get hedgedoc working

2024-11-24 22:58:44 +01:00 · 2023-11-21 10:19:35 +01:00 · 2023-11-21 10:19:35 +01:00 · 7f9ecaf3d4
parent c145b143cb
commit 7f9ecaf3d4
4 changed files with 39 additions and 3 deletions
--- a/flake.nix
+++ b/flake.nix
@ -57,6 +57,7 @@
            ./modules/monitoring.nix
            ./modules/mailserver.nix
            ./modules/vaultwarden.nix
+            ./modules/hedgedoc.nix
          ];

          system.stateVersion = "22.11";
--- a/modules/hedgedoc.nix
+++ b/modules/hedgedoc.nix
@ -2,12 +2,38 @@
 {
  services.hedgedoc = {
    enable = true;
-    domain = "pad.katzen.cafe";
    settings = {
+      domain = "pad.katzen.cafe";
+      port = 3001;
+      protocolUseSSL = true;
+      allowFreeURL = true;
+      requireFreeURLAuthentication = true;
      oauth2 = {
-        userProfileURL = "";
-        
+        userProfileURL = "https://auth.katzen.cafe/realms/katzen.cafe/protocol/openid-connect/userinfo";
+        userProfileUsernameAttr = "preferred_username";
+        userProfileDisplayNameAttr = "name";
+        userProfileEmailAttr = "email";
+        tokenURL = "https://auth.katzen.cafe/realms/katzen.cafe/protocol/openid-connect/token";
+        authorizationURL = "https://auth.katzen.cafe/realms/katzen.cafe/protocol/openid-connect/auth";
+        clientID = "hedgedoc";
+        providerName = "Keycloak";
+        # the envfile should overwrite this?
+        clientSecret = "none";
+        scope = "openid email profile";
      };
+      db = {
+        dialect = "postgres";
+        host = "/run/postgresql";
+        database = "catpad";
+      };
+    };
+    environmentFile = "/var/lib/secrets/hedgedoc.env";
+  };
+  deployment.keys = {
+    "hedgedoc.env" = {
+      keyCommand = [ "pass" "hedgedoc/envfile" ];
+      destDir = "/var/lib/secrets";
+      permissions = "0604";
    };
  };
 }
--- a/modules/postgres.nix
+++ b/modules/postgres.nix
@ -12,6 +12,7 @@
    ];
    ensureDatabases = [
      "forgejo"
+      "catpad"
    ];
  };
 }
--- a/modules/proxy.nix
+++ b/modules/proxy.nix
@ -139,6 +139,14 @@
            '';
        };
      };
+      "pad.katzen.cafe" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/" = {
+          proxyPass = "http://localhost:3001";
+          proxyWebsockets = true;
+        };
+      };
      "forge.katzen.cafe" = {
        forceSSL = true;
        enableACME = true;