From 4d706beb5d82dbdf1c0152c48607b04acd5b99ee Mon Sep 17 00:00:00 2001
From: Jacob Bachmann <jacob.bachmann@posteo.de>
Date: Sun, 12 Oct 2025 17:16:12 +0200
Subject: [PATCH] feat(MOMO): add hedgedoc

---
 hosts/MOMO/services/default.nix    |  1 +
 hosts/MOMO/services/hedgedoc.nix   | 26 ++++++++++++++++++++++++++
 hosts/MOMO/services/postgresql.nix | 11 ++++++++---
 3 files changed, 35 insertions(+), 3 deletions(-)
 create mode 100644 hosts/MOMO/services/hedgedoc.nix

diff --git a/hosts/MOMO/services/default.nix b/hosts/MOMO/services/default.nix
index 07404a9..5850265 100644
--- a/hosts/MOMO/services/default.nix
+++ b/hosts/MOMO/services/default.nix
@@ -1,6 +1,7 @@
 {
   imports = [
     ./acme.nix
+    ./hedgedoc.nix
     ./miniflux.nix
     ./nginx.nix
     ./postgresql.nix
diff --git a/hosts/MOMO/services/hedgedoc.nix b/hosts/MOMO/services/hedgedoc.nix
new file mode 100644
index 0000000..ef5eb51
--- /dev/null
+++ b/hosts/MOMO/services/hedgedoc.nix
@@ -0,0 +1,26 @@
+{ config, ... }: {
+
+  services.hedgedoc = {
+    enable = true;
+    settings = {
+      port = 8009;
+      host = "127.0.0.1";
+      allowOrigin =
+        [ "localhost" "127.0.0.1" "hedgedoc.dryb.org" "md.dryb.org" ];
+      allowGravatar = true;
+      db = {
+        username = "hedgedoc";
+        database = "hedgedoc";
+        host = "postgresql:///hedgedoc";
+        dialect = "postgresql";
+      };
+      allowAnonymous = false;
+      allowAnonymousEdits = false;
+      allowFreeURL = true;
+      requireFreeURLAuthentication = true;
+      email = true;
+      allowEmailRegister = true;
+    };
+  };
+
+}
diff --git a/hosts/MOMO/services/postgresql.nix b/hosts/MOMO/services/postgresql.nix
index d56e571..82083e6 100644
--- a/hosts/MOMO/services/postgresql.nix
+++ b/hosts/MOMO/services/postgresql.nix
@@ -1,26 +1,31 @@
-{ ... }:
-{
+{ ... }: {
 
   services.postgresql = {
     enable = true;
-    ensureDatabases = [ "vaultwarden" ];
+    ensureDatabases = [ "vaultwarden" "hedgedoc" ];
 
     ensureUsers = [
       {
         name = "vaultwarden";
         ensureDBOwnership = true;
       }
+      {
+        name = "hedgedoc";
+        ensureDBOwnership = true;
+      }
     ];
 
     # type   database     DBuser  auth-method  mapping
     authentication = ''
       local  all          postgres  peer
       local  vaultwarden  all       ident        map=vaultwarden-users
+      local  hedgedoc     all       ident        map=hedgedoc-users
     '';
 
     # name               sysuser        dbuser
     identMap = ''
       vaultwarden-users  vaultwarden    vaultwarden
+      hedgedoc-users     hedgedoc       hedgedoc
     '';
   };