systems/makanek/hedgedoc.nix

{
  config,
  pkgs,
  lib,
  ...
}:
let
  backupLocation = "/var/lib/codimd-backup";
  stateLocation = "/var/lib/codimd/state.sqlite";
  domain = "pad.kmein.de";
in
{
  services.nginx.virtualHosts.${domain} = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "https://localhost:3091";
      proxyWebsockets = true;
    };
  };

  security.acme.certs.${domain}.group = "hedgecert";
  users.groups.hedgecert.members = [
    "codimd"
    "nginx"
  ];

  security.dhparams = {
    enable = true;
    params.hedgedoc = { };
  };

  services.hedgedoc = {
    enable = true;
    settings = {
      allowOrigin = [ domain ];
      allowAnonymous = true;
      allowGravatar = false;
      allowFreeURL = true;
      db = {
        dialect = "sqlite";
        storage = stateLocation;
      };
      port = 3091;
      domain = domain;
      useSSL = true;
      protocolUseSSL = true;
      sslCAPath = [ "/etc/ssl/certs/ca-certificates.crt" ];
      sslCertPath = "/var/lib/acme/${domain}/cert.pem";
      sslKeyPath = "/var/lib/acme/${domain}/key.pem";
      dhParamPath = config.security.dhparams.params.hedgedoc.path;
    };
  };

  niveum.passport.services = [
    {
      title = "Hedgedoc";
      link = "https://${domain}";
      description = "lets you collaborate on Markdown documents.";
    }
  ];

  systemd.tmpfiles.rules = [
    (pkgs.lib.niveum.tmpfilesConfig {
      user = "codimd";
      group = "codimd";
      mode = "0755";
      type = "d";
      path = backupLocation;
    })
  ];

  systemd.services.hedgedoc-backup = {
    description = "Hedgedoc backup service";
    script = ''
      ${pkgs.sqlite}/bin/sqlite3 -json ${stateLocation} "select shortid, alias, ownerId, content from Notes" \
      | ${
        pkgs.writers.writePython3 "hedgedoc-json-to-fs.py" { } ''
          import json
          import pathlib
          import sys

          for note in json.load(sys.stdin):
              user_directory = pathlib.Path()
              if note["ownerId"]:
                  user_directory = pathlib.Path(note["ownerId"])
                  user_directory.mkdir(exist_ok=True)
              file_path = user_directory / (
                  (note["alias"] if note["alias"] else note["shortid"]) + ".md"
              )
              file_path.write_text(note["content"])
              print(f"✔ {file_path}", file=sys.stderr)
        ''
      }
    '';
    startAt = "hourly";
    serviceConfig = {
      Type = "oneshot";
      User = "codimd";
      Group = "codimd";
      WorkingDirectory = backupLocation;
    };
  };
}
chore: format with alejandra 2022-03-10 21:52:12 +01:00			`{`
			`config,`
			`pkgs,`
remove specialArgs niveum and niveumLib, add overlay 2025-12-25 14:00:03 +01:00			`lib,`
chore: format with alejandra 2022-03-10 21:52:12 +01:00			`...`
format 2025-12-27 22:22:54 +01:00			`}:`
			`let`
feat(hedgedoc): add backup script 2021-05-30 12:57:37 +02:00			`backupLocation = "/var/lib/codimd-backup";`
			`stateLocation = "/var/lib/codimd/state.sqlite";`
feat: kierán.de -> kmein.de 2021-12-03 12:07:51 +01:00			`domain = "pad.kmein.de";`
format 2025-12-27 22:22:54 +01:00			`in`
			`{`
fix(hedgedoc): serve ssl correctly 2021-11-09 22:08:45 +01:00			`services.nginx.virtualHosts.${domain} = {`
feat(makanek): host codimd, nextcloud 2020-10-31 20:51:25 +01:00			`enableACME = true;`
fix(hedgedoc): serve ssl correctly 2021-11-09 22:08:45 +01:00			`forceSSL = true;`
			`locations."/" = {`
			`proxyPass = "https://localhost:3091";`
			`proxyWebsockets = true;`
			`};`
			`};`

