Henry-Hiles/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos/clients/quadraticserver/docs.nix
Henry-Hiles bdace30709
 Add another secret
2025-07-29 22:41:42 -04:00

114 lines
3.3 KiB
Nix
Raw Permalink Blame History

{
inputs,
config,
pkgs,
...
}: let
s3Domain = "http://127.0.0.1${config.services.minio.listenAddress}";
cfg = config.services.lasuite-docs;
in {
imports = [inputs.lasuite-docs-proxy.nixosModules.default];
systemd.services.lasuite-docs-collaboration-server.serviceConfig.EnvironmentFile = cfg.environmentFile;
services = let
proxySocket = "/var/run/lasuite-docs-proxy/socket";
authDomain = "auth.federated.nexus";
domain = "docs.federated.nexus";
s3Url = "${s3Domain}/lasuite-docs";
socket = "/run/lasuite-docs/socket";
in {
lasuite-docs-proxy = {
enable = true;
args = [
"--socket"
proxySocket
"--authUri"
"https://docs.federated.nexus/api/v1.0/documents/media-auth/"
"--minioUri"
s3Url
];
group = "caddy";
};
lasuite-docs = {
enable = true;
enableNginx = false;
redis.createLocally = true;
postgresql.createLocally = true;
frontendPackage = pkgs.lasuite-docs-frontend.overrideAttrs {
NEXT_PUBLIC_PUBLISH_AS_MIT = "false";
};
bind = "unix:${socket}";
inherit s3Url domain;
settings = {
OIDC_OP_AUTHORIZATION_ENDPOINT = "https://federated.nexus/login";
OIDC_OP_TOKEN_ENDPOINT = "https://${authDomain}/token";
OIDC_OP_USER_ENDPOINT = "https://${authDomain}/userinfo";
OIDC_RP_SIGN_ALGO = "HS256";
COLLABORATION_API_URL = "https://${domain}/collaboration/api/";
LOGIN_REDIRECT_URL = "https://${domain}";
AWS_S3_ENDPOINT_URL = s3Domain;
AWS_S3_ACCESS_KEY_ID = "minioadmin";
AWS_STORAGE_BUCKET_NAME = "lasuite-docs";
MEDIA_BASE_URL = "https://${domain}";
DJANGO_ALLOWED_HOSTS = domain;
};
environmentFile = config.age.secrets."lasuiteSecrets.age".path;
};
minio = {
enable = true;
rootCredentialsFile = config.age.secrets."minioCredentials.age".path;
};
caddy.virtualHosts."${domain}".extraConfig = let
collabUrl = "http://localhost:${toString cfg.collaborationServer.port}";
in ''
handle_errors {
rewrite * /{http.error.status_code}
file_server
}
redir /api/v1.0/logout/None /
root * ${cfg.frontendPackage}
file_server
@uuidDocs path_regexp uuidDocs ^/docs/[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}/?$
rewrite @uuidDocs /docs/[id]/index.html
reverse_proxy /api/* unix/${socket}
reverse_proxy /admin/* unix/${socket}
reverse_proxy /collaboration/ws/* ${collabUrl}
reverse_proxy /collaboration/api/* ${collabUrl}
reverse_proxy /api/v1.0/documents/media-auth/ unix/${socket}
reverse_proxy /media/* unix/${proxySocket}
'';
};
systemd.services.minio-init = {
description = "Create MinIO bucket";
after = ["minio.service"];
requires = ["minio.service"];
wantedBy = ["multi-user.target"];
path = [pkgs.getent pkgs.minio-client];
serviceConfig = {
Type = "oneshot";
EnvironmentFile = config.age.secrets."minioCredentials.age".path;
ExecStart = pkgs.writeShellScript "init-minio" ''
mc alias set minio ${s3Domain} "$MINIO_ROOT_USER" "$MINIO_ROOT_PASSWORD" --api s3v4
mc mb --ignore-existing minio/lasuite-docs
mc anonymous get minio/lasuite-docs
'';
};
};
}
Reference in a new issue View git blame Copy permalink