kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-16 10:11:08 +01:00
Code Releases Activity
Files
98cf188a1769103db4df4587e6dbb0434fc0fedf
niveum/systems/makanek/hedgedoc.nix

93 lines
2.4 KiB
Nix
Raw Blame History

{
config,
pkgs,
...
}: let
backupLocation = "/var/lib/codimd-backup";
stateLocation = "/var/lib/codimd/state.sqlite";
nixpkgs-unstable = import <nixpkgs-unstable> {};
domain = "pad.kmein.de";
inherit (import <niveum/lib>) tmpfilesConfig;
in {
services.nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "https://localhost:3091";
proxyWebsockets = true;
};
};
security.acme.certs.${domain}.group = "hedgecert";
users.groups.hedgecert.members = ["codimd" "nginx"];
security.dhparams = {
enable = true;
params.hedgedoc = {};
};
services.hedgedoc = {
enable = true;
configuration = {
allowOrigin = [domain];
allowAnonymous = true;
allowGravatar = false;
allowFreeURL = true;
db = {
dialect = "sqlite";
storage = stateLocation;
};
port = 3091;
domain = domain;
useSSL = true;
protocolUseSSL = true;
sslCAPath = ["/etc/ssl/certs/ca-certificates.crt"];
sslCertPath = "/var/lib/acme/${domain}/cert.pem";
sslKeyPath = "/var/lib/acme/${domain}/key.pem";
dhParamPath = config.security.dhparams.params.hedgedoc.path;
};
};
systemd.tmpfiles.rules = [
(tmpfilesConfig {
user = "codimd";
group = "codimd";
mode = "0755";
type = "d";
path = backupLocation;
})
];
systemd.services.hedgedoc-backup = {
description = "Hedgedoc backup service";
script = ''
${nixpkgs-unstable.sqlite}/bin/sqlite3 -json ${stateLocation} "select shortid, alias, ownerId, content from Notes" \
| ${
pkgs.writers.writePython3 "hedgedoc-json-to-fs.py" {} ''
import json
import pathlib
import sys
for note in json.load(sys.stdin):
user_directory = pathlib.Path()
if note["ownerId"]:
user_directory = pathlib.Path(note["ownerId"])
user_directory.mkdir(exist_ok=True)
file_path = user_directory / (
(note["alias"] if note["alias"] else note["shortid"]) + ".md"
)
file_path.write_text(note["content"])
print(f" {file_path}", file=sys.stderr)
''
}
'';
startAt = "hourly";
serviceConfig = {
Type = "oneshot";
User = "codimd";
Group = "codimd";
WorkingDirectory = backupLocation;
};
};
}
View Git Blame Copy Permalink