xyno/nix-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix-configs/nixos-modules/services/hedgedoc.nix
Philipp Hochkamp b744693f0e
initial(ish) commit
2022-03-01 23:53:11 +01:00

55 lines
1.6 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
let
cfg = config.ragon.services.hedgedoc;
domain = config.ragon.services.nginx.domain;
in
{
options.ragon.services.hedgedoc.enable = lib.mkEnableOption "Enables the hedgedoc BitWarden Server";
options.ragon.services.hedgedoc.domainPrefix =
lib.mkOption {
type = lib.types.str;
default = "md";
};
config = lib.mkIf cfg.enable {
services.hedgedoc = {
enable = true;
environmentFile = "${config.age.secrets.hedgedocSecret.path}";
configuration = {
protocolUseSSL = true;
sessionSecret = "$SESSION_SECRET";
allowEmailRegister = false;
domain = "${cfg.domainPrefix}.${domain}";
db = {
dialect = "postgres";
host = "/run/postgresql";
database = "hedgedoc";
};
allowAnonymousEdits = false;
allowFreeURL = true;
};
};
ragon.agenix.secrets.hedgedocSecret.owner = "hedgedoc";
services.nginx.virtualHosts."${cfg.domainPrefix}.${domain}" = {
forceSSL = true;
useACMEHost = "${domain}";
locations."/".proxyWebsockets = true;
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.hedgedoc.configuration.port}";
};
services.postgresql = {
enable = true;
# Ensure the database, user, and permissions always exist
ensureDatabases = [ "hedgedoc" ];
ensureUsers = [
{
name = "hedgedoc";
ensurePermissions."DATABASE hedgedoc" = "ALL PRIVILEGES";
}
];
};
ragon.persist.extraDirectories = [
"${config.services.hedgedoc.workDir}"
];
};
}
Reference in a new issue View git blame Copy permalink