nixos-config/modules/nixos/hedgedoc.nix

{ config, pkgs, lib, ... }:

with lib;

let
  cfg = config.custom.hedgedoc;
in
{
  options = {
    custom.hedgedoc = {
      enable = mkEnableOption "HedgeDoc Markdown Editor";
      domain = mkOption {
        type = types.str;
        default = "docs.example.com";
        description = "Domain name of the HedgeDoc server";
      };
      caddy = mkOption {
        type = types.bool;
        default = true;
        description = "Enable Caddy as reverse proxy";
      };
      mediaPath = mkOption {
        type = types.path;
        default = /var/lib/hedgedoc/uploads;
        description = "Directory for storing medias";
      };
      oidc = {
        enable = mkEnableOption "OIDC support for HedgeDoc";
        baseURL = mkOption {
          type = types.str;
        };
        authorizationURL = mkOption {
          type = types.str;
        };
        tokenURL = mkOption {
          type = types.str;
        };
        userProfileURL = mkOption {
          type = types.str;
        };
      };
      environmentFile = mkOption {
        type = types.path;
      };
    };
  };
  config = {
    services.hedgedoc = mkIf cfg.enable {
      enable = true;
      environmentFile = cfg.environmentFile;
      settings = {
        domain = cfg.domain;
        protocolUseSSL = cfg.caddy;
        uploadsPath = cfg.mediaPath;
        path = "/run/hedgedoc/hedgedoc.sock";
        email = false;
        allowEmailRegister = false;
        oauth2 = mkIf cfg.oidc.enable {
          baseURL = cfg.oidc.baseURL;
          authorizationURL = cfg.oidc.authorizationURL;
          tokenURL = cfg.oidc.tokenURL;
          userProfileURL = cfg.oidc.userProfileURL;
          userProfileEmailAttr = "email";
          userProfileUsernameAttr = "name";
          userProfileDisplayNameAttr = "preferred_name";
          scope = "openid email profile";
          clientID = "$HEDGEDOC_CLIENT_ID";
          clientSecret = "$HEDGEDOC_CLIENT_SECRET";
        };
        allowAnonymous = false;
        defaultPermission = "private";
      };
    };
    services.caddy = mkIf ( cfg.enable && cfg.enable ) {
      enable = true;
      virtualHosts."https://${cfg.domain}".extraConfig = ''
        reverse_proxy unix/${config.services.hedgedoc.settings.path}
      '';
    };
    users.users.caddy.extraGroups = mkIf ( cfg.enable && cfg.enable ) [ "hedgedoc" ];

  };
}
massicot: host hedgedoc with oidc 2023-12-24 05:58:53 +00:00			`{ config, pkgs, lib, ... }:`

			`with lib;`

			`let`
			`cfg = config.custom.hedgedoc;`
			`in`
			`{`
			`options = {`
			`custom.hedgedoc = {`
			`enable = mkEnableOption "HedgeDoc Markdown Editor";`
			`domain = mkOption {`
			`type = types.str;`
			`default = "docs.example.com";`
			`description = "Domain name of the HedgeDoc server";`
			`};`
			`caddy = mkOption {`
			`type = types.bool;`
			`default = true;`
			`description = "Enable Caddy as reverse proxy";`
			`};`
			`mediaPath = mkOption {`
			`type = types.path;`
			`default = /var/lib/hedgedoc/uploads;`
			`description = "Directory for storing medias";`
			`};`
			`oidc = {`
			`enable = mkEnableOption "OIDC support for HedgeDoc";`
			`baseURL = mkOption {`
			`type = types.str;`
			`};`
			`authorizationURL = mkOption {`
			`type = types.str;`
			`};`
			`tokenURL = mkOption {`
			`type = types.str;`
			`};`
			`userProfileURL = mkOption {`
			`type = types.str;`
			`};`
			`};`
			`environmentFile = mkOption {`
			`type = types.path;`
			`};`
			`};`
			`};`
			`config = {`
			`services.hedgedoc = mkIf cfg.enable {`
			`enable = true;`
			`environmentFile = cfg.environmentFile;`
			`settings = {`
			`domain = cfg.domain;`
			`protocolUseSSL = cfg.caddy;`
			`uploadsPath = cfg.mediaPath;`
			`path = "/run/hedgedoc/hedgedoc.sock";`
			`email = false;`
			`allowEmailRegister = false;`
			`oauth2 = mkIf cfg.oidc.enable {`
			`baseURL = cfg.oidc.baseURL;`
			`authorizationURL = cfg.oidc.authorizationURL;`
			`tokenURL = cfg.oidc.tokenURL;`
			`userProfileURL = cfg.oidc.userProfileURL;`
			`userProfileEmailAttr = "email";`
			`userProfileUsernameAttr = "name";`
			`userProfileDisplayNameAttr = "preferred_name";`
			`scope = "openid email profile";`
			`clientID = "$HEDGEDOC_CLIENT_ID";`
			`clientSecret = "$HEDGEDOC_CLIENT_SECRET";`
			`};`
			`allowAnonymous = false;`
			`defaultPermission = "private";`
			`};`
			`};`
			`services.caddy = mkIf ( cfg.enable && cfg.enable ) {`
			`enable = true;`
			`virtualHosts."https://${cfg.domain}".extraConfig = ''`
			`reverse_proxy unix/${config.services.hedgedoc.settings.path}`
			`'';`
			`};`
			`users.users.caddy.extraGroups = mkIf ( cfg.enable && cfg.enable ) [ "hedgedoc" ];`

			`};`
			`}`