jana/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

obsidian
Some checks failed
/ lint (push) Failing after 8s
Details
/ build (push) Failing after 3h12m10s
Details

Browse source
This commit is contained in:
Jana Dönszelmann 2025-09-08 12:13:53 -07:00
parent e898c31de2
commit 00b7254d12
No known key found for this signature in database
9 changed files with 107 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.direnv/flake-profile
View file

@ -1 +1 @@
flake-profile-9-link flake-profile-10-link

1
.direnv/flake-profile-10-link Symbolic link
View file

@ -0,0 +1 @@
/nix/store/cmsv2fznjjsyg9cj2yvkaccjj2iv4r9h-nix-shell-env

1
.direnv/flake-profile-9-link
View file

@ -1 +0,0 @@
/nix/store/k88yspmzczh2hz8assh7447skldwjdw7-nix-shell-env

1
fili/services/default.nix
View file

@ -4,6 +4,7 @@ _: {
./databases.nix ./databases.nix
./matrix-synapse.nix ./matrix-synapse.nix
./forgejo.nix ./forgejo.nix
./obsidian-sync.nix
./media ./media
./websites ./websites

53
fili/services/forgejo.nix
View file

@ -1,9 +1,8 @@
{ { lib
lib, , pkgs
pkgs, , config
config, , flakes
flakes, , ...
...
}: }:
let let
cfg = config.services.forgejo; cfg = config.services.forgejo;
@ -15,23 +14,29 @@ in
key = "email_password"; key = "email_password";
format = "yaml"; format = "yaml";
}; };
users = {
users.groups.forgejo = { }; groups = {
users.users.forgejo = { forgejo = { };
isSystemUser = true; forgejo-runner = { };
group = "forgejo"; };
extraGroups = [ "storage" ]; users.forgejo = {
isSystemUser = true;
group = "forgejo";
extraGroups = [ "storage" ];
};
users.forgejo-runner = {
isSystemUser = true;
group = "forgejo-runner";
};
}; };
services.nginx = { services.nginx.virtualHosts."git.donsz.nl" = {
virtualHosts."git.donsz.nl" = { forceSSL = true;
forceSSL = true; enableACME = true;
enableACME = true; extraConfig = ''
extraConfig = '' client_max_body_size 512M;
client_max_body_size 512M; '';
''; locations."/".proxyPass = "http://[::1]:13121";
locations."/".proxyPass = "http://[::1]:13121";
};
}; };
services.forgejo = { services.forgejo = {
@ -80,12 +85,6 @@ in
mailerPasswordFile = config.sops.secrets.forgejo.path; mailerPasswordFile = config.sops.secrets.forgejo.path;
}; };
users.groups.forgejo-runner = { };
users.users.forgejo-runner = {
isSystemUser = true;
group = "forgejo-runner";
};
sops.secrets.forgejo-runner = { sops.secrets.forgejo-runner = {
sopsFile = ../../secrets/forgejo-runner.env; sopsFile = ../../secrets/forgejo-runner.env;
}; };

51
fili/services/obsidian-sync.nix Normal file
View file

@ -0,0 +1,51 @@
{ pkgs, config, ... }:
let
port = 5984;
in
{
sops.secrets.obsidian-sync = {
sopsFile = ../../secrets/obsidian-sync.ini;
format = "ini";
owner = "couchdb";
};
services.couchdb = {
enable = true;
inherit port;
package = pkgs.couchdb3;
configFile = config.sops.secrets.obsidian-sync.path;
extraConfig = {
chttpd = {
require_valid_user = true;
enable_cors = true;
max_http_request_size = 4294967296;
};
chttpd_auth.require_valid_user = true;
httpd = {
WWW-Authenticate = ''Basic realm="couchdb"'';
enable_cors = true;
};
couchdb.max_document_size = 50000000;
cors = {
credentials = true;
headers = "accept, authorization, content-type, origin, referer";
methods = "GET,PUT,POST,HEAD,DELETE";
max_age = 3600;
origins = "app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://obsidian.donsz.nl,http://obsidian.donsz.nl,https://obsidian.donsz.nl";
};
};
};
services.nginx.virtualHosts."obsidian.donsz.nl" = {
forceSSL = true;
enableACME = true;
extraConfig = ''
client_max_body_size 512M;
'';
locations."/".proxyPass = "http://localhost:${toString port}";
};
}

