From b3a7ef71d92b3306b8cc69c8a2b76ae46b3f508e Mon Sep 17 00:00:00 2001
From: Stefan Junker <mail@stefanjunker.de>
Date: Mon, 24 May 2021 19:50:36 +0200
Subject: [PATCH] webserver: configure hedgedoc

---
 nix/os/containers/webserver.nix   |  40 +++++++++++++++++++++++++++++-
 nix/variables/passwords.crypt.nix | Bin 1098 -> 1282 bytes
 2 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/nix/os/containers/webserver.nix b/nix/os/containers/webserver.nix
index 10f356d..08301c0 100644
--- a/nix/os/containers/webserver.nix
+++ b/nix/os/containers/webserver.nix
@@ -2,7 +2,11 @@
 , localAddress
 , httpPort ? 80
 , httpsPort ? 443
-}: {
+}:
+
+let
+  passwords = import ../../variables/passwords.crypt.nix;
+in {
   config = { config, pkgs, lib, ... }: {
     imports = [
       ../profiles/containers/configuration.nix
@@ -25,6 +29,7 @@
     };
 
     services.nginx.enable = true;
+    services.nginx.recommendedProxySettings = true;
     services.nginx.virtualHosts."www.stefanjunker.de" = {
       default = true;
       addSSL = true;
@@ -60,6 +65,16 @@
         fastcgi_pass unix:${config.services.phpfpm.pools.mypool.socket};
         fastcgi_index index.php;
       '';
+
+      locations."/hedgedoc/" = {
+        proxyPass = "http://127.0.0.1:3000/";
+      };
+
+      locations."/hedgedoc/socket.io/" = {
+        proxyPass = "http://127.0.0.1:3000/socket.io/";
+        proxyWebsockets = true;
+      };
+
     };
 
     services.phpfpm.pools.mypool = {
@@ -89,6 +104,24 @@
       enable = true;
       package = pkgs.mariadb;
     };
+
+    services.hedgedoc = {
+      enable = true;
+      configuration = {
+        domain = "www.stefanjunker.de";
+        urlPath = "hedgedoc";
+        protocolUseSSL = true;
+        db = {
+          dialect = "sqlite";
+          storage = "/var/lib/codimd/db.codimd.sqlite";
+        };
+        allowAnonymous = false;
+
+
+        # oauth2 provider config
+        inherit (passwords.www_stefanjunker_de_hedgedoc) dropbox;
+      };
+    };
   };
 
   autoStart = true;
@@ -108,6 +141,11 @@
       hostPath = "/var/lib/container-volumes/webserver/var-lib-mysql";
       isReadOnly = false;
     };
+
+    "/var/lib/codimd" = {
+      hostPath = "/var/lib/container-volumes/webserver/var-lib-codimd";
+      isReadOnly = false;
+    };
   };
 
   privateNetwork = true;
diff --git a/nix/variables/passwords.crypt.nix b/nix/variables/passwords.crypt.nix
index ff47308936660d77fca71ff0c5ff74fe8dfd3063..d91b7826de01e0cfb3b25c70337aab6d67dcad89 100644
GIT binary patch
literal 1282
zcmZQ@_Y83kiVO&0h>X=&t9vVa=HksB9?2~~y^<~4t`<%7(P|Q#%E)@*jnto@gUlYK
zPpoSutz8lBAMt+bxBo>E3XMmcmwzaZ|6Q0MQS$rFbN<j->={2MZa8#7#h=w|gMPeQ
z!?H+jr?Ur7et5LE`Sb_Ac>!BC>IOyRvYocIjCCq<@G9P=c<70T(C)+_jXWvG%kwH`
zpZdDE>{xZ`#!rttb7Jowk@$J+jpOy-O@ao?mK(PwCp|aey7cw<1~#Y4OKy%~S1Ltc
z)o=e`pTGOE*h`tHCWT``ogPO&&v+9ab6C)4+Sa7(@PE2}1{R8Sl}TI+&r1qLyKKnT
z?d29sY3yFRqA0xP##L7jiN+(lcJN%4-6F-=bZTK>hsCT<j{g=%J8ZuG>HhV)8*^sQ
z6;Srm`W<!SjFZFeUx|U0K}D;N=GzGFeZ1%@<2t{u&bDfcPP`Eb4$x3enRfNwJ@qN6
zdt_8*YCd~t@K`ltp6g|$IH||q1<L165%{T_mB6^x`r*mB9p5TLZm;g+$X&&LGA`6<
z;q^P2zkPZ5Hl=6fd7bN7Hz$U-<elWqLvlN2v4&^d`ozoG*vcGNR=YGXdEu^$91=>d
z&z?<oIR2#U!EdKedmb|ON3u=*QW<e}iCF!rd#r*#N@l-m(^b(rGOxotIeLlw)>X%4
zU*+`e(k?yAK7Y3f(?Zo9@7X4V-r$g5UFToc_%QK?>X!;nwxplwTRmm3ww+pYVnWaK
zF7C7c*dIMecq4iB-V4K1L32*}ZQ06Z|Mk!OnCgmS`a7+keeWtvS}b!hXs1*EFTaNe
zpB2``={||QVJXS*S4O|7>E@CLg7*T;9Kx@KUh>I$pv^s7O#g*P1OEe4J>53dl^bo;
zjlc0UX8K7Al+I=26|giruJq#l>O;@%+;${=;{ADi$;TNE$G^;2elq7%)z53fA)hZl
zkX>dflN{`M>BQX?kMh^4uHDdCcB>+5=}kq2rK<}QLV2RovR6zrom^@fI`im>;s%wc
zYch-PRdl`!+;ji1>lQ!nAl4@KTM~y3I?TJd^2>4gtDmCQ{hXr{uzW?p5#Kki|C3ft
z+{ESj{ldyr=kWT4uG4<~nZ7_|HkVw{&a4%=Y%_m;FPo#RulOQ(^*)IYjgIAO{LPHt
zPx(`AY%%@ntA~GG_v||Q_(a@^G=ZYltu@iN9j9ja>`3!l7548<vx?fcY>CPT-wvhJ
zaer0gO`mo1)I@vTuu@5G#>e^^nnzQV-(;n)d1m&oyY~DGE&eC+xu&dY+n4G!)XE-C
z@3?S(lCX}~Osl7w!6tuZA1&obQ)%lu!1dB1$MSFc)Xq2E!PP<gd`dSSt@rO)#Ffl0
zxapA7dXMa)^HMJVzD#{~{(5;trdrBYagjzg(ao0*Zj@Q%E$~B7@WJU%&Fgg-YcDG-
zJriv5;NtZY6*+T_Dj!dlxaadhcB!oPv-Zu}rfp@cR~A<{Hkrvz_?p;$aY9$D@%f#W
zSJnt!e#GCtb%M>bH>(!07afWYsbg;arqk<tM>jT7Y4J{>?`NMp7qjNo;G6OPOL|W8
zOr1$wG1Gk|Ol>R<_8;ugUN5`dKPD>lneM-uZ)G!Xs4tb~@SVE*%!aDByr-tdJbaM2
zFVW>;;(FyzcWPpTWn?y{WV`lm&;7`jyFFL!q2}_FP91%clc&iX{NBKFh22*z`AOaX
z7YBPj#xXS<U)bui`nubO${SmlMXuiIh+>;HC7w&};Z%k{>E-gfs<)nVe;$~3ll6o{
GO(p;Ys(xeu

