+OXEYEeeFmrJY&oxdD%0{;>F)}A4Gf=^~ATifH#njO$Jkc@A
zJ>TCy-#xuNR6o%?+%wEE#K_sn(9$G7IMCbO(3dOU*Cj1H#IK;hAUm+kJ2KhFDY3F7
z)H2uE&>+*?)YLevA~?slq{=JL*#zCTOv?&)Z$|}h_q<H)4A;nFSHI-+2;Us%5Hr^d
zrwB7AbGJ;-pgiM>)O<(nEPu-+Lklk7Qo~H=(6HdZ^eT^la<kC%RLfH5A|I1{ACsg=
z7h@;4oP6h84>zAc{d{!WDpM+o+|v~z{7fo69sRtk{0oy!j0^lKQk}yKGt(2J@+*x?
z%?v}`BT_P4BAqkJ9UZw0f=tYED}%f;&5J6Nk|M)$0<%iOGxIVXqtd;jvV6SqlY@hd
zoSiCjq5{!v%P(}&_77CZ)DKP1&G$9V4au#_i3-aMOU@0<uW)m7Hcqz)F7it^*ETN6
z^UEnn$}`~#NsTNts0zud2nciaDKyT}&&{u@%+AONE%i<_@XPk`F4RsgH1RDgEB8dV
zE#1@0FUe6MH6$Z2%Dl+gztGS%)YR48DX65V&@VqAI4ZN;(%;EH!p$Sy&AdFK%E*Mv
zPussFJyP2{)4eLkr^+&_D%~d_Fw;}N*xf@r+_}&r*T*E)B_N={IRqmlGqQa2E6Wvv
zEG=?E9lf+8&5X=Ev|THLEz43vJ<3CjE3+%ib2CySd@B75O^e+_LnFBy4U$t6{Q}cN
zOiX<XOVV8Z3qm|9tBRviOe!o=gWWPi0~14yJc~TaiZE<T3r+JfE?4lc3iQ{v%=QTP
zvo!Sa4z;LAcFFY#OOHwm46E|+3QP_0@^>x@(GK+v_2fz_b}}l-&-1S`jP%QmEY9*b
zaPrm83-fVKDk~`s&(91^%t*=%a7y<pk3<hi_YkAtl5~Y6gT%5l*F5Kth>Vi5Fhj2_
zCv&&T)cgvk^eTPB(r~{NW2Zd7jH293H%G3hy!`SiFVp-Y%QUlO{o;bel-v^IaR1b(
z05fCPVpo5k@U*Bb{WNdCtYUQA@*RCE%hDAh4T^I@owKsCvU5Ts0|KkebDca~vWkMt
zoh^g&a@<p^LQ9gvBLWKi1B<z`ohv+?QZma@J=`*UwJj{QQ^E}^DuOLCLLG~Z^8?b{
zeRGY=b4yH$JS@;{3-k2Iibz*5H+FZ5^eyx73@SAA4R`Z$^UDp7Dl>OX$@6w{@y*xw
zh;%f~56mtNH7w^!FLMqvHz_O6EHTeEbJR{NE=W&Iimdc9$@HuANG*3vclImvN-^;b
zcJalq&9%(9DqTT8xxy_kC$G57-!Y)HGN2%&*wVPrH{T-J!!#<{!_7ITGBL6$IKWsx
z(3LCFE6>2)C@nMHq|nKv$i&0MJ-jm2xIE0VJjB;H)y%@k%(UFhAgR=-Bpuy0Bk$1k
z<UoZ&A0wwA%h0H*JQD-Uj7ZB+zo_(bS8pHlN>2}M1NY?8WFIe|V($#c@O-YK(8MHP
z*Qg5L+`=ILfP%EFd;>!dGhY+mh>)Z}lPZs@0yjT5M<0Ek&~gmhg3ZH|(-lg5!ku!=
zgZ&a+lMM}x(@Rn!oJtK-Gc%1m-GZ|Ny*%<<^7IWXN>f6d9JxG#y&Z#1jIyFK!h#}9
z+zqpg^qsu@Lh?(C{d}Sf^&^}dQ==+#3JimsFmiyaZ+<{(xq@R-fM;-CftzoBYDK=G
zQI39ofsek4n`?%JQ;@G=X11S~Q%0FjdX$q>Hdj=Md$6UGk*}|@VR?3enV*SMkh!U`
