summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/bgt/etherpad.euer.krebsco.de.nix
blob: ff180e30701ccfb1c175f0234a7f11660a9f1196 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
{ lib, ... }:
let
  port = 19201;
in {
  #services.nginx.virtualHosts."euer.krebsco.de".serverAliases = [ "etherpad.euer.krebsco.de" ];
  services.nginx.virtualHosts."etherpad.euer.krebsco.de" = {
    # useACMEHost = "euer.krebsco.de";
    extraConfig = ''
      ssl_session_timeout  30m;
    '';
    enableACME = true;
    forceSSL = true;
    locations."/".proxyPass = "http://127.0.0.1:${toString port}";
    # from https://github.com/ether/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy
    locations."/".extraConfig = ''

        proxy_buffering    off; # be careful, this line doesn't override any proxy_buffering on set in a conf.d/file.conf
        proxy_set_header   Host $host;
        proxy_pass_header  Server;

        # Note you might want to pass these headers etc too.
        proxy_set_header    X-Real-IP $remote_addr; # https://nginx.org/en/docs/http/ngx_http_proxy_module.html
        proxy_set_header    X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP
        proxy_set_header    X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used
        proxy_http_version  1.1; # recommended with keepalive connections

        # WebSocket proxying - from https://nginx.org/en/docs/http/websocket.html
        proxy_set_header  Upgrade $http_upgrade;
        proxy_set_header  Connection "upgrade";
        proxy_read_timeout 1799s;
    '';
  };
  state = [ "/var/lib/docker/volumes/etherpad_data/_data/" ];
  virtualisation.oci-containers.containers."etherpad-lite" = {
    #image = "makefoo/bgt-etherpad:2021-04-16.3"; # --build-arg ETHERPAD_PLUGINS="ep_markdown"
    image = "etherpad/etherpad:1.8.14";

    ports = [ "127.0.0.1:${toString port}:9001" ];
    volumes = [
      "/var/src/secrets/etherpad/apikey:/opt/etherpad-lite/APIKEY.txt"
      "etherpad_data:/opt/etherpad-lite/var" # persistent dirtydb
    ];
  # for postgres
  #DB_TYPE=postgres
  #DB_HOST=db.local
  #DB_PORT=4321
  #DB_NAME=etherpad
  #DB_USER=dbusername
  #DB_PASS=mypassword
    environment = {
      # ADMIN_PASSWORD = "auf jeden fall nicht das echte admin passwort";
      # LOGLEVEL = "DEBUG";

      SUPPRESS_ERRORS_IN_PAD_TEXT = "true";
      TRUST_PROXY =  "true";
      TITLE = "Binärgewitter Etherpad";
      SKIN_NAME = "no-skin";
      DEFAULT_PAD_TEXT = builtins.readFile ./template.md;
      PAD_OPTIONS_USE_MONOSPACE_FONT = "true";
      PAD_OPTIONS_USER_NAME = "true";
      PAD_OPTIONS_USER_COLOR = "true";
      PAD_OPTIONS_CHAT_AND_USERS = "true";
      PAD_OPTIONS_LANG = "en-US";
    };
  };
}