literal 1098
zcmZQ@_Y83kiVO&0xPJ4Boa=MNu)lA#tJUw9|Itcml$-tXq5Bsd&pnai?yP-1+c@Vt
zn=#gid}RxseQZvqz_)$o-vTQ5Zn{5J+@xM#-{3Dj(O}Ai#dfbeS9vpCtFPzUZm_Fv
zndgQd@~<wPfBkD~!S_rP*OH^RqFGx+rz(YRi<R^ZURCk<O6KepW<R~<G>#XU@LQE-
zO`U$M;<d-;qnt;@4jw7d@MfPTmrxauEyHts%ZuPSi#0{9u7)Pe5w89yd)myKS>^YN
z%e%|FZLF;C#VPDed)A@!@A1L!_j-6k>$2V)c|CK<yHiEs0gfJg)r)2|x4)e9>`-{y
zvd=!3Zrkd-nXyXrP$+{ezsk8g@ytS#GPlV4XE_PZS*sPxR4u(Nx+E>e`VikEHIE?C
zbzMtV9BT}an*Dr{X5FWkxjp;m-hB~#K1@2`>~VdKpan7$*d}YQDwyGzWiC56=|Y0Y
znIE5@cKdrUCB|Rs;#9n_^$~aGhWexGqSwv-RxR@5G~c+xY0iO+PyJdKaxxwtp0c*_
zn$M3JRx4S#Zl%udmd?9VUCaM($J>Jfm)O>SUlk%PV6f**)<egwYjUzr+GGpdN`Lu%
z$AjNzY&>O{Qs=i`Oi@z|*~F3Pe(nO}Nm+rsY3Cw2nOgpRWwCv3`!QAM&DnAb^O6u|
zewK$F&jSU`HoA3g{~G#7Mx|di(Pw7;hM&E{_4S5pt+(s#eSb~%=ET6s3%V*d`i9In
zf9U<2!_g|-xA{vCtcaZTSW~+0{*uk+(We5eSSCfRx%771>`s}*T9d9wO?)Ju$Ml3%
z`qt!U37M;8{&d#8mEM1Qx!^O?lgrP~JuAE3c<bFN*T-R2PY+LdCFQ(GV3ygeWiw56
z=FdA_Z?w`P;>nWmU+EjR-#YLzWmW2yi2FC}SG4SGkk6}1|5Dk1a$dwCfwdo(=(KfA
zPkE-&k-4PBYk$B+%{1rc65c~`Q+Mz7(2IHSIBoXUXt#RreZ|IR_jZ*EX3l;5obS&r
zL0Ps$naLb%pDWxI<y)m4=7qm0|1N*9D<|uS4g16sthT3<D!eXEIDC4h;+vVvBu(Gv
zeC~EuyFBHJW7CeC^KSfhy>U>LzyJ83`*XC!KHYh*7`ozMj@I;Zxd&7))}B0U^7OI4
zg6BM~1GNi-7RTPx<`FP6V}07-@w@o<47Nu%AKlvAkWs&J&7>glEETIyq1!CBrLKRx
zc$-q}Lp$y8jaL_iaP2jedU#HD2GiVG(MloJ%kJv<|NQ@9+4-E%fQan7V(sUiJ?d1s
z{ci76#xp7R4QKZM;+8jBwS=4Xfa*m1Cf5lr|NVR3rT)nc7Vd8?@VX%7`G1-9q(nXc
zgMw8?|Gn3li5#0K{jco2?PeE=4S`FU_hwE%wV*twLf|BOy}I9@u2*v3Sa1JJ416?&
zb#DARk5k*@=g)Z){y=ouS#7gm>lue1F7vWUy?EiUN|JhK`@Ab$bGX)|^Eift{F3hT
V`k`2n7?daSeb>K}t!KQfl>tVj9<l%c