zb5UAyvA@5wOQNquUZ#nANl=jmhHaTuQO0h83I+aU-WgG@6_xG=`H|kP&Tg6E<%ucY
zrfK0h7EZ?c8NN>5Uf!PiL8gw8T*<x$KH<itSylOk&PI_b=5Ah<9zG=zIYm*W-fqE3
zAzryv&Qaw_8G(Tqsl?sM$Tuob!N=RzJtU~WrO>4$BsJXK+&Q>hKPlWX!`VkaJ3X@^
z#8ls?!XUB8rLa7dOWV-cFtE%u#MG_Q&%M$@+rT?YyV%IHGN9BjKPSV-FQiyIxy-D@
z(91s*J>J|>b3C)k6&&3SGt4W}e2h{93=8u8jGQx)LLzd)Q(SXB^U^Gxic%xJgNs~p
z(wr+Jxhw-h3jO`dT`MYFQ@k@mgDm}>O+$ji3bjp>^Gf{8O$;4<l6*Z=D$-pY(QOL}
zD)7iISMYZ7b@Qn7^7o9?*Do(A3^yo=$SurpPA|w03Cna(OUw?|E^#)^u8hp|<;tq^
z%=a)ZN-8dQ_R4j4HT4g6Dhx}vD69+#Opo#i4)QDtE%7mM56Q8>sJn~23xcWw71F(m
z3`+~kvfZ>REsFg7sxqT;OF|PfLcLQH^NOOJB2D%4d_uB3!h>==xtu~=jWfzZlU#Db
z!jdvWjWV;e({oeuOe}(`EX@s*y^M>3EWEw_@?3&2N-hh1m#V^Yg~GB-L-+KsVq>GK
zvWQIc5WjpQ?TT#wbn}wzyZ{$(@BHH6{P64o_ef_?u42!UQ1d*ea`&`kQ{xQh!YIe|
za=&tKb2sm#?25z)@30Dsi1a*jqa<yNQn|#dvNXM1!Pm_v+26>oA}Tl2LO&qI$uYYm
z*Q7Ah(5xujG%?q-u*@LSJfy(6z%A5(%fw&byFfdnI3p;)tU|lMHN@M?(>TPnLfbq!
z-@7=-*vHH~B_iC>F)|FJEXgSd2#qXPFs@AXcS<qO&NK7~%1ARW%g8cH4D?Pb2@A+}
z_A*ZQG04d>uFA^|a?35|vh>aHtnw`{^ef2KcMS^BFEa?tbhJ#aOiIr%HTMk9Ofd}!
zH_gdU^#H}2uC79*SH7{4dvb_HwsvTFXo+)#QK)}mRi#m2N^zh^uz5(8Z-iGszMHpG
zP&wDh`G!Al)iWQ|{P|~Ur(@yU;8Nb*wjVtv^u`KAN69ekJg~88NwMH>>7%(5KQC`q
zD>}32;*0|Z={2pJ>sL;=sav$F{oqV3#jgrh?M`kCrE6T*i7c=7m-{vOThj8w+h2LC
zGruca@QFKwfxFap*?X;q#crOb#TyoQh7{ki)@fu-l6g8?M(_N_#CXMDa!cEv9p)&%
z{Zjt4PU?r)%N)O1C8kPWx+tfyE9vi?tGe!X%Cnjzm!8@3UDv3&H1R&??OUPtf_x^<
hk&dNXIjyEmlGu~De8<9B{s)f7lx9tyH^<YW3IInsq@@4=

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 911f5c7..76f7d8b 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -36,4 +36,5 @@ in
   "cloudflare.age".publicKeys = allKeys;
   "smtp-password.age".publicKeys = allKeys;
   "hydra.age".publicKeys = allKeys;
+  "hedgedoc.age".publicKeys = allKeys;
 }