diff --git a/flake.nix b/flake.nix index f855f30..2c61090 100644 --- a/flake.nix +++ b/flake.nix @@ -57,6 +57,7 @@ ./modules/monitoring.nix ./modules/mailserver.nix ./modules/vaultwarden.nix + ./modules/hedgedoc.nix ]; system.stateVersion = "22.11"; diff --git a/modules/hedgedoc.nix b/modules/hedgedoc.nix index 1d51ffa..f2b4f64 100644 --- a/modules/hedgedoc.nix +++ b/modules/hedgedoc.nix @@ -2,12 +2,38 @@ { services.hedgedoc = { enable = true; - domain = "pad.katzen.cafe"; settings = { + domain = "pad.katzen.cafe"; + port = 3001; + protocolUseSSL = true; + allowFreeURL = true; + requireFreeURLAuthentication = true; oauth2 = { - userProfileURL = ""; - + userProfileURL = "https://auth.katzen.cafe/realms/katzen.cafe/protocol/openid-connect/userinfo"; + userProfileUsernameAttr = "preferred_username"; + userProfileDisplayNameAttr = "name"; + userProfileEmailAttr = "email"; + tokenURL = "https://auth.katzen.cafe/realms/katzen.cafe/protocol/openid-connect/token"; + authorizationURL = "https://auth.katzen.cafe/realms/katzen.cafe/protocol/openid-connect/auth"; + clientID = "hedgedoc"; + providerName = "Keycloak"; + # the envfile should overwrite this? + clientSecret = "none"; + scope = "openid email profile"; }; + db = { + dialect = "postgres"; + host = "/run/postgresql"; + database = "catpad"; + }; + }; + environmentFile = "/var/lib/secrets/hedgedoc.env"; + }; + deployment.keys = { + "hedgedoc.env" = { + keyCommand = [ "pass" "hedgedoc/envfile" ]; + destDir = "/var/lib/secrets"; + permissions = "0604"; }; }; } diff --git a/modules/postgres.nix b/modules/postgres.nix index a578297..a21deea 100644 --- a/modules/postgres.nix +++ b/modules/postgres.nix @@ -12,6 +12,7 @@ ]; ensureDatabases = [ "forgejo" + "catpad" ]; }; } diff --git a/modules/proxy.nix b/modules/proxy.nix index 84e2733..4325798 100644 --- a/modules/proxy.nix +++ b/modules/proxy.nix @@ -139,6 +139,14 @@ ''; }; }; + "pad.katzen.cafe" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:3001"; + proxyWebsockets = true; + }; + }; "forge.katzen.cafe" = { forceSSL = true; enableACME = true;