SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 23:11:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
nixos-config/modules/system/services/hedgedoc/default.nix

82 lines
2.2 KiB
Nix
Raw Blame History

{
config,
pkgs,
lib,
...
}:
let
cfg = config.custom.services.hedgedoc;
user = config.users.users.hedgedoc.name;
manage_users = "CMD_CONFIG_FILE=/run/hedgedoc/config.json NODE_ENV=production ${lib.getExe' pkgs.hedgedoc "manage_users"}";
in
{
options.custom.services.hedgedoc = {
enable = lib.mkEnableOption "";
domain = lib.mkOption {
type = lib.types.nonEmptyStr;
default = "";
};
port = lib.mkOption {
type = lib.types.port;
default = 3000;
};
};
config = lib.mkIf cfg.enable {
sops = {
secrets = {
"hedgedoc/seb-password".owner = user;
# "hedgedoc/gitlab-auth-secret".owner = user;
};
# templates."hedgedoc/environment" = {
# owner = user;
# content = "GITLAB_CLIENTSECRET=${config.sops.placeholder."hedgedoc/gitlab-auth-secret"}";
# };
};
services.hedgedoc = {
enable = true;
# environmentFile = config.sops.templates."hedgedoc/environment".path;
settings = {
domain = cfg.domain;
inherit (cfg) port;
protocolUseSSL = true;
allowAnonymous = false;
allowEmailRegister = false;
defaultPermission = "limited";
sessionSecret = "$SESSION_SECRET";
# gitlab = {
# baseURL = "https://code.fbi.h-da.de";
# clientID = "dc71d7ec1525ce3b425d7d41d602f67e1a06cef981259605a87841a6be62cc58";
# clientSecret = "$GITLAB_CLIENTSECRET";
# };
};
};
systemd.services.hedgedoc = {
# Ensure session-secret
preStart = lib.mkBefore ''
if [ ! -f /var/lib/hedgedoc/session-secret ]; then
${lib.getExe pkgs.pwgen} -s 64 1 > /var/lib/hedgedoc/session-secret
fi
export SESSION_SECRET=$(cat /var/lib/hedgedoc/session-secret)
'';
postStart =
let
manageUserSeb =
mode:
"${manage_users} --${mode} sebastian.stork@pm.me --pass \"$(cat ${
config.sops.secrets."hedgedoc/seb-password".path
})\"";
in
"${manageUserSeb "add"} || ${manageUserSeb "reset"}";
};
environment.shellAliases.hedgedoc-manage-users = "sudo --user=${user} ${manage_users}";
};
}
Reference in a new issue View git blame Copy permalink