forked from c3d2/nix-config
Rename codimd.c3d2.de to hedgedoc.c3d2.de, redirect, add ldap login
This commit is contained in:
parent
a48b72c4a3
commit
f0800a6150
90
flake.lock
90
flake.lock
|
@ -3,16 +3,16 @@
|
|||
"fenix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
"nixos"
|
||||
],
|
||||
"rust-analyzer-src": "rust-analyzer-src"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1658471435,
|
||||
"narHash": "sha256-NQ6pbKcXv/zZYXiGzx+BsPJglrEps9qJxCdpmB135n4=",
|
||||
"lastModified": 1658557620,
|
||||
"narHash": "sha256-IUiiWZXk6Q5xUm+Pl01S9DXmDZj065KbArecCd9cahc=",
|
||||
"owner": "nix-community",
|
||||
"repo": "fenix",
|
||||
"rev": "353d5ac5d0e3e8c26fe7c6744afdb1929496b1df",
|
||||
"rev": "441b2aeebfb0582ce300becebcf8ffb58300d9ec",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -45,7 +45,7 @@
|
|||
"naersk"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
"nixos"
|
||||
],
|
||||
"utils": "utils"
|
||||
},
|
||||
|
@ -148,7 +148,7 @@
|
|||
"inputs": {
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
"nixos"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
|
@ -168,7 +168,7 @@
|
|||
"naersk": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
"nixos"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
|
@ -259,6 +259,22 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos": {
|
||||
"locked": {
|
||||
"lastModified": 1658500284,
|
||||
"narHash": "sha256-g7vwZ5UF8PvC9f2/7Zf5O6zxgJiMSuh1CiGZVuuOhEQ=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "e3583ad6e533a9d8dd78f90bfa93812d390ea187",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-22.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1658401027,
|
||||
|
@ -276,11 +292,11 @@
|
|||
},
|
||||
"nixos-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1658380158,
|
||||
"narHash": "sha256-DBunkegKWlxPZiOcw3/SNIFg93amkdGIy2g0y/jDpHg=",
|
||||
"lastModified": 1658465217,
|
||||
"narHash": "sha256-f2Zyt7TsDZ1TK3Cu6ZtzWoWQ4nnQq07uXTPxW26rIQY=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a65b5b3f5504b8b89c196aba733bdf2b0bd13c16",
|
||||
"rev": "2d372784634e224c5a629d80a19705af655fbc7d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -292,11 +308,11 @@
|
|||
},
|
||||
"nixos-unstable-sandro": {
|
||||
"locked": {
|
||||
"lastModified": 1658533212,
|
||||
"narHash": "sha256-+rbyEE2e26gZ+e4455yOPbcLVtT+w4jYZ2QdtV9WLeo=",
|
||||
"lastModified": 1658627301,
|
||||
"narHash": "sha256-FkWtHYuXeODkBDMg3c9vvu+Y+SkfaudoLg5338aT+48=",
|
||||
"owner": "SuperSandro2000",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "bc4f3aa3cf7d3d541b2f177de8bf54b2bde94ec2",
|
||||
"rev": "ab3be9aef4ba2d3850674dc1e21fc510865d55db",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -382,22 +398,6 @@
|
|||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1658422817,
|
||||
"narHash": "sha256-kzZrlzqK6kbkTEnDK21wjRDamUJP0m30pm3XRPk0aZg=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "70e3e0ee807371e16563a88b77b8533e2cea8aa2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-22.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"oparl-scraper": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
|
@ -435,7 +435,7 @@
|
|||
"openwrt-imagebuilder": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
"nixos"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
|
@ -455,7 +455,7 @@
|
|||
"riscv64": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
"nixos"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
|
@ -480,10 +480,10 @@
|
|||
"hydra-ca": "hydra-ca",
|
||||
"microvm": "microvm",
|
||||
"naersk": "naersk",
|
||||
"nixos": "nixos",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixos-unstable": "nixos-unstable",
|
||||
"nixos-unstable-sandro": "nixos-unstable-sandro",
|
||||
"nixpkgs": "nixpkgs_3",
|
||||
"nixpkgs-mobilizon": "nixpkgs-mobilizon",
|
||||
"oparl-scraper": "oparl-scraper",
|
||||
"openwrt": "openwrt",
|
||||
|
@ -502,11 +502,11 @@
|
|||
"rust-analyzer-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1658391799,
|
||||
"narHash": "sha256-Bw/zHZXdxe4DLhtT/hk0t/oDwXKLTTtb6Xt4HTbWT74=",
|
||||
"lastModified": 1658530835,
|
||||
"narHash": "sha256-ZzqSWm8gM+DRDcBlSRIG+EccgF9G6C2KmC0vBt1T+0A=",
|
||||
"owner": "rust-lang",
|
||||
"repo": "rust-analyzer",