7
fili/services/websites/reviewqueue.nix
View file

@ -11,7 +11,8 @@
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://[::1]:3000"; proxyPass = "http://localhost:3000";
proxyWebsockets = true;
}; };
}; };
}; };
@ -20,9 +21,9 @@
description = "Review Queue"; description = "Review Queue";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; # if networking is needed after = [ "network.target" ];
restartIfChanged = true; # set to false, if restarting is problematic restartIfChanged = true;
serviceConfig = { serviceConfig = {
ExecStart = "${flakes.reviewqueue.packages.${pkgs.system}.default}/bin/reviewqueue"; ExecStart = "${flakes.reviewqueue.packages.${pkgs.system}.default}/bin/reviewqueue";

26
flake.lock generated
View file

@ -9,11 +9,11 @@
"stable": "stable" "stable": "stable"
}, },
"locked": { "locked": {
"lastModified": 1749739748, "lastModified": 1755272288,
"narHash": "sha256-csQQPoCA5iv+Nd9yCOCQNKflP7qUKEe7D27wsz+LPKM=", "narHash": "sha256-ypTPb2eKcOBbOoyvPV0j4ZOXs4kayo73/2KI456QnE0=",
"owner": "zhaofengli", "owner": "zhaofengli",
"repo": "colmena", "repo": "colmena",
"rev": "c61641b156dfa3e82fc0671e77fccf7d7ccfaa3b", "rev": "5bf4ce6a24adba74a5184f4a9bef01d545a09473",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -246,11 +246,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1746461020, "lastModified": 1750134718,
"narHash": "sha256-7+pG1I9jvxNlmln4YgnlW4o+w0TZX24k688mibiFDUE=", "narHash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3730d8a308f94996a9ba7c7138ede69c1b9ac4ae", "rev": "9e83b64f727c88a7711a2c463a7b16eedb69a84c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -342,11 +342,11 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1751104741, "lastModified": 1757345582,
"narHash": "sha256-xPlVbk6WlgTzDvWFRyzvXMdh/ZFLEOTCQik18wg5AFQ=", "narHash": "sha256-HnJYHM9zCVV5Avil6/IPw1m1s2vLd+fmFN7VR/UkidA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e6117712d8b930e3aa8cf77b4816a3f0a88b3637", "rev": "49a25608bff9b2add8edcee8ff92dda38909e671",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -491,16 +491,16 @@
}, },
"stable": { "stable": {
"locked": { "locked": {
"lastModified": 1746557022, "lastModified": 1750133334,
"narHash": "sha256-QkNoyEf6TbaTW5UZYX0OkwIJ/ZMeKSSoOMnSDPQuol0=", "narHash": "sha256-urV51uWH7fVnhIvsZIELIYalMYsyr2FCalvlRTzqWRw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "1d3aeb5a193b9ff13f63f4d9cc169fb88129f860", "rev": "36ab78dab7da2e4e27911007033713bab534187b",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-24.11", "ref": "nixos-25.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }

10
secrets/obsidian-sync.ini Normal file
View file

@ -0,0 +1,10 @@
[admins]
admin = ENC[AES256_GCM,data:9Wedypebky9mFblWKZZOZpDCBXA=,iv:XHUSlwWzka9I7VaOrbUdCVb975RhKUyT2MuQDZa9QwU=,tag:t9SgAbFywqrcvHPIFfqd5A==,type:str]
[sops]
age__list_0__map_recipient = age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw
age__list_0__map_enc = -----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2SThmQmdObUxLQlN0ZFVk\nTUJZVHdoUTNxbWtrd3ozWXFmV1l1VjJEUUdJCjdGUDZDcmZndHlEb2I4Y25kZ1NY\nSjRYY2k5Vy9vRU5xWlQrR1FYMGY4bGsKLS0tIDY3bVZnYmRiVk5oaE5JS0dveTlP\nM3hLV3R2UktOaXd0U3FUNHJPWUZBdjgKRVDf0DnRLwmHq7ykz4bElUFJQXORA3e2\nkc5y6RU2CF36y1WFk+nMlX/nB/FPSPWD9412Lm136CNrmM354orz6g==\n-----END AGE ENCRYPTED FILE-----\n
lastmodified = 2025-09-08T22:59:22Z
mac = ENC[AES256_GCM,data:X/FNnm3v9CrI1/HW6iNRV8icNXzDGWsLrxQkNvTePGV37nUpY3hzlgMJd21/TeZMCHkRdE/1zRPjyXNUrgSwDdtEZ3CLoq1AXMMHxILWiWGcA/pM1Rn/WVfmGexCwIjw0/0XHvk6jWCPAiUUNCVJALeqlNjPqzeQFqE6VJZyqPg=,iv:7Zd91r2jgi5EEJQeiWcf2vF5AtnxibGNhEqQUzim22g=,tag:REUNXGa77Q2khYWKR7Zasg==,type:str]
unencrypted_suffix = _unencrypted
version = 3.10.2