mirror of
https://forge.katzen.cafe/katzen-cafe/katzen-cafe.git
synced 2024-11-25 15:18:45 +01:00
44 lines
1.3 KiB
Nix
44 lines
1.3 KiB
Nix
{ ... }:
|
|
{
|
|
services.hedgedoc = {
|
|
enable = true;
|
|
settings = {
|
|
domain = "pad.katzen.cafe";
|
|
port = 3001;
|
|
protocolUseSSL = true;
|
|
allowFreeURL = true;
|
|
requireFreeURLAuthentication = true;
|
|
allowEmailRegister = false;
|
|
email = false;
|
|
allowAnonymous = false;
|
|
allowAnonymousEdits = true;
|
|
oauth2 = {
|
|
userProfileURL = "https://auth.katzen.cafe/realms/katzen.cafe/protocol/openid-connect/userinfo";
|
|
userProfileUsernameAttr = "preferred_username";
|
|
userProfileDisplayNameAttr = "name";
|
|
userProfileEmailAttr = "email";
|
|
tokenURL = "https://auth.katzen.cafe/realms/katzen.cafe/protocol/openid-connect/token";
|
|
authorizationURL = "https://auth.katzen.cafe/realms/katzen.cafe/protocol/openid-connect/auth";
|
|
clientID = "hedgedoc";
|
|
providerName = "Keycloak";
|
|
# the envfile should overwrite this?
|
|
clientSecret = "none";
|
|
scope = "openid email profile";
|
|
};
|
|
db = {
|
|
dialect = "postgres";
|
|
host = "/run/postgresql";
|
|
database = "catpad";
|
|
};
|
|
};
|
|
environmentFile = "/var/lib/secrets/hedgedoc.env";
|
|
};
|
|
deployment.keys = {
|
|
"hedgedoc.env" = {
|
|
keyCommand = [ "pass" "hedgedoc/envfile" ];
|
|
destDir = "/var/lib/secrets";
|
|
permissions = "0604";
|
|
};
|
|
};
|
|
}
|