feat(nos): setup couchdb for obsidian

2025-01-17 15:52:25 -05:00 · 2025-01-17 15:52:25 -05:00 · 26e23c69b9
commit 26e23c69b9
parent 8326399b80
3 changed files with 66 additions and 7 deletions
--- a/configurations/nos/modules/default.nix
+++ b/configurations/nos/modules/default.nix
@ -3,11 +3,13 @@
    ./docker
    ./homepage
    ./jellyfin
-    ./qbittorrent
-    # FIXME: I need to actually do this properly before unleashing it on my library
-    # ./subtitles
    ./llm
    ./mergerfs
+    ./obsidian-livesync
+    ./qbittorrent
    ./snapraid
+
+    # FIXME: I need to actually do this properly before unleashing it on my library
+    # ./subtitles
  ];
 }
--- a/configurations/nos/modules/obsidian-livesync/default.nix
+++ b/configurations/nos/modules/obsidian-livesync/default.nix
@ -0,0 +1,57 @@
+{config, ...}: {
+  # The secret that is placed here must take the following form in the
+  # unencrypted yaml for this to work as it's appended directly to the couchdb.ini
+  # configuration via systemd Env statements. The username and password are the
+  # user/pass in your livesync config in obsidian
+
+  # obsidian: |
+  #   [admins]
+  #   yourusernamehere = yourpasswordhere
+
+  sops.secrets.obsidian-livesync = {
+    owner = config.services.couchdb.user;
+    group = config.services.couchdb.group;
+    mode = "440";
+  };
+
+  services.couchdb = {
+    enable = true;
+
+    bindAddress = "0.0.0.0";
+    port = 5984;
+
+    configFile = config.sops.secrets.obsidian-livesync.path;
+
+    # https://github.com/vrtmrz/obsidian-livesync/blob/main/docs/setup_own_server.md#configure
+    extraConfig = {
+      chttpd = {
+        enable_cors = true;
+        max_http_request_size = "4294967296";
+        require_valid_user = true;
+      };
+
+      chttpd_auth = {
+        authentication_redirect = "/_utils/session.html";
+        require_valid_user = true;
+      };
+
+      cors = {
+        credentials = true;
+        headers = "accept, authorization, content-type, origin, referer";
+        max_age = "3600";
+        methods = "GET,PUT,POST,HEAD,DELETE";
+        origins = "app://obsidian.md, capacitor://localhost, http://localhost";
+      };
+
+      couchdb = {
+        max_document_size = "50000000";
+        single_node = true;
+      };
+
+      httpd = {
+        WWW-Authenticate = "Basic realm=\"couchdb\"";
+        enable_cors = true;
+      };
+    };
+  };
+}
--- a/flake.lock
+++ b/flake.lock
@ -1721,11 +1721,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1736987830,
-        "narHash": "sha256-gsVXBT/WsOij9/xQfSKwmbnl0VdywNvD5ZokpPhhQTg=",
+        "lastModified": 1737144729,
+        "narHash": "sha256-jXppQjDNlGCp7BBmGRL7Tm3IYk/NiKVfG4Q1VRq8vL8=",
        "ref": "refs/heads/main",
-        "rev": "5cb94ad18fed259201660562f01cab16dc73430c",
-        "revCount": 86,
+        "rev": "da27f1c74d5e7e4558633a5983478ad2d485e8d6",
+        "revCount": 87,
        "type": "git",
        "url": "ssh://git@git.nelim.org/matt1432/nixos-secrets"
      },