get hedgedoc working

This commit is contained in:
Schrottkatze 2023-11-21 10:19:35 +01:00
parent c145b143cb
commit 7f9ecaf3d4
4 changed files with 39 additions and 3 deletions

View file

@ -57,6 +57,7 @@
./modules/monitoring.nix
./modules/mailserver.nix
./modules/vaultwarden.nix
./modules/hedgedoc.nix
];
system.stateVersion = "22.11";

View file

@ -2,12 +2,38 @@
{
services.hedgedoc = {
enable = true;
domain = "pad.katzen.cafe";
settings = {
domain = "pad.katzen.cafe";
port = 3001;
protocolUseSSL = true;
allowFreeURL = true;
requireFreeURLAuthentication = true;
oauth2 = {
userProfileURL = "";
userProfileURL = "https://auth.katzen.cafe/realms/katzen.cafe/protocol/openid-connect/userinfo";
userProfileUsernameAttr = "preferred_username";
userProfileDisplayNameAttr = "name";
userProfileEmailAttr = "email";
tokenURL = "https://auth.katzen.cafe/realms/katzen.cafe/protocol/openid-connect/token";
authorizationURL = "https://auth.katzen.cafe/realms/katzen.cafe/protocol/openid-connect/auth";
clientID = "hedgedoc";
providerName = "Keycloak";
# the envfile should overwrite this?
clientSecret = "none";
scope = "openid email profile";
};
db = {
dialect = "postgres";
host = "/run/postgresql";
database = "catpad";
};
};
environmentFile = "/var/lib/secrets/hedgedoc.env";
};
deployment.keys = {
"hedgedoc.env" = {
keyCommand = [ "pass" "hedgedoc/envfile" ];
destDir = "/var/lib/secrets";
permissions = "0604";
};
};
}

View file

@ -12,6 +12,7 @@
];
ensureDatabases = [
"forgejo"
"catpad"
];
};
}

View file

@ -139,6 +139,14 @@
'';
};
};
"pad.katzen.cafe" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:3001";
proxyWebsockets = true;
};
};
"forge.katzen.cafe" = {
forceSSL = true;
enableACME = true;