obsidian

2025-09-08 12:13:53 -07:00 · 2025-09-08 12:13:53 -07:00 · 00b7254d12
commit 00b7254d12
parent e898c31de2
9 changed files with 107 additions and 45 deletions
--- a/fili/services/default.nix
+++ b/fili/services/default.nix
@ -4,6 +4,7 @@ _: {
    ./databases.nix
    ./matrix-synapse.nix
    ./forgejo.nix
+    ./obsidian-sync.nix

    ./media
    ./websites
--- a/fili/services/forgejo.nix
+++ b/fili/services/forgejo.nix
@ -1,9 +1,8 @@
-{
-  lib,
-  pkgs,
-  config,
-  flakes,
-  ...
+{ lib
+, pkgs
+, config
+, flakes
+, ...
 }:
 let
  cfg = config.services.forgejo;
@ -15,23 +14,29 @@ in
    key = "email_password";
    format = "yaml";
  };
-
-  users.groups.forgejo = { };
-  users.users.forgejo = {
-    isSystemUser = true;
-    group = "forgejo";
-    extraGroups = [ "storage" ];
+  users = {
+    groups = {
+      forgejo = { };
+      forgejo-runner = { };
+    };
+    users.forgejo = {
+      isSystemUser = true;
+      group = "forgejo";
+      extraGroups = [ "storage" ];
+    };
+    users.forgejo-runner = {
+      isSystemUser = true;
+      group = "forgejo-runner";
+    };
  };

-  services.nginx = {
-    virtualHosts."git.donsz.nl" = {
-      forceSSL = true;
-      enableACME = true;
-      extraConfig = ''
-        client_max_body_size 512M;
-      '';
-      locations."/".proxyPass = "http://[::1]:13121";
-    };
+  services.nginx.virtualHosts."git.donsz.nl" = {
+    forceSSL = true;
+    enableACME = true;
+    extraConfig = ''
+      client_max_body_size 512M;
+    '';
+    locations."/".proxyPass = "http://[::1]:13121";
  };

  services.forgejo = {
@ -80,12 +85,6 @@ in
    mailerPasswordFile = config.sops.secrets.forgejo.path;
  };

-  users.groups.forgejo-runner = { };
-  users.users.forgejo-runner = {
-    isSystemUser = true;
-    group = "forgejo-runner";
-  };
-
  sops.secrets.forgejo-runner = {
    sopsFile = ../../secrets/forgejo-runner.env;
  };
--- a/fili/services/obsidian-sync.nix
+++ b/fili/services/obsidian-sync.nix
@ -0,0 +1,51 @@
+{ pkgs, config, ... }:
+let
+  port = 5984;
+in
+{
+  sops.secrets.obsidian-sync = {
+    sopsFile = ../../secrets/obsidian-sync.ini;
+    format = "ini";
+    owner = "couchdb";
+  };
+
+  services.couchdb = {
+    enable = true;
+    inherit port;
+    package = pkgs.couchdb3;
+    configFile = config.sops.secrets.obsidian-sync.path;
+
+    extraConfig = {
+      chttpd = {
+        require_valid_user = true;
+        enable_cors = true;
+        max_http_request_size = 4294967296;
+      };
+
+      chttpd_auth.require_valid_user = true;
+      httpd = {
+        WWW-Authenticate = ''Basic realm="couchdb"'';
+        enable_cors = true;
+      };
+
+      couchdb.max_document_size = 50000000;
+
+      cors = {
+        credentials = true;
+        headers = "accept, authorization, content-type, origin, referer";
+        methods = "GET,PUT,POST,HEAD,DELETE";
+        max_age = 3600;
+        origins = "app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://obsidian.donsz.nl,http://obsidian.donsz.nl,https://obsidian.donsz.nl";
+      };
+    };
+  };
+
+  services.nginx.virtualHosts."obsidian.donsz.nl" = {
+    forceSSL = true;
+    enableACME = true;
+    extraConfig = ''
+      client_max_body_size 512M;
+    '';
+    locations."/".proxyPass = "http://localhost:${toString port}";
+  };
+}
--- a/fili/services/websites/reviewqueue.nix
+++ b/fili/services/websites/reviewqueue.nix
@ -11,7 +11,8 @@
      enableACME = true;

      locations."/" = {
-        proxyPass = "http://[::1]:3000";
+        proxyPass = "http://localhost:3000";
+        proxyWebsockets = true;
      };
    };
  };
@ -20,9 +21,9 @@
    description = "Review Queue";

    wantedBy = [ "multi-user.target" ];
-    after = [ "network.target" ]; # if networking is needed
+    after = [ "network.target" ];

-    restartIfChanged = true; # set to false, if restarting is problematic
+    restartIfChanged = true;

    serviceConfig = {
      ExecStart = "${flakes.reviewqueue.packages.${pkgs.system}.default}/bin/reviewqueue";