2019-11-17 14:45:06 +00:00
|
|
|
{ config, pkgs, lib, ... }:
|
2019-05-29 13:20:45 +00:00
|
|
|
with import <stockholm/lib>;
|
2021-10-12 13:35:52 +00:00
|
|
|
let
|
2021-10-31 11:35:16 +00:00
|
|
|
domain = "pad.lassul.us";
|
2021-10-12 13:35:52 +00:00
|
|
|
in {
|
2021-10-31 11:35:16 +00:00
|
|
|
|
|
|
|
# redirect legacy domain to new one
|
|
|
|
services.nginx.virtualHosts."codi.lassul.us" = {
|
|
|
|
enableACME = true;
|
|
|
|
addSSL = true;
|
|
|
|
locations."/".return = "301 https://${domain}\$request_uri";
|
|
|
|
};
|
|
|
|
|
2021-10-12 13:35:52 +00:00
|
|
|
services.nginx.virtualHosts.${domain} = {
|
2019-05-29 13:20:45 +00:00
|
|
|
enableACME = true;
|
2021-10-12 13:35:52 +00:00
|
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
|
|
|
proxyPass = "https://localhost:3091";
|
|
|
|
proxyWebsockets = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
security.acme.certs.${domain}.group = "hedgecert";
|
2023-07-24 17:06:28 +00:00
|
|
|
users.groups.hedgecert.members = [ "hedgedoc" "nginx" ];
|
2021-10-12 13:35:52 +00:00
|
|
|
|
|
|
|
security.dhparams = {
|
|
|
|
enable = true;
|
|
|
|
params.hedgedoc = {};
|
2019-05-29 13:20:45 +00:00
|
|
|
};
|
|
|
|
|
2022-05-28 16:37:55 +00:00
|
|
|
systemd.services.hedgedoc.environment = {
|
|
|
|
CMD_COOKIE_POLICY = "none";
|
|
|
|
CMD_CSP_ALLOW_FRAMING = "true";
|
|
|
|
};
|
2021-01-23 18:36:46 +00:00
|
|
|
services.hedgedoc = {
|
2019-05-29 13:20:45 +00:00
|
|
|
enable = true;
|
2021-10-12 13:35:52 +00:00
|
|
|
configuration.allowOrigin = [ domain ];
|
2023-07-24 17:06:28 +00:00
|
|
|
settings = {
|
2019-05-29 13:20:45 +00:00
|
|
|
db = {
|
|
|
|
dialect = "sqlite";
|
2023-07-24 17:06:28 +00:00
|
|
|
storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
|
2019-05-29 13:20:45 +00:00
|
|
|
};
|
2021-10-12 13:35:52 +00:00
|
|
|
useCDN = false;
|
2019-05-29 13:20:45 +00:00
|
|
|
port = 3091;
|
2021-10-12 13:35:52 +00:00
|
|
|
domain = domain;
|
|
|
|
allowFreeURL = true;
|
|
|
|
|
|
|
|
useSSL = true;
|
|
|
|
protocolUseSSL = true;
|
|
|
|
sslCAPath = [ "/etc/ssl/certs/ca-certificates.crt" ];
|
|
|
|
sslCertPath = "/var/lib/acme/${domain}/cert.pem";
|
|
|
|
sslKeyPath = "/var/lib/acme/${domain}/key.pem";
|
|
|
|
dhParamPath = config.security.dhparams.params.hedgedoc.path;
|
2022-05-28 16:37:55 +00:00
|
|
|
|
2019-05-29 13:20:45 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|