2021-11-09 22:08:45 +01:00
|
|
|
{ config, pkgs, ... }:
|
2021-05-30 12:57:37 +02:00
|
|
|
let
|
|
|
|
|
backupLocation = "/var/lib/codimd-backup";
|
|
|
|
|
stateLocation = "/var/lib/codimd/state.sqlite";
|
2021-05-30 17:13:12 +02:00
|
|
|
nixpkgs-unstable = import <nixpkgs-unstable> {};
|
2021-12-03 12:07:51 +01:00
|
|
|
domain = "pad.kmein.de";
|
2021-05-30 12:57:37 +02:00
|
|
|
in
|
2020-10-31 20:51:25 +01:00
|
|
|
{
|
2021-05-30 12:57:37 +02:00
|
|
|
imports = [ <stockholm/krebs/3modules/permown.nix> ];
|
|
|
|
|
|
2021-11-09 22:08:45 +01:00
|
|
|
services.nginx.virtualHosts.${domain} = {
|
2020-10-31 20:51:25 +01:00
|
|
|
enableACME = true;
|
2021-11-09 22:08:45 +01:00
|
|
|
forceSSL = true;
|
|
|
|
|
locations."/" = {
|
|
|
|
|
proxyPass = "https://localhost:3091";
|
|
|
|
|
proxyWebsockets = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
security.acme.certs.${domain}.group = "hedgecert";
|
|
|
|
|
users.groups.hedgecert.members = [ "codimd" "nginx" ];
|
|
|
|
|
|
|
|
|
|
security.dhparams = {
|
|
|
|
|
enable = true;
|
|
|
|
|
params.hedgedoc = {};
|
2020-10-31 20:51:25 +01:00
|
|
|
};
|
|
|
|
|
|
2021-01-15 10:05:12 +01:00
|
|
|
services.hedgedoc = {
|
2020-10-31 20:51:25 +01:00
|
|
|
enable = true;
|
|
|
|
|
configuration = {
|
2021-11-09 22:08:45 +01:00
|
|
|
allowOrigin = [ domain ];
|
2021-05-30 10:13:34 +02:00
|
|
|
allowAnonymous = true;
|
2020-10-31 20:51:25 +01:00
|
|
|
allowGravatar = false;
|
2021-05-30 10:13:34 +02:00
|
|
|
allowFreeURL = true;
|
2020-10-31 20:51:25 +01:00
|
|
|
db = {
|
|
|
|
|
dialect = "sqlite";
|
2021-05-30 12:57:37 +02:00
|
|
|
storage = stateLocation;
|
2020-10-31 20:51:25 +01:00
|
|
|
};
|
|
|
|
|
port = 3091;
|
2021-11-09 22:08:45 +01:00
|
|
|
domain = domain;
|
|
|
|
|
useSSL = true;
|
|
|
|
|
protocolUseSSL = true;
|
|
|
|
|
sslCAPath = [ "/etc/ssl/certs/ca-certificates.crt" ];
|
|
|
|
|
sslCertPath = "/var/lib/acme/${domain}/cert.pem";
|
|
|
|
|
sslKeyPath = "/var/lib/acme/${domain}/key.pem";
|
|
|
|
|
dhParamPath = config.security.dhparams.params.hedgedoc.path;
|
2020-10-31 20:51:25 +01:00
|
|
|
};
|
|
|
|
|
};
|
2021-05-30 12:57:37 +02:00
|
|
|
|
|
|
|
|
krebs.permown.${backupLocation} = { owner = "codimd"; group = "codimd"; umask = "0002"; };
|
|
|
|
|
|
|
|
|
|
systemd.services.hedgedoc-backup = {
|
|
|
|
|
description = "Hedgedoc backup service";
|
|
|
|
|
script = ''
|
2021-05-30 17:13:12 +02:00
|
|
|
${nixpkgs-unstable.sqlite}/bin/sqlite3 -json ${stateLocation} "select shortid, alias, ownerId, content from Notes" \
|
|
|
|
|
| ${pkgs.writers.writePython3 "hedgedoc-json-to-fs.py" {} ''
|
|
|
|
|
import json
|
2021-05-30 12:57:37 +02:00
|
|
|
import pathlib
|
|
|
|
|
import sys
|
|
|
|
|
|
2021-05-30 17:13:12 +02:00
|
|
|
for note in json.load(sys.stdin):
|
|
|
|
|
user_directory = pathlib.Path()
|
|
|
|
|
if note["ownerId"]:
|
|
|
|
|
user_directory = pathlib.Path(note["ownerId"])
|
2021-05-30 12:57:37 +02:00
|
|
|
user_directory.mkdir(exist_ok=True)
|
2021-05-30 17:13:12 +02:00
|
|
|
file_path = user_directory / (
|
|
|
|
|
(note["alias"] if note["alias"] else note["shortid"]) + ".md"
|
|
|
|
|
)
|
|
|
|
|
file_path.write_text(note["content"])
|
|
|
|
|
print(f"✔ {file_path}", file=sys.stderr)
|
2021-05-30 12:57:37 +02:00
|
|
|
''}
|
|
|
|
|
'';
|
|
|
|
|
startAt = "hourly";
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
Type = "oneshot";
|
|
|
|
|
User = "codimd";
|
|
|
|
|
Group = "codimd";
|
|
|
|
|
WorkingDirectory = backupLocation;
|
|
|
|
|
};
|
|
|
|
|
};
|
2020-10-31 20:51:25 +01:00
|
|
|
}
|
