53 lines
1.3 KiB
Nix
53 lines
1.3 KiB
Nix
args@{ config, custom-utils, ... }:
|
|
|
|
let
|
|
domain = "pad.jalr.de";
|
|
ports = import ../ports.nix args;
|
|
cfg = config.services.hedgedoc;
|
|
in
|
|
{
|
|
sops.secrets.hedgedoc-session-secret = {
|
|
owner = config.systemd.services.hedgedoc.serviceConfig.User;
|
|
sopsFile = ../secrets.yaml;
|
|
};
|
|
services = {
|
|
hedgedoc = {
|
|
enable = true;
|
|
settings =
|
|
let
|
|
day = 24 * 60 * 60 * 1000;
|
|
in
|
|
{
|
|
inherit domain;
|
|
protocolUseSSL = true;
|
|
csp.enable = true;
|
|
port = ports.hedgedoc.tcp;
|
|
db = {
|
|
dialect = "postgres";
|
|
host = "/run/postgresql";
|
|
user = "hedgedoc";
|
|
database = "hedgedoc";
|
|
};
|
|
allowEmailRegister = false;
|
|
sessionSecret = config.sops.secrets.hedgedoc-session-secret.path;
|
|
sessionLife = 90 * day;
|
|
};
|
|
};
|
|
postgresql = {
|
|
enable = true;
|
|
ensureDatabases = [ "hedgedoc" ];
|
|
ensureUsers = [{
|
|
name = "hedgedoc";
|
|
ensureDBOwnership = true;
|
|
}];
|
|
};
|
|
nginx.virtualHosts."${domain}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://${cfg.settings.host}:${toString cfg.settings.port}";
|
|
};
|
|
};
|
|
};
|
|
}
|