feat: kirčiuoklis script

configs/direnv.nix

@@ -11,8 +11,7 @@ let
       cat > shell.nix <<'EOF'
     { pkgs ? import <nixpkgs> {} }:
     pkgs.mkShell {
-      buildInputs = with pkgs; [];
-      shellHook = "export HISTFILE=''${toString ./.history}";
+      buildInputs = [];
     }
     EOF
       ''${EDITOR:-vim} shell.nix

configs/fonts.nix

@@ -5,6 +5,8 @@
     enableDefaultFonts = true;
     fontDir.enable = true;
     fonts = with pkgs; [
+      alegreya
+      alegreya-sans
       corefonts
       eb-garamond
       fira

configs/hedgedoc.nix

@@ -1,25 +1,34 @@
-{ pkgs, ... }:
+{ config, pkgs, ... }:
 let
   backupLocation = "/var/lib/codimd-backup";
   stateLocation = "/var/lib/codimd/state.sqlite";
   nixpkgs-unstable = import <nixpkgs-unstable> {};
+  domain = "pad.xn--kiern-0qa.de";
 in
 {
   imports = [ <stockholm/krebs/3modules/permown.nix> ];
 
-  services.nginx.virtualHosts."pad.xn--kiern-0qa.de" = {
+  services.nginx.virtualHosts.${domain} = {
     enableACME = true;
-    addSSL = true;
-    locations."/".extraConfig = ''
-      client_max_body_size 4G;
-      proxy_set_header Host $host;
-      proxy_pass http://localhost:3091;
-    '';
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "https://localhost:3091";
+      proxyWebsockets = true;
+    };
+  };
+
+  security.acme.certs.${domain}.group = "hedgecert";
+  users.groups.hedgecert.members = [ "codimd" "nginx" ];
+
+  security.dhparams = {
+    enable = true;
+    params.hedgedoc = {};
   };
 
   services.hedgedoc = {
     enable = true;
     configuration = {
+      allowOrigin = [ domain ];
       allowAnonymous = true;
       allowGravatar = false;
       allowFreeURL = true;
@@ -28,6 +37,13 @@ in
         storage = stateLocation;
       };
       port = 3091;
+      domain = domain;
+      useSSL = true;
+      protocolUseSSL = true;
+      sslCAPath = [ "/etc/ssl/certs/ca-certificates.crt" ];
+      sslCertPath = "/var/lib/acme/${domain}/cert.pem";
+      sslKeyPath = "/var/lib/acme/${domain}/key.pem";
+      dhParamPath = config.security.dhparams.params.hedgedoc.path;
     };
   };
 

configs/networkmanager.nix

@@ -49,6 +49,8 @@ in
     profiles = lib.mapAttrs profile {
       Aether = {
         connection.uuid = "7138bb0f-1aeb-4905-890e-a6628427aa21";
+        ipv6.addr-gen-mode = "stable";
+        wifi.cloned-mac-address = "stable";
         wifi-security = {
           psk = lib.strings.fileContents <secrets/wifi/Aether.psk>;
           auth-alg = "open";

configs/packages/default.nix

@@ -125,6 +125,7 @@ in {
     scripts.scanned
     scripts.default-gateway
     scripts.showkeys-toggle
+    scripts.kirciuoklis
     scripts.favicon
     scripts.ipa # XSAMPA to IPA converter
     scripts.playlist

packages/scripts/default.nix

@@ -106,6 +106,12 @@ in rec {
     name = "meteo";
   };
 
+  kirciuoklis = wrapScript {
+    packages = [ pkgs.curl pkgs.jq ];
+    script = ./kirciuoklis.sh;
+    name = "kirciuoklis";
+  };
+
   booksplit = wrapScript {
     packages = [ pkgs.ffmpeg tag pkgs.glibc.bin ];
     script = "${voidrice}/.local/bin/booksplit";

packages/scripts/kirciuoklis.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+curl -sSL 'https://kalbu.vdu.lt/wp-admin/admin-ajax.php' -F action=text_accents -F body="$(cat)" \
+  | jq -r .message \
+  | if [ "$1" = "--json" ]
+    then jq .textParts
+    else jq -r '
+      .textParts
+      | map(if has("accented") then .accented else .string end)
+      | join("")
+    '
+    fi