2024-10-21 12:31:30 +07:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
lib,
|
|
|
|
pkgs,
|
|
|
|
...
|
|
|
|
}:
|
2024-09-24 11:29:00 +07:00
|
|
|
let
|
|
|
|
cfg = config.profile.services.couchdb;
|
|
|
|
inherit (lib) mkIf;
|
|
|
|
in
|
|
|
|
{
|
|
|
|
config = mkIf cfg.enable {
|
|
|
|
sops = {
|
2024-10-21 12:31:30 +07:00
|
|
|
secrets =
|
|
|
|
let
|
|
|
|
opts = {
|
|
|
|
sopsFile = ../../secrets/couchdb.yaml;
|
2024-09-24 11:29:00 +07:00
|
|
|
};
|
2024-10-21 12:31:30 +07:00
|
|
|
in
|
|
|
|
{
|
|
|
|
"couchdb/admin/username" = opts;
|
|
|
|
"couchdb/admin/password" = opts;
|
|
|
|
};
|
|
|
|
templates."couchdb.ini" = {
|
|
|
|
content = builtins.readFile (
|
|
|
|
(pkgs.formats.ini { }).generate "couchdb.ini" {
|
|
|
|
admins = {
|
|
|
|
${config.sops.placeholder."couchdb/admin/username"} =
|
|
|
|
config.sops.placeholder."couchdb/admin/password";
|
|
|
|
};
|
|
|
|
chttpd = {
|
|
|
|
require_valid_user = true;
|
|
|
|
max_http_request_size = 4294967296;
|
|
|
|
};
|
|
|
|
chttpd_auth = {
|
|
|
|
require_valid_user = true;
|
|
|
|
};
|
|
|
|
httpd = {
|
|
|
|
WWW-Authenticate = ''Basic realm="couchdb"'';
|
|
|
|
enable_cors = true;
|
|
|
|
};
|
|
|
|
couchdb = {
|
|
|
|
max_document_size = 50 * 1000 * 1000;
|
|
|
|
};
|
|
|
|
cors = {
|
|
|
|
credentials = true;
|
|
|
|
origin = "*";
|
|
|
|
};
|
|
|
|
}
|
|
|
|
);
|
2024-09-24 11:29:00 +07:00
|
|
|
owner = config.services.couchdb.user;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-11-24 21:49:24 +07:00
|
|
|
# Have to NGINX module if this gets re-enabled
|
2024-09-24 11:29:00 +07:00
|
|
|
|
|
|
|
services.couchdb = {
|
|
|
|
enable = true;
|
|
|
|
configFile = config.sops.templates."couchdb.ini".path;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|