webserver: configure hedgedoc

nix/os/containers/webserver.nix

@@ -2,7 +2,11 @@
 , localAddress
 , httpPort ? 80
 , httpsPort ? 443
-}: {
+}:
+
+let
+  passwords = import ../../variables/passwords.crypt.nix;
+in {
   config = { config, pkgs, lib, ... }: {
     imports = [
       ../profiles/containers/configuration.nix
@@ -25,6 +29,7 @@
     };
 
     services.nginx.enable = true;
+    services.nginx.recommendedProxySettings = true;
     services.nginx.virtualHosts."www.stefanjunker.de" = {
       default = true;
       addSSL = true;
@@ -60,6 +65,16 @@
         fastcgi_pass unix:${config.services.phpfpm.pools.mypool.socket};
         fastcgi_index index.php;
       '';
+
+      locations."/hedgedoc/" = {
+        proxyPass = "http://127.0.0.1:3000/";
+      };
+
+      locations."/hedgedoc/socket.io/" = {
+        proxyPass = "http://127.0.0.1:3000/socket.io/";
+        proxyWebsockets = true;
+      };
+
     };
 
     services.phpfpm.pools.mypool = {
@@ -89,6 +104,24 @@
       enable = true;
       package = pkgs.mariadb;
     };
+
+    services.hedgedoc = {
+      enable = true;
+      configuration = {
+        domain = "www.stefanjunker.de";
+        urlPath = "hedgedoc";
+        protocolUseSSL = true;
+        db = {
+          dialect = "sqlite";
+          storage = "/var/lib/codimd/db.codimd.sqlite";
+        };
+        allowAnonymous = false;
+
+
+        # oauth2 provider config
+        inherit (passwords.www_stefanjunker_de_hedgedoc) dropbox;
+      };
+    };
   };
 
   autoStart = true;
@@ -108,6 +141,11 @@
       hostPath = "/var/lib/container-volumes/webserver/var-lib-mysql";
       isReadOnly = false;
     };
+
+    "/var/lib/codimd" = {
+      hostPath = "/var/lib/container-volumes/webserver/var-lib-codimd";
+      isReadOnly = false;
+    };
   };
 
   privateNetwork = true;