66 lines
2 KiB
Nix
66 lines
2 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
let
|
|
cfg = config.ragon.services.hedgedoc;
|
|
in
|
|
{
|
|
options.ragon.services.hedgedoc.enable = lib.mkEnableOption "Enables the hedgedoc BitWarden Server";
|
|
options.ragon.services.hedgedoc.domain =
|
|
lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "md.xyno.systems";
|
|
};
|
|
config = lib.mkIf cfg.enable {
|
|
ragon.agenix.secrets.autheliaHedgedoc = { owner = "authelia-main"; };
|
|
services.authelia.instances.main.settingsFiles = [
|
|
config.age.secrets.autheliaHedgedoc.path
|
|
];
|
|
services.hedgedoc = {
|
|
enable = true;
|
|
environmentFile = "${config.age.secrets.hedgedocSecret.path}";
|
|
settings = {
|
|
protocolUseSSL = true;
|
|
sessionSecret = "$SESSION_SECRET";
|
|
allowAnonymous = false;
|
|
allowAnonymousEdits = false;
|
|
allowFreeURL = true;
|
|
email = false;
|
|
oauth2 = {
|
|
providerName = "authentik";
|
|
clientID = "$CLIENT_ID";
|
|
clientSecret = "$CLIENT_SECRET";
|
|
scope = "openid email profile";
|
|
userProfileURL = "https://auth.hailsatan.eu/application/o/userinfo/";
|
|
tokenURL = "https://auth.hailsatan.eu/application/o/token/";
|
|
authorizationURL = "https://auth.hailsatan.eu/application/o/authorize/";
|
|
userProfileUsernameAttr = "preferred_username";
|
|
userProfileDisplayNameAttr = "name";
|
|
userProfileEmailAttr = "email";
|
|
};
|
|
domain = "${cfg.domain}";
|
|
db = {
|
|
dialect = "postgres";
|
|
host = "/run/postgresql";
|
|
database = "hedgedoc";
|
|
};
|
|
};
|
|
|
|
};
|
|
ragon.agenix.secrets.hedgedocSecret.owner = "hedgedoc";
|
|
services.postgresql = {
|
|
|
|
enable = true;
|
|
|
|
# Ensure the database, user, and permissions always exist
|
|
ensureDatabases = [ "hedgedoc" ];
|
|
ensureUsers = [
|
|
{
|
|
name = "hedgedoc";
|
|
ensureDBOwnership = true;
|
|
}
|
|
];
|
|
};
|
|
ragon.persist.extraDirectories = [
|
|
"/var/lib/hedgedoc"
|
|
];
|
|
};
|
|
}
|