SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 16:21:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Set hedgedoc session secret to avoid logout on restart

Browse source
This commit is contained in:
SebastianStork 2025-05-16 18:55:29 +02:00
parent 5a3a0a4279
commit af82e42b85
2 changed files with 22 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

25
modules/system/hedgedoc/default.nix
View file

@ -26,25 +26,38 @@ in
};
config = lib.mkIf cfg.enable {
sops = {
secrets = {
"hedgedoc/session-secret" = {
owner = user;
inherit group;
};
"hedgedoc/seb-password" = {
owner = user;
inherit group;
};
};
templates."hedgedoc/environment".content = ''
SESSION_SECRET=${config.sops.placeholder."hedgedoc/session-secret"}
'';
};
services.hedgedoc = {
enable = true;
environmentFile = config.sops.templates."hedgedoc/environment".path;
settings = {
domain = "${cfg.subdomain}.${config.networking.domain}";
inherit (cfg) port;
protocolUseSSL = true;
allowAnonymous = false;
allowEmailRegister = false;
defaultPermission = "limited";
sessionSecret = "$SESSION_SECRET";
};
};
sops.secrets."hedgedoc/seb-password" = {
owner = user;
inherit group;
};
systemd.services.hedgedoc.postStart =
let
manageUserSeb =