add hedgedoc

2026-02-22 21:05:22 +08:00 · 2024-05-19 10:12:11 -04:00 · 2024-05-19 10:12:11 -04:00 · 6053722acf
commit 6053722acf
parent f94ed24706
3 changed files with 44 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@ -55,6 +55,10 @@
          immediacy = {
            targetHost = "immediacy";
            targetUser = "srid";
+            keys."hedgedoc.env" = {
+              user = "hedgedoc";
+              keyCommand = read1Password "hedgedoc.env";
+            };
          };
          github-runner =
            let
--- a/nixos/hedgedoc.nix
+++ b/nixos/hedgedoc.nix
@ -0,0 +1,39 @@
+{ config, pkgs, lib, ... }:
+
+let
+  domain = "pad.srid.ca";
+  port = 9112;
+in
+{
+  services.hedgedoc = {
+    enable = true;
+
+    # GitHub secrets set in colmena (see flake.nix)
+    environmentFile = "/run/keys/hedgedoc.env";
+
+    settings = {
+      # URL config
+      inherit domain port;
+      protocolUseSSL = true;
+      urlAddPort = false;
+      allowOrigin = [ "localhost" ];
+
+      # Accept GitHub users only.
+      # NOTE: Fine-grained access (eg: whitelist of users) not possible until
+      # HedgeDoc 2.0
+      email = false;
+      allowAnonymous = false;
+    };
+  };
+
+  services.nginx = {
+    virtualHosts.${domain} = {
+      enableACME = true;
+      addSSL = true;
+      locations."/" = {
+        proxyPass = "http://localhost:${builtins.toString port}";
+        proxyWebsockets = true;
+      };
+    };
+  };
+}
--- a/systems/ax41.nix
+++ b/systems/ax41.nix
@ -13,6 +13,7 @@ in
    "${self}/nixos/self/primary-as-admin.nix"
    "${self}/nixos/docker.nix"
    "${self}/nixos/actualism-app.nix"
+    "${self}/nixos/hedgedoc.nix"
    # "${self}/nixos/server/harden/basics.nix"
  ];