blob: b4442de55567c0d58676fe57df7692f520015891 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
{ lib, ... }:
let
port = 19201;
in {
#services.nginx.virtualHosts."euer.krebsco.de".serverAliases = [ "etherpad.euer.krebsco.de" ];
services.nginx.virtualHosts."etherpad.euer.krebsco.de" = {
# useACMEHost = "euer.krebsco.de";
extraConfig = ''
ssl_session_timeout 30m;
'';
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://localhost:${toString port}";
# from https://github.com/ether/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy
locations."/".extraConfig = ''
proxy_buffering off; # be careful, this line doesn't override any proxy_buffering on set in a conf.d/file.conf
proxy_set_header Host $host;
proxy_pass_header Server;
# Note you might want to pass these headers etc too.
proxy_set_header X-Real-IP $remote_addr; # https://nginx.org/en/docs/http/ngx_http_proxy_module.html
proxy_set_header X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP
proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used
proxy_http_version 1.1; # recommended with keepalive connections
# WebSocket proxying - from https://nginx.org/en/docs/http/websocket.html
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 1799s;
'';
};
state = [ "/var/lib/docker/volumes/etherpad_data/_data/" ];
virtualisation.oci-containers.containers."etherpad-lite" = {
image = "makefoo/bgt-etherpad:2021-04-16.3"; # --build-arg ETHERPAD_PLUGINS="ep_markdown"
# ep_codepad does not work anymore
#image = "etherpad/etherpad:1.8.13";
ports = [ "127.0.0.1:${toString port}:9001" ];
volumes = [
"/var/src/secrets/etherpad/apikey:/opt/etherpad-lite/APIKEY.txt"
"etherpad_data:/opt/etherpad-lite/var" # persistent dirtydb
];
# for postgres
#DB_TYPE=postgres
#DB_HOST=db.local
#DB_PORT=4321
#DB_NAME=etherpad
#DB_USER=dbusername
#DB_PASS=mypassword
environment = {
# ADMIN_PASSWORD = "auf jeden fall nicht das echte admin passwort";
# LOGLEVEL = "DEBUG";
SUPPRESS_ERRORS_IN_PAD_TEXT = "true";
TRUST_PROXY = "true";
TITLE = "Binärgewitter Etherpad";
SKIN_NAME = "no-skin";
DEFAULT_PAD_TEXT = builtins.readFile ./template.md;
PAD_OPTIONS_USE_MONOSPACE_FONT = "true";
PAD_OPTIONS_USER_NAME = "true";
PAD_OPTIONS_USER_COLOR = "true";
PAD_OPTIONS_CHAT_AND_USERS = "true";
PAD_OPTIONS_LANG = "en-US";
};
};
}
|
