switch to cap based home configs

2026-01-20 16:57:10 +01:00 · 2026-01-20 16:57:10 +01:00 · 49b6f5bde0
commit 49b6f5bde0
parent 50ee9aac83
64 changed files with 2064 additions and 1779 deletions
--- a/hosts/fili/services/obsidian-sync.nix
+++ b/hosts/fili/services/obsidian-sync.nix
@ -0,0 +1,56 @@
+{
+  pkgs,
+  config,
+  secrets,
+  ...
+}:
+let
+  port = 5984;
+in
+{
+  sops.secrets.obsidian-sync = {
+    sopsFile = "${secrets}/obsidian-sync.ini";
+    format = "ini";
+    owner = "couchdb";
+  };
+
+  services.couchdb = {
+    enable = true;
+    inherit port;
+    package = pkgs.couchdb3;
+    configFile = config.sops.secrets.obsidian-sync.path;
+
+    extraConfig = {
+      chttpd = {
+        require_valid_user = true;
+        enable_cors = true;
+        max_http_request_size = 4294967296;
+      };
+
+      chttpd_auth.require_valid_user = true;
+      httpd = {
+        WWW-Authenticate = ''Basic realm="couchdb"'';
+        enable_cors = true;
+      };
+
+      couchdb.max_document_size = 50000000;
+
+      cors = {
+        credentials = true;
+        headers = "accept, authorization, content-type, origin, referer";
+        methods = "GET,PUT,POST,HEAD,DELETE";
+        max_age = 3600;
+        origins = "app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://obsidian.donsz.nl,http://obsidian.donsz.nl,https://obsidian.donsz.nl";
+      };
+    };
+  };
+
+  services.nginx.virtualHosts."obsidian.donsz.nl" = {
+    forceSSL = true;
+    enableACME = true;
+    extraConfig = ''
+      client_max_body_size 512M;
+    '';
+    locations."/".proxyPass = "http://localhost:${toString port}";
+  };
+}