stockholm/lass/2configs/codimd.nix

{ config, pkgs, lib, ... }:
with import <stockholm/lib>;
let
  domain = "pad.lassul.us";
in
{

  # redirect legacy domain to new one
  services.nginx.virtualHosts."codi.lassul.us" = {
    enableACME = true;
    addSSL = true;
    locations."/".return = "301 https://${domain}\$request_uri";
  };

  services.nginx.virtualHosts.${domain} = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "https://localhost:3091";
      proxyWebsockets = true;
    };
  };

  security.acme.certs.${domain}.group = "hedgecert";
  users.groups.hedgecert.members = [ "hedgedoc" "nginx" ];

  security.dhparams = {
    enable = true;
    params.hedgedoc = { };
  };

  systemd.services.hedgedoc.environment = {
    CMD_COOKIE_POLICY = "none";
    CMD_CSP_ALLOW_FRAMING = "true";
  };

  services.borgbackup.jobs.hetzner.paths = [
    "/var/backup"
    "/var/lib/hedgedoc"
  ];
  systemd.services.hedgedoc-backup = {
    startAt = "daily";
    serviceConfig = {
      ExecStart = ''${pkgs.sqlite}/bin/sqlite3 /var/lib/hedgedoc/db.hedgedoc.sqlite ".backup /var/backup/hedgedoc/backup.sq3"'';
      Type = "oneshot";
    };
  };

  services.hedgedoc = {
    enable = true;
    configuration.allowOrigin = [ domain ];
    settings = {
      db = {
        dialect = "sqlite";
        storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
      };
      useCDN = false;
      port = 3091;
      domain = domain;
      allowFreeURL = true;

      useSSL = true;
      protocolUseSSL = true;
      sslCAPath = [ "/etc/ssl/certs/ca-certificates.crt" ];
      sslCertPath = "/var/lib/acme/${domain}/cert.pem";
      sslKeyPath = "/var/lib/acme/${domain}/key.pem";
      dhParamPath = config.security.dhparams.params.hedgedoc.path;
    };
  };
}
l codimd: fix by using old version 2019-11-17 14:45:06 +00:00			`{ config, pkgs, lib, ... }:`
l prism.r: enable codimd 2019-05-29 13:20:45 +00:00			`with import <stockholm/lib>;`
l codimd: set domain and serve via ssl 2021-10-12 13:35:52 +00:00			`let`
l codimd: move to pad.lassul.us 2021-10-31 11:35:16 +00:00			`domain = "pad.lassul.us";`
prism: add backup Signed-off-by: Jörg Thalheim <joerg@thalheim.io> 2023-08-31 09:44:53 +00:00			`in`
			`{`
l codimd: move to pad.lassul.us 2021-10-31 11:35:16 +00:00
			`# redirect legacy domain to new one`
			`services.nginx.virtualHosts."codi.lassul.us" = {`
			`enableACME = true;`
			`addSSL = true;`
			`locations."/".return = "301 https://${domain}\$request_uri";`
			`};`

l codimd: set domain and serve via ssl 2021-10-12 13:35:52 +00:00			`services.nginx.virtualHosts.${domain} = {`
l prism.r: enable codimd 2019-05-29 13:20:45 +00:00			`enableACME = true;`
l codimd: set domain and serve via ssl 2021-10-12 13:35:52 +00:00			`forceSSL = true;`
			`locations."/" = {`
			`proxyPass = "https://localhost:3091";`
			`proxyWebsockets = true;`
			`};`
			`};`

			`security.acme.certs.${domain}.group = "hedgecert";`
l codimd: upgrade to follow upstream user rename & config change 2023-07-24 17:06:28 +00:00			`users.groups.hedgecert.members = [ "hedgedoc" "nginx" ];`
l codimd: set domain and serve via ssl 2021-10-12 13:35:52 +00:00
			`security.dhparams = {`
			`enable = true;`
prism: add backup Signed-off-by: Jörg Thalheim <joerg@thalheim.io> 2023-08-31 09:44:53 +00:00			`params.hedgedoc = { };`
l prism.r: enable codimd 2019-05-29 13:20:45 +00:00			`};`

l codimd: allow embedding 2022-05-28 16:37:55 +00:00			`systemd.services.hedgedoc.environment = {`
			`CMD_COOKIE_POLICY = "none";`
			`CMD_CSP_ALLOW_FRAMING = "true";`
			`};`
prism: add backup Signed-off-by: Jörg Thalheim <joerg@thalheim.io> 2023-08-31 09:44:53 +00:00
l codimd: backup statedir 2023-09-02 09:36:38 +00:00			`services.borgbackup.jobs.hetzner.paths = [`
			`"/var/backup"`
			`"/var/lib/hedgedoc"`
			`];`
prism: add backup Signed-off-by: Jörg Thalheim <joerg@thalheim.io> 2023-08-31 09:44:53 +00:00			`systemd.services.hedgedoc-backup = {`
			`startAt = "daily";`
			`serviceConfig = {`
			`ExecStart = ''${pkgs.sqlite}/bin/sqlite3 /var/lib/hedgedoc/db.hedgedoc.sqlite ".backup /var/backup/hedgedoc/backup.sq3"'';`
			`Type = "oneshot";`
			`};`
			`};`

l codimd: codimd is now called hedgedoc 2021-01-23 18:36:46 +00:00			`services.hedgedoc = {`
l prism.r: enable codimd 2019-05-29 13:20:45 +00:00			`enable = true;`
l codimd: set domain and serve via ssl 2021-10-12 13:35:52 +00:00			`configuration.allowOrigin = [ domain ];`
l codimd: upgrade to follow upstream user rename & config change 2023-07-24 17:06:28 +00:00			`settings = {`
l prism.r: enable codimd 2019-05-29 13:20:45 +00:00			`db = {`
			`dialect = "sqlite";`
l codimd: upgrade to follow upstream user rename & config change 2023-07-24 17:06:28 +00:00			`storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";`
l prism.r: enable codimd 2019-05-29 13:20:45 +00:00			`};`
l codimd: set domain and serve via ssl 2021-10-12 13:35:52 +00:00			`useCDN = false;`
l prism.r: enable codimd 2019-05-29 13:20:45 +00:00			`port = 3091;`
l codimd: set domain and serve via ssl 2021-10-12 13:35:52 +00:00			`domain = domain;`
			`allowFreeURL = true;`

			`useSSL = true;`
			`protocolUseSSL = true;`
			`sslCAPath = [ "/etc/ssl/certs/ca-certificates.crt" ];`
			`sslCertPath = "/var/lib/acme/${domain}/cert.pem";`
			`sslKeyPath = "/var/lib/acme/${domain}/key.pem";`
			`dhParamPath = config.security.dhparams.params.hedgedoc.path;`
l prism.r: enable codimd 2019-05-29 13:20:45 +00:00			`};`
			`};`
			`}`