52 lines
1.5 KiB
Nix
52 lines
1.5 KiB
Nix
|
{ config, pkgs, lib, ... }:
|
||
|
let
|
||
|
cfg = config.services.hedgedoc.settings;
|
||
|
domain = "md.feal.no";
|
||
|
port = 3000;
|
||
|
host = "0.0.0.0";
|
||
|
in {
|
||
|
services.hedgedoc = {
|
||
|
enable = true;
|
||
|
|
||
|
settings = {
|
||
|
inherit domain port host;
|
||
|
protocolUseSSL = true;
|
||
|
db = {
|
||
|
dialect = "sqlite";
|
||
|
storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
|
||
|
};
|
||
|
email = false;
|
||
|
oauth2 = let
|
||
|
authServerUrl = config.services.kanidm.serverSettings.origin;
|
||
|
in {
|
||
|
baseURL = "${authServerUrl}/oauth2";
|
||
|
tokenURL = "${authServerUrl}/oauth2/token";
|
||
|
authorizationURL = "${authServerUrl}/ui/oauth2";
|
||
|
userProfileURL = "${authServerUrl}/oauth2/openid/hedgedoc/userinfo";
|
||
|
|
||
|
clientID = "hedgedoc";
|
||
|
scope = "openid email profile";
|
||
|
userProfileUsernameAttr = "name";
|
||
|
userProfileEmailAttr = "email";
|
||
|
userProfileDisplayNameAttr = "displayname";
|
||
|
|
||
|
providerName = "KaniDM";
|
||
|
# rolesClaim = "roles";
|
||
|
# accessRole = "hedgedoc_users";
|
||
|
};
|
||
|
|
||
|
};
|
||
|
};
|
||
|
#networking.firewall.allowedTCPPorts = [ port ];
|
||
|
services.nginx.virtualHosts.${domain} = {
|
||
|
locations."/" = {
|
||
|
proxyPass = "http://${host}:${toString port}/";
|
||
|
};
|
||
|
|
||
|
locations."/socket.io/" = {
|
||
|
proxyPass = "http://${host}:${toString port}/";
|
||
|
proxyWebsockets = true;
|
||
|
};
|
||
|
};
|
||
|
}
|