54 lines
1.4 KiB
Nix
54 lines
1.4 KiB
Nix
{
|
|
config,
|
|
common,
|
|
secrets,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.services.hedgedoc;
|
|
domain = common.subdomain "md";
|
|
in
|
|
{
|
|
services.hedgedoc = {
|
|
enable = true;
|
|
environmentFile = secrets."hedgedoc";
|
|
settings = {
|
|
inherit domain;
|
|
protocolUseSSL = true;
|
|
port = 4003;
|
|
|
|
db = {
|
|
dialect = "sqlite";
|
|
storage = "/srv/hedgedoc/db.sqlite";
|
|
};
|
|
uploadsPath = "/srv/hedgedoc/uploads";
|
|
|
|
allowFreeURL = true;
|
|
requireFreeURLAuthentication = true;
|
|
|
|
oauth2 = {
|
|
baseURL = "https://auth.inx.moe";
|
|
userProfileURL = "https://auth.inx.moe/application/o/userinfo/";
|
|
userProfileUsernameAttr = "preferred_username";
|
|
userProfileDisplayNameAttr = "name";
|
|
userProfileEmailAttr = "email";
|
|
tokenURL = "https://auth.inx.moe/application/o/token/";
|
|
authorizationURL = "https://auth.inx.moe/application/o/authorize/";
|
|
clientID = "W1nhnUi43GweNljV4ADGfZ9VKuH4aoN1cwCUNlFp";
|
|
scope = "openid email profile";
|
|
};
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts.${domain} = common.nginx.ssl-inx // {
|
|
locations."/" = {
|
|
proxyPass = "http://${cfg.settings.host}:${toString cfg.settings.port}";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
|
|
systemd.services.hedgedoc.serviceConfig = {
|
|
ReadWritePaths = [ "-/srv/hedgedoc" ];
|
|
SystemCallFilter = [ "@chown" ];
|
|
};
|
|
}
|