|
||||
"rev": "84a6fac37ad61ff512993ee64b47deff9a52c560",
|
||||
"rev": "0b131bc78eece8be69b5d3633f4db04cf2c1151b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -535,18 +535,18 @@
|
|||
"secrets": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
"nixos"
|
||||
],
|
||||
"sops-nix": [
|
||||
"sops-nix"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1657928876,
|
||||
"narHash": "sha256-vK8OIjiD3XpzTH6uv358IU71Jwvu5o2+q8ISg+Vg+tU=",
|
||||
"lastModified": 1658611658,
|
||||
"narHash": "sha256-rl7y2T0+/w0AezY3l5BGvBNMGvSnH4WWEJ6OWwhNyFw=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "ce0f7c9f962851cdead48cf8dd3ee088aa00efed",
|
||||
"revCount": 143,
|
||||
"rev": "854379a9c9d037aca41e6da65176f1a36bbf0bf9",
|
||||
"revCount": 144,
|
||||
"type": "git",
|
||||
"url": "ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git"
|
||||
},
|
||||
|
@ -558,10 +558,10 @@
|
|||
"sops-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
"nixos"
|
||||
],
|
||||
"nixpkgs-22_05": [
|
||||
"nixpkgs"
|
||||
"nixos"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
|
@ -603,7 +603,7 @@
|
|||
"naersk"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
"nixos"
|
||||
],
|
||||
"utils": "utils_2"
|
||||
},
|
||||
|
@ -670,7 +670,7 @@
|
|||
"yammat": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
"nixos"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
|
@ -691,7 +691,7 @@
|
|||
"zentralwerk": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
"nixos"
|
||||
],
|
||||
"openwrt": [
|
||||
"openwrt"
|
||||
|
|
|
@ -494,6 +494,7 @@
|
|||
}
|
||||
./hosts/containers/hedgedoc
|
||||
];
|
||||
nixpkgs = inputs.nixos-unstable-sandro;
|
||||
};
|
||||
|
||||
pulsebert = nixosSystem' {
|
||||
|
|
|
@ -12,16 +12,20 @@
|
|||
|
||||
networking = {
|
||||
hostName = "hedgedoc";
|
||||
hosts = {
|
||||
"2a00:8180:2c00:282::48" = [ "auth.c3d2.de" ];
|
||||
"172.20.73.72" = [ "auth.c3d2.de" ];
|
||||
};
|
||||
firewall.allowedTCPPorts = [ 80 443 ];
|
||||
};
|
||||
|
||||
services = {
|
||||
hedgedoc = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
settings = {
|
||||
allowAnonymousEdits = true;
|
||||
allowFreeURL = true;
|
||||
allowOrigin = [ "codimd.c3d2.de" ];
|
||||
allowOrigin = [ "hedgedoc.c3d2.de" ];
|
||||
csp = {
|
||||
enable = true;
|
||||
addDefaults = true;
|
||||
|
@ -32,7 +36,16 @@
|
|||
host = "/run/postgresql/";
|
||||
};
|
||||
defaultPermission = "freely";
|
||||
domain = "codimd.c3d2.de";
|
||||
domain = "hedgedoc.c3d2.de";
|
||||
ldap = {
|
||||
url = "ldaps://auth.c3d2.de";
|
||||
bindDn = "uid=search,ou=users,dc=c3d2,dc=de";
|
||||
bindCredentials = "$bindCredentials";
|
||||
searchBase = "ou=users,dc=c3d2,dc=de";
|
||||
searchFilter = "(&(objectclass=person)(uid={{username}}))";
|
||||
tlsca = "/etc/ssl/certs/ca-certificates.crt";
|
||||
useridField = "uid";
|
||||
};
|
||||
protocolUseSSL = true;
|
||||
sessionSecret = "$sessionSecret";
|
||||
};
|
||||
|
@ -41,21 +54,18 @@
|
|||
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."codimd.c3d2.de" = {
|
||||
default = true;
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:${toString config.services.hedgedoc.configuration.port}";
|
||||
# extraConfig = ''
|
||||
# satisfy any;
|
||||
# auth_basic secured;
|
||||
# auth_basic_user_file ${pkgs.matemat-auth};
|
||||
# allow 2a00:8180:2c00:200::/56;
|
||||
# allow 172.22.99.0/24;
|
||||
# allow 172.20.72.0/21;
|
||||
# deny all;
|
||||
# '';
|
||||
enableReload = true;
|
||||
virtualHosts = {
|
||||
"codimd.c3d2.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".return = "301 https://hedgedoc.c3d2.de$request_uri";
|
||||
};
|
||||
"hedgedoc.c3d2.de" = {
|
||||
default = true;
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".proxyPass = "http://localhost:${toString config.services.hedgedoc.configuration.port}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -67,7 +67,10 @@
|
|||
];
|
||||
proxyTo.host = config.c3d2.hosts.c3d2-web.ip4;
|
||||
} {
|
||||
hostNames = [ "codimd.c3d2.de" ];
|
||||
hostNames = [
|
||||
"codimd.c3d2.de"
|
||||
"hedgedoc.c3d2.de"
|
||||
];
|
||||
proxyTo.host = config.c3d2.hosts.hedgedoc.ip4;
|
||||
} {
|
||||
hostNames = [ "ftp.c3d2.de" ];
|
||||
|
|
Loading…
Reference in New Issue