felixalb/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix hedgedoc oauth, update flake, update sops

Browse Source
This commit is contained in:
Felix Albrigtsen
2023-04-26 23:40:18 +02:00
parent 7d9a648030
commit 9e64e2dd1f
6 changed files with 52 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
hosts/voyager/services/hedgedoc.nix
View File

@@ -2,8 +2,9 @@
let
cfg = config.services.hedgedoc.settings;
domain = "md.feal.no";
port = 3000;
port = 3300;
host = "0.0.0.0";
authServerUrl = config.services.kanidm.serverSettings.origin;
in {
# Contains CMD_SESSION_SECRET and CMD_OAUTH2_CLIENT_SECRET
sops.secrets."hedgedoc/env" = {
@@ -12,27 +13,27 @@ in {
services.hedgedoc = {
enable = true;
environmentFile = config.sops.secrets."hedgedoc/env".path;
settings = {
inherit domain port host;
protocolUseSSL = true;
sessionSecret = "$CMD_SESSION_SECRET";
allowFreeURL = true;
db = {
dialect = "sqlite";
storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
};
environmentFile = config.sops.secrets."hedgedoc/env".path;
email = false;
oauth2 = let
authServerUrl = config.services.kanidm.serverSettings.origin;
in {
oauth2 = {
baseURL = "${authServerUrl}/oauth2";
tokenURL = "${authServerUrl}/oauth2/token";
authorizationURL = "${authServerUrl}/ui/oauth2";
userProfileURL = "${authServerUrl}/oauth2/openid/hedgedoc/userinfo";
clientID = "hedgedoc";
clientSecret = "";
clientSecret = "$CMD_OAUTH2_CLIENT_SECRET";
scope = "openid email profile";
userProfileUsernameAttr = "name";
userProfileEmailAttr = "email";
@@ -43,14 +44,11 @@ in {
};
};
services.nginx.virtualHosts.${domain} = {
locations."/" = {
proxyPass = "http://${host}:${toString port}/";
};
locations."/socket.io/" = {
proxyPass = "http://${host}:${toString port}/";
proxyWebsockets = true;
};
systemd.services.hedgedoc.serviceConfig = {
WorkingDirectory = lib.mkForce "/var/lib/hedgedoc";
StateDirectory = lib.mkForce [ "hedgedoc" "hedgedoc/uploads" ];
};
networking.firewall.allowedTCPPorts = [ port ];
}