massicot: host hedgedoc with oidc

This commit is contained in:
xinyangli 2023-12-24 13:58:53 +08:00
parent b944954b3c
commit 8b735dd5da
5 changed files with 110 additions and 7 deletions

View file

@ -18,6 +18,9 @@
gts_env = {
owner = "gotosocial";
};
hedgedoc_env = {
owner = "hedgedoc";
};
grafana_cloud_api = {
owner = "prometheus";
sopsFile = ../secrets.yaml;

View file

@ -1,5 +1,6 @@
storage_box_mount: ENC[AES256_GCM,data:9lOAL3tkfB0pN4/cuM4SX0xoMrW0UUEzTN8spw3MQ3BWrfsRc3Stsce3puXz1sRf,iv:7Q9wzpBgQ3tqcfy0n/c6Ya84Kg60nhR/e2H0pVntWsY=,tag:9a0xvNBGQpCvhxgmV3hrww==,type:str]
gts_env: ENC[AES256_GCM,data:CKFKHXCJvTD0HFkVrBWhabcl/cloCT03qcZIc5JymiIAu+o6wef6gsQlkKP81vxC9S3XMYtLgXQ03D7Jetkfg+7nafF1+ogN,iv:/axRqZIatwYL++/KmBIievPPyKRkHGmVpgRe2Eet+fg=,tag:gwxyuePOYiD1vlSyq3yjXA==,type:str]
hedgedoc_env: ENC[AES256_GCM,data:zwAA+zKSJT0tZyYArCaa1lfL0y8DNHDp/thS11DrVxNvjmk38o0ydsKArfZKzFYye+qNBzz1B4sPCdW4cFgQUNgbM+n9AvoMB8CssdmQ+sALKmozA5aEV23q+khZSGlHocP6WA==,iv:SgZruOS1nanK64Ex1dvgoD1HzbGbNa4DFSBuVoaNgEc=,tag:R+I8m1AloDCXs5PdpEpS0w==,type:str]
sops:
kms: []
gcp_kms: []
@ -24,8 +25,8 @@ sops:
dnFBa0lDWWZtS1BHdzBoVzNTaGNkSEEKi/W1n7RT8NpTp00SBMwxsUJAPDhumJ/i
V2VnaSNwouD3SswTcoBzqQpBP9XrqzjIYGke90ZODFQbMY9WDQ+O0g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-15T13:06:05Z"
mac: ENC[AES256_GCM,data:ArxA3+i+W2hU0mpzjPqzBA1pQdZySwJ+LVAez2PWFMsrgT4QATi+KmlWWfuPBkOq/DYafAES8lTemDeuzuQl7bWZq06g3s35C8Q3D/TDUKFF3ALEL5grSxKTVzg4Npjc2q2OIOXrIp/j83Gn1lBuyBFg0YdGkJ+b/BmDGkTbyUg=,iv:8MB/+WklLsFTnlvxLyvCK8VUMNeXtaPTGXlp9hRGzOM=,tag:VbbnQfPewNGdrPqmZJSYlA==,type:str]
lastmodified: "2023-12-22T08:05:27Z"
mac: ENC[AES256_GCM,data:CiXU49arW+3w4/Lkh4l+6VjopyP7XNCU4AmuwZmnmQ7Vv4RCt84fC6lM6o4HiCc5jB07QY+2WZ5LvWz9zgSt636UpnCMgbG1w2Lxae38fW02RHJv90rn+cyyddB5kSucr5/P5NKBOZut54Cf4zVW9BaqajpQMxe4hEOn+xXpXz8=,iv:beWRlUvb6OUOK+mUXdvpvmM8S7xK0QIkIA2Bk9QA35c=,tag:KrBXqsAdBAhtwygdEHnUqQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -11,6 +11,21 @@ in
domain = "vaultwarden.xinyang.life";
};
custom.hedgedoc = {
enable = true;
caddy = true;
domain = "docs.xinyang.life";
mediaPath = "/mnt/storage/hedgedoc";
oidc = {
enable = true;
baseURL = "https://auth.xinyang.life/oauth2/openid/hedgedoc";
authorizationURL = "https://auth.xinyang.life/ui/oauth2";
tokenURL = "https://auth.xinyang.life/oauth2/token";
userProfileURL = "https://auth.xinyang.life/oauth2/openid/hedgedoc/userinfo";
};
environmentFile = config.sops.secrets.hedgedoc_env.path;
};
custom.prometheus = {
enable = true;
exporters.enable = true;
@ -27,7 +42,7 @@ in
fsType = "cifs";
options = ["uid=${share},gid=${share},credentials=${config.sops.secrets.storage_box_mount.path}"];
};
}) [ "forgejo" "gotosocial" "conduit" ] );
}) [ "forgejo" "gotosocial" "conduit" "hedgedoc" ] );
system.activationScripts = {
conduit-media-link.text = ''
@ -144,7 +159,7 @@ in
flush_interval -1
}
'';
virtualHosts."git.xinyang.life:443".extraConfig = ''
virtualHosts."https://git.xinyang.life:443".extraConfig = ''
reverse_proxy http://${config.services.gitea.settings.server.DOMAIN}:${toString config.services.gitea.settings.server.HTTP_PORT}
'';
@ -155,8 +170,8 @@ in
abort
}
'';
virtualHosts."https://auth.xinyang.life:443".extraConfig = ''
reverse_proxy https://auth.xinyang.life:${toString kanidm_listen_port} {
virtualHosts."https://auth.xinyang.life".extraConfig = ''
reverse_proxy https://127.0.0.1:${toString kanidm_listen_port} {
header_up Host {upstream_hostport}
header_down Access-Control-Allow-Origin "*"
transport http {