nixos-config/modules/nixos/hedgedoc.nix

{
  config,
  pkgs,
  lib,
  ...
}:

with lib;

let
  cfg = config.custom.hedgedoc;
in
{
  options = {
    custom.hedgedoc = {
      enable = mkEnableOption "HedgeDoc Markdown Editor";
      domain = mkOption {
        type = types.str;
        default = "docs.example.com";
        description = "Domain name of the HedgeDoc server";
      };
      caddy = mkOption {
        type = types.bool;
        default = true;
        description = "Enable Caddy as reverse proxy";
      };
      mediaPath = mkOption {
        type = types.path;
        default = /var/lib/hedgedoc/uploads;
        description = "Directory for storing medias";
      };
      oidc = {
        enable = mkEnableOption "OIDC support for HedgeDoc";
        baseURL = mkOption { type = types.str; };
        authorizationURL = mkOption { type = types.str; };
        tokenURL = mkOption { type = types.str; };
        userProfileURL = mkOption { type = types.str; };
      };
      environmentFile = mkOption { type = types.path; };
    };
  };
  config = mkIf cfg.enable {
    services.hedgedoc = {
      enable = true;
      environmentFile = cfg.environmentFile;
      settings = {
        domain = cfg.domain;
        protocolUseSSL = cfg.caddy;
        uploadsPath = cfg.mediaPath;
        path = "/run/hedgedoc/hedgedoc.sock";
        email = false;
        allowEmailRegister = false;
        oauth2 = mkIf cfg.oidc.enable {
          baseURL = cfg.oidc.baseURL;
          authorizationURL = cfg.oidc.authorizationURL;
          tokenURL = cfg.oidc.tokenURL;
          userProfileURL = cfg.oidc.userProfileURL;
          userProfileEmailAttr = "email";
          userProfileUsernameAttr = "name";
          userProfileDisplayNameAttr = "preferred_name";
          scope = "openid email profile";
          clientID = "$HEDGEDOC_CLIENT_ID";
          clientSecret = "$HEDGEDOC_CLIENT_SECRET";
        };
        allowAnonymous = false;
        defaultPermission = "private";
      };
    };
    services.caddy = mkIf cfg.caddy {
      enable = true;
      virtualHosts."https://${cfg.domain}".extraConfig = ''
        reverse_proxy unix/${config.services.hedgedoc.settings.path}
      '';
    };
    users.users.caddy.extraGroups = mkIf cfg.caddy [ "hedgedoc" ];

  };
}
treewide: apply the new rfc nixfmt 2024-08-25 09:45:58 +00:00			`{`
			`config,`
			`pkgs,`
			`lib,`
			`...`
			`}:`
massicot: host hedgedoc with oidc 2023-12-24 05:58:53 +00:00
			`with lib;`

			`let`
			`cfg = config.custom.hedgedoc;`
			`in`
			`{`
			`options = {`
			`custom.hedgedoc = {`
			`enable = mkEnableOption "HedgeDoc Markdown Editor";`
			`domain = mkOption {`
			`type = types.str;`
			`default = "docs.example.com";`
			`description = "Domain name of the HedgeDoc server";`
			`};`
			`caddy = mkOption {`
			`type = types.bool;`
			`default = true;`
			`description = "Enable Caddy as reverse proxy";`
			`};`
			`mediaPath = mkOption {`
			`type = types.path;`
			`default = /var/lib/hedgedoc/uploads;`
			`description = "Directory for storing medias";`
			`};`
			`oidc = {`
			`enable = mkEnableOption "OIDC support for HedgeDoc";`
treewide: apply the new rfc nixfmt 2024-08-25 09:45:58 +00:00			`baseURL = mkOption { type = types.str; };`
			`authorizationURL = mkOption { type = types.str; };`
			`tokenURL = mkOption { type = types.str; };`
			`userProfileURL = mkOption { type = types.str; };`
massicot: host hedgedoc with oidc 2023-12-24 05:58:53 +00:00			`};`
treewide: apply the new rfc nixfmt 2024-08-25 09:45:58 +00:00			`environmentFile = mkOption { type = types.path; };`
massicot: host hedgedoc with oidc 2023-12-24 05:58:53 +00:00			`};`
			`};`
fix ci 2024-07-30 03:31:27 +00:00			`config = mkIf cfg.enable {`
			`services.hedgedoc = {`
massicot: host hedgedoc with oidc 2023-12-24 05:58:53 +00:00			`enable = true;`
			`environmentFile = cfg.environmentFile;`
			`settings = {`
			`domain = cfg.domain;`
			`protocolUseSSL = cfg.caddy;`
			`uploadsPath = cfg.mediaPath;`
			`path = "/run/hedgedoc/hedgedoc.sock";`
			`email = false;`
			`allowEmailRegister = false;`
			`oauth2 = mkIf cfg.oidc.enable {`
			`baseURL = cfg.oidc.baseURL;`
			`authorizationURL = cfg.oidc.authorizationURL;`
			`tokenURL = cfg.oidc.tokenURL;`
			`userProfileURL = cfg.oidc.userProfileURL;`
			`userProfileEmailAttr = "email";`
			`userProfileUsernameAttr = "name";`
			`userProfileDisplayNameAttr = "preferred_name";`
			`scope = "openid email profile";`
			`clientID = "$HEDGEDOC_CLIENT_ID";`
			`clientSecret = "$HEDGEDOC_CLIENT_SECRET";`
			`};`
			`allowAnonymous = false;`
			`defaultPermission = "private";`
			`};`
			`};`
fix ci 2024-07-30 03:31:27 +00:00			`services.caddy = mkIf cfg.caddy {`
massicot: host hedgedoc with oidc 2023-12-24 05:58:53 +00:00			`enable = true;`
			`virtualHosts."https://${cfg.domain}".extraConfig = ''`
			`reverse_proxy unix/${config.services.hedgedoc.settings.path}`
			`'';`
			`};`
fix ci 2024-07-30 03:31:27 +00:00			`users.users.caddy.extraGroups = mkIf cfg.caddy [ "hedgedoc" ];`
massicot: host hedgedoc with oidc 2023-12-24 05:58:53 +00:00
			`};`
			`}`