stockholm/lass/2configs/codimd.nix

59 lines
1.4 KiB
Nix
Raw Normal View History

2019-11-17 14:45:06 +00:00
{ config, pkgs, lib, ... }:
2019-05-29 13:20:45 +00:00
with import <stockholm/lib>;
2021-10-12 13:35:52 +00:00
let
2021-10-31 11:35:16 +00:00
domain = "pad.lassul.us";
2021-10-12 13:35:52 +00:00
in {
2021-10-31 11:35:16 +00:00
# redirect legacy domain to new one
services.nginx.virtualHosts."codi.lassul.us" = {
enableACME = true;
addSSL = true;
locations."/".return = "301 https://${domain}\$request_uri";
};
2021-10-12 13:35:52 +00:00
services.nginx.virtualHosts.${domain} = {
2019-05-29 13:20:45 +00:00
enableACME = true;
2021-10-12 13:35:52 +00:00
forceSSL = true;
locations."/" = {
proxyPass = "https://localhost:3091";
proxyWebsockets = true;
};
};
security.acme.certs.${domain}.group = "hedgecert";
users.groups.hedgecert.members = [ "hedgedoc" "nginx" ];
2021-10-12 13:35:52 +00:00
security.dhparams = {
enable = true;
params.hedgedoc = {};
2019-05-29 13:20:45 +00:00
};
2022-05-28 16:37:55 +00:00
systemd.services.hedgedoc.environment = {
CMD_COOKIE_POLICY = "none";
CMD_CSP_ALLOW_FRAMING = "true";
};
services.hedgedoc = {
2019-05-29 13:20:45 +00:00
enable = true;
2021-10-12 13:35:52 +00:00
configuration.allowOrigin = [ domain ];
settings = {
2019-05-29 13:20:45 +00:00
db = {
dialect = "sqlite";
storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
2019-05-29 13:20:45 +00:00
};
2021-10-12 13:35:52 +00:00
useCDN = false;
2019-05-29 13:20:45 +00:00
port = 3091;
2021-10-12 13:35:52 +00:00
domain = domain;
allowFreeURL = true;
useSSL = true;
protocolUseSSL = true;
sslCAPath = [ "/etc/ssl/certs/ca-certificates.crt" ];
sslCertPath = "/var/lib/acme/${domain}/cert.pem";
sslKeyPath = "/var/lib/acme/${domain}/key.pem";
dhParamPath = config.security.dhparams.params.hedgedoc.path;
2022-05-28 16:37:55 +00:00
2019-05-29 13:20:45 +00:00
};
};
}