Add 'old-conf/' from commit '62a64a79a8'

git-subtree-dir: old-conf git-subtree-mainline: 4667974392 git-subtree-split: 62a64a79a8
2025-11-21 13:33:06 +01:00 · 2025-11-21 13:33:06 +01:00 · 83de52d5db
commit 83de52d5db
parent 4667974392 62a64a79a8
195 changed files with 13408 additions and 0 deletions
--- a/old-conf/nixos-modules/services/hedgedoc.nix
+++ b/old-conf/nixos-modules/services/hedgedoc.nix
@ -0,0 +1,66 @@
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.ragon.services.hedgedoc;
+in
+{
+  options.ragon.services.hedgedoc.enable = lib.mkEnableOption "Enables the hedgedoc BitWarden Server";
+  options.ragon.services.hedgedoc.domain =
+    lib.mkOption {
+      type = lib.types.str;
+      default = "md.xyno.systems";
+    };
+  config = lib.mkIf cfg.enable {
+    # ragon.agenix.secrets.autheliaHedgedoc = { owner = "authelia-main"; };
+    # services.authelia.instances.main.settingsFiles = [
+    #   config.age.secrets.autheliaHedgedoc.path
+    # ];
+    services.hedgedoc = {
+      enable = true;
+      environmentFile = "${config.age.secrets.hedgedocSecret.path}";
+      settings = {
+        protocolUseSSL = true;
+        sessionSecret = "$SESSION_SECRET";
+        allowAnonymous = false;
+        allowAnonymousEdits = false;
+        allowFreeURL = true;
+        email = false;
+        oauth2 = {
+          providerName = "authentik";
+          clientID = "$CLIENT_ID";
+          clientSecret = "$CLIENT_SECRET";
+          scope = "openid email profile";
+          userProfileURL = "https://auth.hailsatan.eu/application/o/userinfo/";
+          tokenURL = "https://auth.hailsatan.eu/application/o/token/";
+          authorizationURL = "https://auth.hailsatan.eu/application/o/authorize/";
+          userProfileUsernameAttr = "preferred_username";
+          userProfileDisplayNameAttr = "name";
+          userProfileEmailAttr = "email";
+        };
+        domain = "${cfg.domain}";
+        db = {
+          dialect = "postgres";
+          host = "/run/postgresql";
+          database = "hedgedoc";
+        };
+      };
+
+    };
+    ragon.agenix.secrets.hedgedocSecret.owner = "hedgedoc";
+    services.postgresql = {
+
+      enable = true;
+
+      # Ensure the database, user, and permissions always exist
+      ensureDatabases = [ "hedgedoc" ];
+      ensureUsers = [
+        {
+          name = "hedgedoc";
+          ensureDBOwnership = true;
+        }
+      ];
+    };
+    ragon.persist.extraDirectories = [
+      "/var/lib/hedgedoc"
+    ];
+  };
+}