2023-12-24 05:58:53 +00:00
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
|
|
|
|
with lib;
|
|
|
|
|
|
|
|
let
|
|
|
|
cfg = config.custom.hedgedoc;
|
|
|
|
in
|
|
|
|
{
|
|
|
|
options = {
|
|
|
|
custom.hedgedoc = {
|
|
|
|
enable = mkEnableOption "HedgeDoc Markdown Editor";
|
|
|
|
domain = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
default = "docs.example.com";
|
|
|
|
description = "Domain name of the HedgeDoc server";
|
|
|
|
};
|
|
|
|
caddy = mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = true;
|
|
|
|
description = "Enable Caddy as reverse proxy";
|
|
|
|
};
|
|
|
|
mediaPath = mkOption {
|
|
|
|
type = types.path;
|
|
|
|
default = /var/lib/hedgedoc/uploads;
|
|
|
|
description = "Directory for storing medias";
|
|
|
|
};
|
|
|
|
oidc = {
|
|
|
|
enable = mkEnableOption "OIDC support for HedgeDoc";
|
|
|
|
baseURL = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
};
|
|
|
|
authorizationURL = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
};
|
|
|
|
tokenURL = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
};
|
|
|
|
userProfileURL = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
environmentFile = mkOption {
|
|
|
|
type = types.path;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2024-07-30 03:31:27 +00:00
|
|
|
config = mkIf cfg.enable {
|
|
|
|
services.hedgedoc = {
|
2023-12-24 05:58:53 +00:00
|
|
|
enable = true;
|
|
|
|
environmentFile = cfg.environmentFile;
|
|
|
|
settings = {
|
|
|
|
domain = cfg.domain;
|
|
|
|
protocolUseSSL = cfg.caddy;
|
|
|
|
uploadsPath = cfg.mediaPath;
|
|
|
|
path = "/run/hedgedoc/hedgedoc.sock";
|
|
|
|
email = false;
|
|
|
|
allowEmailRegister = false;
|
|
|
|
oauth2 = mkIf cfg.oidc.enable {
|
|
|
|
baseURL = cfg.oidc.baseURL;
|
|
|
|
authorizationURL = cfg.oidc.authorizationURL;
|
|
|
|
tokenURL = cfg.oidc.tokenURL;
|
|
|
|
userProfileURL = cfg.oidc.userProfileURL;
|
|
|
|
userProfileEmailAttr = "email";
|
|
|
|
userProfileUsernameAttr = "name";
|
|
|
|
userProfileDisplayNameAttr = "preferred_name";
|
|
|
|
scope = "openid email profile";
|
|
|
|
clientID = "$HEDGEDOC_CLIENT_ID";
|
|
|
|
clientSecret = "$HEDGEDOC_CLIENT_SECRET";
|
|
|
|
};
|
|
|
|
allowAnonymous = false;
|
|
|
|
defaultPermission = "private";
|
|
|
|
};
|
|
|
|
};
|
2024-07-30 03:31:27 +00:00
|
|
|
services.caddy = mkIf cfg.caddy {
|
2023-12-24 05:58:53 +00:00
|
|
|
enable = true;
|
|
|
|
virtualHosts."https://${cfg.domain}".extraConfig = ''
|
|
|
|
reverse_proxy unix/${config.services.hedgedoc.settings.path}
|
|
|
|
'';
|
|
|
|
};
|
2024-07-30 07:56:02 +00:00
|
|
|
users.users.${config.services.caddy.user}.extraGroups = mkIf cfg.caddy [ "hedgedoc" ];
|
2023-12-24 05:58:53 +00:00
|
|
|
|
|
|
|
};
|
|
|
|
}
|