hedgedoc: use socket

2023-07-25 00:52:31 +02:00 · 2023-07-25 00:52:31 +02:00 · 6c23fa359b
parent 3ac98bf8d4
commit 6c23fa359b
1 changed files with 12 additions and 1 deletions
--- a/hosts/hedgedoc/default.nix
+++ b/hosts/hedgedoc/default.nix
@ -29,6 +29,7 @@
        defaultPermission = "freely";
        domain = "hedgedoc.c3d2.de";
        loglevel = "warn";
+        path = "/run/hedgedoc/hedgedoc.sock";
        protocolUseSSL = true;
        sessionSecret = "$sessionSecret";
      };
@ -38,6 +39,7 @@
    nginx = {
      enable = true;
      enableReload = true;
+      upstreams.hedgedoc.servers."unix:${config.services.hedgedoc.settings.path}" = { };
      virtualHosts = {
        "codimd.c3d2.de" = {
          forceSSL = true;
@ -55,7 +57,7 @@
          enableACME = true;
          locations = {
            "^~ /robots.txt".return = "200 'User-agent: *\\nDisallow: /'";
-            "/".proxyPass = "http://localhost:${toString config.services.hedgedoc.settings.port}";
+            "/".proxyPass = "http://hedgedoc";
          };
        };
      };
@ -89,5 +91,14 @@
    };
  };

+  systemd = {
+    services.hedgedoc.serviceConfig.UMask = "0007";
+    tmpfiles.rules = [
+      "d /run/hedgedoc/ 0770 hedgedoc hedgedoc -"
+    ];
+  };
+
  system.stateVersion = "22.11";
+
+  users.users.nginx.extraGroups = [ "hedgedoc" ];
 }