From e93e5564df316b44c5616a40e72be52c01d5ce36 Mon Sep 17 00:00:00 2001 From: Tigor Hutasuhut Date: Tue, 24 Sep 2024 11:29:00 +0700 Subject: [PATCH] couchdb: added --- flake.lock | 124 +++++++++++++++++++----------------- options/services.nix | 2 + profiles/homeserver.nix | 1 + secrets/couchdb.yaml | 24 +++++++ system/services/couchdb.nix | 50 +++++++++++++++ system/services/default.nix | 1 + 6 files changed, 144 insertions(+), 58 deletions(-) create mode 100644 secrets/couchdb.yaml create mode 100644 system/services/couchdb.nix diff --git a/flake.lock b/flake.lock index 383b8bc..bff18dc 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ ] }, "locked": { - "lastModified": 1725199881, - "narHash": "sha256-jsmipf/u1GFZE5tBUkr56CHMN6VpUWCAjfLIhvQijU0=", + "lastModified": 1726665257, + "narHash": "sha256-rEzEZtd3iyVo5RJ1OGujOlnywNf3gsrOnjAn1NLciD4=", "owner": "hyprwm", "repo": "aquamarine", - "rev": "f8a687dd29ff019657498f1bd14da2fbbf0e604b", + "rev": "752d0fbd141fabb5a1e7f865199b80e6e76f8d8e", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1725234343, - "narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=", + "lastModified": 1726153070, + "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "567b938d64d4b4112ee253b9274472dc3a346eb6", + "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", "type": "github" }, "original": { @@ -121,11 +121,11 @@ ] }, "locked": { - "lastModified": 1725513492, - "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=", + "lastModified": 1726745158, + "narHash": "sha256-D5AegvGoEjt4rkKedmxlSEmC+nNLMBPWFxvmYnVLhjk=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "7570de7b9b504cfe92025dd1be797bf546f66528", + "rev": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74", "type": "github" }, "original": { @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1725703823, - "narHash": "sha256-tDgM4d8mLK0Hd6YMB2w1BqMto1XBXADOzPEaLl10VI4=", + "lastModified": 1726989464, + "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "owner": "nix-community", "repo": "home-manager", - "rev": "208df2e558b73b6a1f0faec98493cb59a25f62ba", + "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "type": "github" }, "original": { @@ -240,11 +240,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1725913740, - "narHash": "sha256-Fa3hcydGj16itZx7Q8zWfRUz6WZus+ZBXYHj8qAYIuM=", + "lastModified": 1727106019, + "narHash": "sha256-BkxhOjX7+omS+EivXGjrPTMJGbajLPQ00ELTwqmuJLU=", "ref": "refs/heads/main", - "rev": "8237d7e1a4994f70636b2e91584775308f24a584", - "revCount": 5206, + "rev": "508bde1f61b1264c9621b937657088f09f318ce0", + "revCount": 5248, "submodules": true, "type": "git", "url": "https://github.com/hyprwm/Hyprland" @@ -318,11 +318,11 @@ ] }, "locked": { - "lastModified": 1725188252, - "narHash": "sha256-yBH8c4GDaEAtBrh+BqIlrx5vp6gG/Gu8fQQK63KAQgs=", + "lastModified": 1725997860, + "narHash": "sha256-d/rZ/fHR5l1n7PeyLw0StWMNLXVU9c4HFyfskw568so=", "owner": "hyprwm", "repo": "hyprlang", - "rev": "c12ab785ce1982f82594aff03b3104c598186ddd", + "rev": "dfeb5811dd6485490cce18d6cc1e38a055eea876", "type": "github" }, "original": { @@ -343,11 +343,11 @@ ] }, "locked": { - "lastModified": 1724966483, - "narHash": "sha256-WXDgKIbzjYKczxSZOsJplCS1i1yrTUpsDPuJV/xpYLo=", + "lastModified": 1726874949, + "narHash": "sha256-PNnIpwGqpTvMU3N2r0wMQwK1E+t4Bb5fbJwblQvr+80=", "owner": "hyprwm", "repo": "hyprutils", - "rev": "8976e3f6a5357da953a09511d0c7f6a890fb6ec2", + "rev": "d97af4f6bd068c03a518b597675e598f57ea2291", "type": "github" }, "original": { @@ -368,11 +368,11 @@ ] }, "locked": { - "lastModified": 1721324119, - "narHash": "sha256-SOOqIT27/X792+vsLSeFdrNTF+OSRp5qXv6Te+fb2Qg=", + "lastModified": 1726840673, + "narHash": "sha256-HIPEXyRRVZoqD6U+lFS1B0tsIU7p83FaB9m7KT/x6mQ=", "owner": "hyprwm", "repo": "hyprwayland-scanner", - "rev": "a048a6cb015340bd82f97c1f40a4b595ca85cc30", + "rev": "b68dab23fc922eae99306988133ee80a40b39ca5", "type": "github" }, "original": { @@ -391,11 +391,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1725862290, - "narHash": "sha256-7mj1CbLcPxym+QkQvrZrtgeXubVFNbZSGBQhx4ULEfM=", + "lastModified": 1727073507, + "narHash": "sha256-WtRxgqmIT6srZzSJZ0B/Z/Lig1U+s6+AaGR6wtqWJa0=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "b43af0a09c285fddfc5352fee7e41b41daef05dd", + "rev": "3e954442e1ab9a1d14a006d4a1d58720c3c8c45e", "type": "github" }, "original": { @@ -407,11 +407,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1725824912, - "narHash": "sha256-JCniLZOBjDY/H/lmihZ5EhPJF/1aOnEKJ1+XuwdjN/I=", + "lastModified": 1727027883, + "narHash": "sha256-v8K9dNHR+xm12Jd675HlQKIVLpPz1x1leg327VciuNo=", "owner": "neovim", "repo": "neovim", - "rev": "8a2aec99748229ad9d1e12c1cbc0768d063e8eed", + "rev": "e83ce331da9165ad611b31aef9965fa74abaea14", "type": "github" }, "original": { @@ -442,11 +442,11 @@ ] }, "locked": { - "lastModified": 1725765290, - "narHash": "sha256-hwX53i24KyWzp2nWpQsn8lfGQNCP0JoW/bvQmcR1DPY=", + "lastModified": 1726975622, + "narHash": "sha256-bPDZosnom0+02ywmMZAvmj7zvsQ6mVv/5kmvSgbTkaY=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "642275444c5a9defce57219c944b3179bf2adaa9", + "rev": "c7515c2fdaf2e1f3f49856cef6cec95bb2138417", "type": "github" }, "original": { @@ -457,11 +457,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725103162, - "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", + "lastModified": 1726755586, + "narHash": "sha256-PmUr/2GQGvFTIJ6/Tvsins7Q43KTMvMFhvG6oaYK+Wk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", + "rev": "c04d5652cfa9742b1d519688f65d1bbccea9eb7e", "type": "github" }, "original": { @@ -489,11 +489,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1725634671, - "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", + "lastModified": 1726937504, + "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", + "rev": "9357f4f23713673f310988025d9dc261c20e70c6", "type": "github" }, "original": { @@ -504,11 +504,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1725816686, - "narHash": "sha256-0Kq2MkQ/sQX1rhWJ/ySBBQlBJBUK8mPMDcuDhhdBkSU=", + "lastModified": 1726871744, + "narHash": "sha256-V5LpfdHyQkUF7RfOaDPrZDP+oqz88lTJrMT1+stXNwo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "add0443ee587a0c44f22793b8c8649a0dbc3bb00", + "rev": "a1d92660c6b3b7c26fb883500a80ea9d33321be2", "type": "github" }, "original": { @@ -520,11 +520,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1725826545, - "narHash": "sha256-L64N1rpLlXdc94H+F6scnrbuEu+utC03cDDVvvJGOME=", + "lastModified": 1726969270, + "narHash": "sha256-8fnFlXBgM/uSvBlLWjZ0Z0sOdRBesyNdH0+esxqizGc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9", + "rev": "23cbb250f3bf4f516a2d0bf03c51a30900848075", "type": "github" }, "original": { @@ -535,11 +535,11 @@ }, "nur": { "locked": { - "lastModified": 1725937606, - "narHash": "sha256-wGTk7wEfDSdWFtfKHA6xIPw2Yeg38UIZl13AjPfDDXw=", + "lastModified": 1727106107, + "narHash": "sha256-R/+A6iDq622aD09AV64JVvDNGM3spgch7QKzw9VpMMM=", "owner": "nix-community", "repo": "NUR", - "rev": "5c4cc0b0b53d20fa71c421f732b902b767dddf63", + "rev": "0c433cd20e23788926ab884aa0b610121b97b640", "type": "github" }, "original": { @@ -570,11 +570,11 @@ ] }, "locked": { - "lastModified": 1725935143, - "narHash": "sha256-mVtTVQMlXkydSXVwFClE0ckxHrOQ9nb2DrCjNwW5pUE=", + "lastModified": 1727058553, + "narHash": "sha256-tY/UU3Qk5gP/J0uUM4DZ6wo4arNLGAVqLKBotILykfQ=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "c3c175c74cd0e8c2c40a0e22bc6e3005c4d28d64", + "rev": "edc5b0f896170f07bd39ad59d6186fcc7859bbb2", "type": "github" }, "original": { @@ -591,11 +591,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1725922448, - "narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=", + "lastModified": 1726524647, + "narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "cede1a08039178ac12957733e97ab1006c6b6892", + "rev": "e2d404a7ea599a013189aa42947f66cede0645c8", "type": "github" }, "original": { @@ -626,6 +626,14 @@ "hyprland", "hyprlang" ], + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprwayland-scanner" + ], "nixpkgs": [ "hyprland", "nixpkgs" @@ -636,11 +644,11 @@ ] }, "locked": { - "lastModified": 1725203932, - "narHash": "sha256-VLULC/OnI+6R9KEP2OIGk+uLJJsfRlaLouZ5gyFd2+Y=", + "lastModified": 1726933538, + "narHash": "sha256-xTqnMoJsEojuvqJLuM+U7EZ7q71efaj3pbvjutq4TXc=", "owner": "hyprwm", "repo": "xdg-desktop-portal-hyprland", - "rev": "2425e8f541525fa7409d9f26a8ffaf92a3767251", + "rev": "4880c50146d0c2a3152d2b02f79253810c330c11", "type": "github" }, "original": { diff --git a/options/services.nix b/options/services.nix index b132526..68e8f8b 100644 --- a/options/services.nix +++ b/options/services.nix @@ -29,6 +29,8 @@ in default = config.profile.services.ntfy-sh.enable; }; + couchdb.enable = mkEnableOption "couchdb"; + telemetry = { enable = mkEnableOption "telemetry"; grafana.enable = mkOption { diff --git a/profiles/homeserver.nix b/profiles/homeserver.nix index d90362c..7c7f754 100644 --- a/profiles/homeserver.nix +++ b/profiles/homeserver.nix @@ -68,6 +68,7 @@ navidrome.enable = true; telemetry.enable = true; ntfy-sh.enable = true; + couchdb.enable = true; }; }; } diff --git a/secrets/couchdb.yaml b/secrets/couchdb.yaml new file mode 100644 index 0000000..8dbeed4 --- /dev/null +++ b/secrets/couchdb.yaml @@ -0,0 +1,24 @@ +couchdb: + admin: + username: ENC[AES256_GCM,data:ulzC6M33str+FQ==,iv:CsFqwlSE7uSgIFpZqpDJ0KOz4XH51mm0b5OsTFYkwto=,tag:hiW4/1gKIWalGbKZ7taAQQ==,type:str] + password: ENC[AES256_GCM,data:UEm6GRVHEphDkO9OvX6Dv49zMDzbPLRAAIY=,iv:InHLbP4Mm6Yj52tyaHMxq7f73ozH2n/hcnADXhEmVJU=,tag:YezSASY7oVE+up43dDhJog==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1aHBLTzlMY2xPcDk5WlBJ + ZTNhMEJEU09JdFdOa0VseDNGM3Y4RFhjeVdrCjg1QVNRZ1p0THhHV2RoYzdqQXJV + aUVmNjBTaDZsQzBjbWVQdHhQRzFjbG8KLS0tIE9OTVJoZGt5d1VhWGNKREI4ZDJz + REFHaTFWcnhmL1Bjb3dlRHVYQTFuVmcKqPWPHSp6rNqSAjBKUUyxdcxjb8HtsxO4 + fW0k4uzzQ69uE1ukWJQwo2UQSv5jfECjGlxToJpPJAQiihEWNMnFDA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-09-24T02:21:03Z" + mac: ENC[AES256_GCM,data:TwdgJi3R0MFPFfWCUfIHBHa3sikQ9wzJumEQdXRy0x/ASenwAIZqAWPTy2nrVIQSOZK+W0AoVQHEZKA92u/fkfmv4aDHfLOQa+2zBF1hBLb9+TzWt2xZdAzmqbpFazirNZeMbHwJmw9FLEN5YmHsCKJkf8Zj9A7yXmnkRS9zgWQ=,iv:ap88WwUCAcFgeqZ6/5lE8MB22rbpSRSBiXF7cbSfNoc=,tag:yMLg72fDVY5KbSe2JxwemQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/system/services/couchdb.nix b/system/services/couchdb.nix new file mode 100644 index 0000000..0157005 --- /dev/null +++ b/system/services/couchdb.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.profile.services.couchdb; + inherit (lib) mkIf; +in +{ + config = mkIf cfg.enable { + sops = { + secrets = let opts = { sopsFile = ../../secrets/couchdb.yaml; }; in { + "couchdb/admin/username" = opts; + "couchdb/admin/password" = opts; + }; + templates."couchdb.ini" = { + content = builtins.readFile ((pkgs.formats.ini { }).generate "couchdb.ini" { + admins = { + ${config.sops.placeholder."couchdb/admin/username"} = config.sops.placeholder."couchdb/admin/password"; + }; + chttpd = { + require_valid_user = true; + max_http_request_size = 4294967296; + }; + chttpd_auth = { + require_valid_user = true; + }; + httpd = { + WWW-Authenticate = ''Basic realm="couchdb"''; + enable_cors = true; + }; + couchdb = { + max_document_size = 50 * 1000 * 1000; + }; + cors = { + credentials = true; + origin = "*"; + }; + }); + owner = config.services.couchdb.user; + }; + }; + + services.caddy.virtualHosts."couchdb.tigor.web.id".extraConfig = '' + reverse_proxy localhost:5984 + ''; + + services.couchdb = { + enable = true; + configFile = config.sops.templates."couchdb.ini".path; + }; + }; +} diff --git a/system/services/default.nix b/system/services/default.nix index fce6124..9260c45 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -5,6 +5,7 @@ ./caddy.nix ./cockpit.nix + ./couchdb.nix ./forgejo.nix ./jellyfin.nix ./kavita.nix