nixconfig/modules/server/containers/apps/etherpad.nix

{ config, containerCfg, pkgs, lib, builder, name,... }:
let 
  serverCfg = config.syscfg.server;
  etherpad_exe = pkgs.etherpad-lite;/*.override {
    plugins = [ pkgs.nodePackages.ep_proxy_auth ]; # Ensure this is in your nixpkgs
  };*/
  settings = pkgs.writeTextDir"etc/etherpad/settings.json" (builtins.toJSON {
    title= "\${TITLE:Etherpad}";
    showRecentPads = "\${SHOW_RECENT_PADS:true}";
    favicon = "\${FAVICON:null}";
    publicURL = "\${PUBLIC_URL:null}";
    skinName = "\${SKIN_NAME:colibris}";
    skinVariants = "\${SKIN_VARIANTS:super-light-toolbar super-light-editor light-background}";
    ip = "\${IP:0.0.0.0}";
    port = "\${PORT:9001}";
    showSettingsInAdminPage = "\${SHOW_SETTINGS_IN_ADMIN_PAGE:true}";
    enableMetrics = "\${ENABLE_METRICS:true}";
    updates.tier = "off";
    cleanup.enabled = false;
    gdprAuthorErasure.enabled = "\${GDPR_AUTHOR_ERASURE_ENABLED:false}";
    authenticationMethod = "\${AUTHENTICATION_METHOD:sso}";
    enableDarkMode = "\${ENABLE_DARK_MODE:true}";
    enablePadWideSettings = "\${ENABLE_PAD_WIDE_SETTINGS:true}";
    dbType = "\${DB_TYPE:dirty}";
    dbSettings = {
      host =       "\${DB_HOST:undefined}";
      port =       "\${DB_PORT:undefined}";
      database =   "\${DB_NAME:undefined}";
      user =       "\${DB_USER:undefined}";
      password =   "\${DB_PASS:undefined}";
      charset =    "\${DB_CHARSET:undefined}";
      filename =   "\${DB_FILENAME:var/dirty.db}";
      collection = "\${DB_COLLECTION:undefined}";
      url =        "\${DB_URL:undefined}";
    };
    defaultPadText = "\${DEFAULT_PAD_TEXT:P A D}";
    padOptions = {
      noColors =         "\${PAD_OPTIONS_NO_COLORS:false}";
      showControls =     "\${PAD_OPTIONS_SHOW_CONTROLS:true}";
      showChat =         "\${PAD_OPTIONS_SHOW_CHAT:true}";
      showLineNumbers =  "\${PAD_OPTIONS_SHOW_LINE_NUMBERS:true}";
      useMonospaceFont = "\${PAD_OPTIONS_USE_MONOSPACE_FONT:false}";
      userName =         "\${PAD_OPTIONS_USER_NAME:null}";
      userColor =        "\${PAD_OPTIONS_USER_COLOR:null}";
      rtl =              "\${PAD_OPTIONS_RTL:false}";
      alwaysShowChat =   "\${PAD_OPTIONS_ALWAYS_SHOW_CHAT:false}";
      chatAndUsers =     "\${PAD_OPTIONS_CHAT_AND_USERS:false}";
      lang =             "\${PAD_OPTIONS_LANG:null}";
      fadeInactiveAuthorColors = "\${PAD_OPTIONS_FADE_INACTIVE_AUTHOR_COLORS:true}";
      enforceReadableAuthorColors = "\${PAD_OPTIONS_ENFORCE_READABLE_AUTHOR_COLORS:true}";
    };

    requireSession = "\${REQUIRE_SESSION:false}";
    editOnly = "\${EDIT_ONLY:false}";
    minify = "\${MINIFY:true}";
    requireAuthentication = "\${REQUIRE_AUTHENTICATION:false}";
    requireAuthorization = "\${REQUIRE_AUTHORIZATION:false}";
    trustProxy = "\${TRUST_PROXY:true}";
    ep_headerauth.username_header = "X-authentik-username";
    users.admin = {
      password = "\${ADMIN_PASSWORD:null}";
      is_admin = true;
    };
    socketTransportProtocols = ["websocket" "polling"];
    socketIo.maxHttpBufferSize = "\${SOCKETIO_MAX_HTTP_BUFFER_SIZE:1000000}";
    indentationOnNewLine = true;

    loglevel = "\${LOGLEVEL:INFO}";
    lowerCasePadIds = "\${LOWER_CASE_PAD_IDS:true}";
  });
  image = pkgs.dockerTools.streamLayeredImage {
    name = "etherpad";
    tag = etherpad_exe.version;
    contents = with pkgs;[cacert tzdata bash coreutils curl settings ];
    fakeRootCommands = ''
      mkdir -p ./var/lib/etherpad
      chown -R 1000:1000 ./var/lib/etherpad
      mkdir -p ./tmp
      chmod 1777 ./tmp
    '';
    config = {
      Cmd = [ "${etherpad_exe}/bin/etherpad-lite" "--settings" "/etc/etherpad/settings.json" ];
      User = "1000:1000";
      WorkingDir = "/var/lib/etherpad";
      ExposedPorts = { "${toString containerCfg.port}/tcp" = {}; };
      Env = [
        "NODE_ENV=production"
        "HOME=/opt/etherpad-lite/var"
        "DB_FILENAME=/opt/etherpad-lite/var/dirty.db"
      ];

    };
  };
in {
  paths = [{
    path="${serverCfg.configPath}/etherpad/data";
    owner = "1000:1000";
    mode = "0755";
  }{
    path="${serverCfg.configPath}/etherpad/APIKEY.txt";
    owner = "1000:1000";
    mode = "0755";
    backup = true;
  }];

  containers = {
    server = builder.mkContainer {
      subdomain = containerCfg.subdomain;
      imageStream = image;
      port = containerCfg.port;
      ip = containerCfg.ip;
      secret = name;
      extraEnv = {
        TITLE = "Pad";
        PORT = toString containerCfg.port;
        DB_TYPE = "postgres";
        DB_HOST = builder.host;
        DB_NAME = "etherpad_db";
        DB_USER = "etherpad_user";
        TRUST_PROXY = "true";
        DB_CHARSET = "utf8mb4";
        DEFAULT_PAD_TEXT = "";
        PAD_OPTIONS_SHOW_LINE_NUMBERS = "true";
        PAD_OPTIONS_USE_MONOSPACE_FONT = "true";
        SKIN_VARIANTS = "super-dark-toolbar light-editor dark-background";
      };
      extraLabels = {
        "traefik.http.routers.${containerCfg.subdomain}.middlewares" = "authentik";
      };
      overrides = {
        volumes = [
          "${serverCfg.configPath}/etherpad/data:/opt/etherpad-lite/var"
          "${serverCfg.configPath}/etherpad/APIKEY.txt:/opt/etherpad-lite/APIKEY.txt"
        ];
      };
    };
  };
}