From 26e23c69b9cf343626f38674fe0dd6a95b6d3910 Mon Sep 17 00:00:00 2001
From: matt1432 <matt@nelim.org>
Date: Fri, 17 Jan 2025 15:52:25 -0500
Subject: [PATCH] feat(nos): setup couchdb for obsidian

---
 configurations/nos/modules/default.nix        |   8 ++-
 .../nos/modules/obsidian-livesync/default.nix |  57 ++++++++++++++++++
 flake.lock                                    | Bin 55607 -> 55607 bytes
 3 files changed, 62 insertions(+), 3 deletions(-)
 create mode 100644 configurations/nos/modules/obsidian-livesync/default.nix

diff --git a/configurations/nos/modules/default.nix b/configurations/nos/modules/default.nix
index c5071451..613d5215 100644
--- a/configurations/nos/modules/default.nix
+++ b/configurations/nos/modules/default.nix
@@ -3,11 +3,13 @@
     ./docker
     ./homepage
     ./jellyfin
-    ./qbittorrent
-    # FIXME: I need to actually do this properly before unleashing it on my library
-    # ./subtitles
     ./llm
     ./mergerfs
+    ./obsidian-livesync
+    ./qbittorrent
     ./snapraid
+
+    # FIXME: I need to actually do this properly before unleashing it on my library
+    # ./subtitles
   ];
 }
diff --git a/configurations/nos/modules/obsidian-livesync/default.nix b/configurations/nos/modules/obsidian-livesync/default.nix
new file mode 100644
index 00000000..81937104
--- /dev/null
+++ b/configurations/nos/modules/obsidian-livesync/default.nix
@@ -0,0 +1,57 @@
+{config, ...}: {
+  # The secret that is placed here must take the following form in the
+  # unencrypted yaml for this to work as it's appended directly to the couchdb.ini
+  # configuration via systemd Env statements. The username and password are the
+  # user/pass in your livesync config in obsidian
+
+  # obsidian: |
+  #   [admins]
+  #   yourusernamehere = yourpasswordhere
+
+  sops.secrets.obsidian-livesync = {
+    owner = config.services.couchdb.user;
+    group = config.services.couchdb.group;
+    mode = "440";
+  };
+
+  services.couchdb = {
+    enable = true;
+
+    bindAddress = "0.0.0.0";
+    port = 5984;
+
+    configFile = config.sops.secrets.obsidian-livesync.path;
+
+    # https://github.com/vrtmrz/obsidian-livesync/blob/main/docs/setup_own_server.md#configure
+    extraConfig = {
+      chttpd = {
+        enable_cors = true;
+        max_http_request_size = "4294967296";
+        require_valid_user = true;
+      };
+
+      chttpd_auth = {
+        authentication_redirect = "/_utils/session.html";
+        require_valid_user = true;
+      };
+
+      cors = {
+        credentials = true;
+        headers = "accept, authorization, content-type, origin, referer";
+        max_age = "3600";
+        methods = "GET,PUT,POST,HEAD,DELETE";
+        origins = "app://obsidian.md, capacitor://localhost, http://localhost";
+      };
+
+      couchdb = {
+        max_document_size = "50000000";
+        single_node = true;
+      };
+
+      httpd = {
+        WWW-Authenticate = "Basic realm=\"couchdb\"";
+        enable_cors = true;
+      };
+    };
+  };
+}
diff --git a/flake.lock b/flake.lock
index 7d824811be56f4bf8174e603858523acbbd54248..bc2fa8bc82c352bef3361a9a9c7e91b6cb78907d 100644
GIT binary patch
delta 133
zcmV;00DAwovIDoW1F&eb2RAV^G&eFilaU!6D{5G9a8YVRPHaa*a5q9iZAVf}H&ksi
zNm*+zPH9V4W=AwpF;-G>ICe}plMcu>C}d$WH)b(oH#B55WjAFsH8nUkGc#c|IXE*k
nH#lKrGGsJ3HDx$tHj`|~7y&nvQ6LtR+$R&0%d|JMj<l&HQt>Oy

delta 132
zcmV-~0DJ$pvIDoW1F&eb1~xf3H#jqs!DAjPXLD9qLR2qTb5Ch%IWKroW>ZUdZDMY0
zFji!FcTRRhHCk_La8PJyQB-G>4#+krHDh8qG+|^hIA&#JGBr6eFfleZFf}$ZW-u{h
mVPY{hWMeloG&3+`lWfQs0XCCSAQqF{Cliy)v^TSkw5cTa)h)sR