Infini-DL360/hedgedoc: init

hosts/Infini-DL360/default.nix

@@ -10,6 +10,7 @@
     ./factorio.nix
     ./forgejo.nix
     ./freshrss.nix
+    ./hedgedoc.nix
     ./hydra.nix
     ./jellyfin.nix
     ./jupyter.nix

hosts/Infini-DL360/hedgedoc.nix

@@ -0,0 +1,32 @@
+{ config, common, ... }:
+let
+  cfg = config.services.hedgedoc;
+  domain = common.subdomain "md";
+in
+{
+  services.hedgedoc = {
+    enable = true;
+    environmentFile = config.secrets."hedgedoc";
+    settings = {
+      inherit domain;
+      protocolUseSSL = true;
+      port = 3003;
+
+      db = { dialect = "sqlite"; storage = "/srv/hedgedoc/db.sqlite"; };
+      uploadsPath = "/srv/hedgedoc/uploads";
+
+      allowFreeURL = true;
+      requireFreeURLAuthentication = true;
+    };
+  };
+
+  services.nginx.virtualHosts.${domain} = common.nginx.ssl // {
+    locations."/" = {
+      proxyPass = "http://${cfg.settings.host}:${toString cfg.settings.port}";
+    };
+  };
+
+  systemd.services.hedgedoc.serviceConfig = {
+    ReadWritePaths = [ "-/srv/hedgedoc" ];
+  };
+}

secrets/default.nix

@@ -47,6 +47,9 @@ in
       (mkIf config.services.hydra.enable {
         inherit (secrets) hydra;
       })
+      (mkIf config.services.hedgedoc.enable {
+        "hedgedoc" = withOwnerGroup "hedgedoc" secrets."hedgedoc";
+      })
     ];
   };
 }

secrets/secrets.nix

@@ -36,4 +36,5 @@ in
   "cloudflare.age".publicKeys = allKeys;
   "smtp-password.age".publicKeys = allKeys;
   "hydra.age".publicKeys = allKeys;
+  "hedgedoc.age".publicKeys = allKeys;
 }