			`security.acme.certs.${domain}.group = "hedgecert";`
format 2025-12-27 22:22:54 +01:00			`users.groups.hedgecert.members = [`
			`"codimd"`
			`"nginx"`
			`];`
fix(hedgedoc): serve ssl correctly 2021-11-09 22:08:45 +01:00
			`security.dhparams = {`
			`enable = true;`
format 2025-12-27 22:22:54 +01:00			`params.hedgedoc = { };`
feat(makanek): host codimd, nextcloud 2020-10-31 20:51:25 +01:00			`};`

fix: codimd -> hedgedoc 2021-01-15 10:05:12 +01:00			`services.hedgedoc = {`
feat(makanek): host codimd, nextcloud 2020-10-31 20:51:25 +01:00			`enable = true;`
feat: update to 22.11 2022-12-01 13:39:16 +01:00			`settings = {`
format 2025-12-27 22:22:54 +01:00			`allowOrigin = [ domain ];`
fix(hedgedoc): reset state 2021-05-30 10:13:34 +02:00			`allowAnonymous = true;`
feat(makanek): host codimd, nextcloud 2020-10-31 20:51:25 +01:00			`allowGravatar = false;`
fix(hedgedoc): reset state 2021-05-30 10:13:34 +02:00			`allowFreeURL = true;`
feat(makanek): host codimd, nextcloud 2020-10-31 20:51:25 +01:00			`db = {`
			`dialect = "sqlite";`
feat(hedgedoc): add backup script 2021-05-30 12:57:37 +02:00			`storage = stateLocation;`
feat(makanek): host codimd, nextcloud 2020-10-31 20:51:25 +01:00			`};`
			`port = 3091;`
fix(hedgedoc): serve ssl correctly 2021-11-09 22:08:45 +01:00			`domain = domain;`
			`useSSL = true;`
			`protocolUseSSL = true;`
format 2025-12-27 22:22:54 +01:00			`sslCAPath = [ "/etc/ssl/certs/ca-certificates.crt" ];`
fix(hedgedoc): serve ssl correctly 2021-11-09 22:08:45 +01:00			`sslCertPath = "/var/lib/acme/${domain}/cert.pem";`
			`sslKeyPath = "/var/lib/acme/${domain}/key.pem";`
			`dhParamPath = config.security.dhparams.params.hedgedoc.path;`
feat(makanek): host codimd, nextcloud 2020-10-31 20:51:25 +01:00			`};`
			`};`
feat(hedgedoc): add backup script 2021-05-30 12:57:37 +02:00
feat(passport): init for makanek 2022-05-22 11:47:59 +02:00			`niveum.passport.services = [`
			`{`
			`title = "Hedgedoc";`
			`link = "https://${domain}";`
			`description = "lets you collaborate on Markdown documents.";`
			`}`
			`];`

feat: use more tmpfiles.d 2022-04-10 19:38:41 +02:00			`systemd.tmpfiles.rules = [`
remove specialArgs niveum and niveumLib, add overlay 2025-12-25 14:00:03 +01:00			`(pkgs.lib.niveum.tmpfilesConfig {`
feat: use more tmpfiles.d 2022-04-10 19:38:41 +02:00			`user = "codimd";`
			`group = "codimd";`
			`mode = "0755";`
			`type = "d";`
			`path = backupLocation;`
			`})`
			`];`
feat(hedgedoc): add backup script 2021-05-30 12:57:37 +02:00
			`systemd.services.hedgedoc-backup = {`
			`description = "Hedgedoc backup service";`
			`script = ''`
chore(hedgedoc): we can use stable sqlite 2022-05-24 11:10:36 +02:00			`${pkgs.sqlite}/bin/sqlite3 -json ${stateLocation} "select shortid, alias, ownerId, content from Notes" \`
chore: format with alejandra 2022-03-10 21:52:12 +01:00			`\| ${`
format 2025-12-27 22:22:54 +01:00			`pkgs.writers.writePython3 "hedgedoc-json-to-fs.py" { } ''`
chore: format with alejandra 2022-03-10 21:52:12 +01:00			`import json`
			`import pathlib`
			`import sys`
feat(hedgedoc): add backup script 2021-05-30 12:57:37 +02:00
chore: format with alejandra 2022-03-10 21:52:12 +01:00			`for note in json.load(sys.stdin):`
			`user_directory = pathlib.Path()`
			`if note["ownerId"]:`
			`user_directory = pathlib.Path(note["ownerId"])`
			`user_directory.mkdir(exist_ok=True)`
			`file_path = user_directory / (`
			`(note["alias"] if note["alias"] else note["shortid"]) + ".md"`
			`)`
			`file_path.write_text(note["content"])`
			`print(f"✔ {file_path}", file=sys.stderr)`
			`''`
			`}`
feat(hedgedoc): add backup script 2021-05-30 12:57:37 +02:00			`'';`
			`startAt = "hourly";`
			`serviceConfig = {`
			`Type = "oneshot";`
			`User = "codimd";`
			`Group = "codimd";`
			`WorkingDirectory = backupLocation;`
			`};`
			`};`
feat(makanek): host codimd, nextcloud 2020-10-31 20:51:25 +01:00			`}`